F0, F1, F2, F3 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> F0, F1, F2, F3 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (3) [1] 2 3

Name	Filename	Status	Description
<not used>	vshost32.exe	X	Added by the W32.Fnumbot worm. W32.Fnumbot is a worm that spreads through removable drives and opens a back door on the compromised computer.
<not used>	kbdsys.exe	X	Added by the W32/AutoRun-AMW removable media worm.
<not used>	TXPlatform.exe	X	Identified by Kaspersky as a variant of the Trojan.Win32.KillAV.avc malware.
<not used>	Rundllw32.exe	X	Added by the W32/Gift-B mass-mailing worm.
<not used>	KHATRA.exe	X	Added by the W32/Autoit-C removable media worm.
<not used>	asd.exe	X	Added by the Advanced Spyware Detct rogue anti-spyware program.
<not used>	svchostw.exe	X	Identified by Kaspersky as a variant of the Heur.Trojan.Generic malware.
<not used>	sdra64.exe	X	Identified by Sophos as a variant of the Mal/Zbot-I malware.
<not used>	updmngr.exe	X	Added by the Troj/Agent-JBX. Trojan.
<not used>	iph.exe	X	Added by the W32/Autorun-ZI removable media worm.
<not used>	twex.exe	X	Added by the TSPY_ZBOT.AEY spyware.
< notused>	atiptax.exe	X	Added by the W32/AutoRun-SQ removable media worm.
<not used>	shmedia.exe	X	Added by the BKDR_AGENT.VBI backdoor.
<not used>	synceng.exe	X	Added by the BKDR_AGENT.VBI backdoor.
<not used>	n.vbe	X	Added by the W32/AutoRun-SH removable media worm.
<not used>	userinit.exe	Y	The userinit.exe is a program that is launched directly after a user logs into Windows. This program restores your profile, fonts, colors, etc for your username. This startup is a required and important system file for Windows.
<not used>	LOVERAHULSAS.VBS	X	Added by the VBS/Autorun-QO removable media worm.
<not used>	vmmon.exe	X	Added by the W32/AutoRun-NZ removable media worm.
<not used>	msupdt.exe	X	Identified as a variant of the TR/Downloader.Gen Trojan.
<not used>	Servicess.exe	X	Identified as a variant of the Worm.IM.Sohanad worm.
<not used>	sertail.exe	X	Added by the Troj/Inject-DD Trojan.
<not used>	twext.exe	X	Identified as a variant of the PWS-Zbot malware.
<not used>	AVG.vbs	X	Added by the VBS/AutoRun-KG removable media worm. Please note that Wscript.exe is a legitimate file and should not be removed.
<not used>	SecureGuard.vbs	X	Added by the VBS/Autorun-JP removable media worm. Do not delete C:\Windows\System32\wscript.exe as it is a legitimate program.
<not used>	Rstd.exe	X	Added by the W32/Autorun-HS removable media worm.
<not used>	hello.vbs	X	Added by the VBS/AutoRun-HD removable media worm.
<not used>	mrcmgr.exe	X	Identified as a variant of the Trojan-Banker.Win32.Banker.rqk malware.
<not used>	ibm00003.exe	X	Identified as a variant of the Trojan Torpig-G malware.
<not used>	soundmgr.exe	X	Identified as a variant of the TR/Proxy.Gen malware.
<not used>	Removal.vbs	X	Added by the VBS/Small-ELQ worm.
<not used>	sys.vbs	X	Added by the W32/Autorun-EL removable media worm. Please note that C:\Wndows\System32\wscript.exe is a legitimate file and should not be deleted.
<not used>	xwusuhzh.exe	X	Identified as a variant of the Troj/FakeAle-BI malware.
<not used>	csmm.exe	X	Added by the Troj/VB-DZN Trojan.
<not used>	gaqy.exe	X	Identified as a variant of the Backdoor:Win32/Tofsee.F malware.
<not used>	systemio.exe	X	Added by the W32/Autorun-DH removable media worm.
<not used>	OfficeExt.exe	X	Added by the W32/Autorun-CY removable media worm.
<not used>	boot.vbs	X	Added by the W32/Isetspy-C worm. C:\Windows\System32\wscript.exe should not be deleted as it is a legitimate file.
<not used>	%%%.exe	X	A variant of the Troj/Nymod-A malware.
<not used>	^^^^^.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used>	wsnpoema.exe	X	Identified as a variant of the Troj/SpyAgent-H malware.
<not used>	sbwltbxa.exe	X	Identified as a variant of the Troj/Agent-GRP variant malware.
<not used>	mtssc.exe	X	Added by the Trojan-Spy.Webmoner.FQ password-stealing and keylogging Trojan.
start	sbmntr.exe	X	Identified as a variant of the Adware/Netproject malware.
some	scit.exe	X	Identified as a variant of the Adware/Netproject malware.
<not used>	brxdoy.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used>	ddabc.exe	X	Added by the PE_TRATS.E-O virus.
<not used>	ok1.exe	X	Added by the Troj/Mdrop-BQM Trojan.
<not used>	msnmgnr.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
<not used>	killVBS.vbs	X	Added by the VBS.Autill worm. Do not delete C:\Windows\System32\wscript.exe as it is a legitimate file.
stem%	regwiz.exe	X	Added by the Trojan-Dropper.Win32.Small.azk Trojan.
<not used>	mgmrwmrv.exe	X	Identified as a variant of the Trojan.FakeAlert malware. This malware will issue fake alerts on your computer stating you have security problems and advertising rogue programs that can supposedly fix them.
<not used>	rascal32.exe	X	Added by the W32/Otakbokep-A worm.
<not used>	rxjddnvj.exe	X	Identified as part of the Adware/UltimateCleaner rogue anti-spyware program.
<not used>	frwl.exe	X	Added by the W32/Autorun.worm.f removable media worm.
<not used>	killer.exe	X	Identified by Kaspersky Antivirus as a variant of the Virus.Win32.AutoRun.abt removable device worm.
<not used>	geedc.exe	X	Identified by Kaspersky antivirus as a variant of the Trojan-Dropper.Win32.Agent.dgo malware.
<not used>	DTMONX.EXE	?	Desktop Printer Driver from Microsoft. Anyone know what it does?
<not used>	mma.bat	X	Added by the W32/Autorun-AP removable media worm.
<not used>	mljjk.exe	?	Identified as either related to the Vundo Trojan or a variant of the TROJAN.AGENT.GEN malware.
<not used>	idaw64.exe	X	Identified as a variant of the Win32/SpamTool.Agent.NAJ malware.
<not used>	actcontroller.exe	X	Identified as a variant of the Win32/SpamTool.Agent.NAJ malware.
<not used>	WgaTrays.exe	X	Added by the W32.SillyDC worm.
<not used>	VirusRemoval.vbs	X	Browser Hijacker. Please note that C:\Windows\System32\wscript.exe is a legitimate program and should not be removed.
<not used>	awvvs.exe	X	Added by the Troj/Agent-GKQ Trojan.
<not used>	wuaucl.exe	X	Added by the W32.Vapka.A worm. W32.Vapka.A is a worm that spreads by copying itself to removable media and steals confidential information.
<not used>	VsTaskMgr.exe	X	Added by the TROJ_MULDROP.OE Trojan.
<not used>	ccEtvMgr.pif	X	Added by the W32.Roty.B@mm worm. W32.Roty.B@mm is a mass-mailing worm that also copies itself to shared folders and mapped network drives.
<not used>	commond.com	X	Added by the W32/Autorun-X removable media worm.
<not used>	winsys16_061230.dll	X	Added by the WORM_AGENT.AFFZ worm. Please note that rundll32.exe is a legitimate program.
<not used>	salo.exe	X	Added by the W32/Mabezat-A virus dropper.
<not used>	proper.exe	X	Fakealert Trojan which shows fake security alerts on your computer.
<not used>	msgsvc.exe	X	Added by the W32.Iretsim worm. W32.Iretsim is a worm that spreads by copying itself to removable drives. It also attempts to end security-related processes on the compromised computer.
<not used>	UpDateWinc.exe	X	Added by the W32.Yahack.A worm. W32.Yahack.A is a worm that spreads through mapped drives. It logs keystrokes, gathers system information, and steals Yahoo! Messenger passwords.
<not used>	crase.exe	X	Added by the W32.Debanpass worm. W32.Debanpass is a worm that copies itself to all drives. It steals confidential information and account details when users connect to a bank Web site.
<not used>	real.exe	X	Added by the W32.Snaban worm. W32.Snaban is a worm that spreads by copying itself to removable drives and network drives on the compromised computer. It also steals confidential information by logging keystrokes.
<not used>	taskmar.exe	X	Added by the TSPY_ONLINEG.GJQ spyware. This spyware steals sensitive information, such as user names and passwords, related to the game, World of Warcraft.
<not used>	themeupd.exe	X	Unidentified malware.
<not used>	themeui.exe	X	Unidentified malware.
<not used>	svchctrl.exe	X	Unidentified malware.
<not used>	svcvhost.exe	X	Unidentified malware.
<not used>	spoolsrvc.exe	X	Unidentified malware.
<not used>	shchostv.exe	X	Unidentified malware.
<not used>	MISuvstm.exe	X	Added by the Troj/Haoba-A Trojan.
<not used>	codeblocks.exe	X	Identified as a variant of the Trojan.Spambot.2424 malware.
<not used>	imgkulot.bat	X	Added by the VBS/Capiz-A worm. You can also delete the C:\Windows\System32\imgkulot.reg and C:\Windows\System32\imgkulot.vbs files that are associated with this infection.
<not used>	ntsvc32.dll	X	Identified as the Trojan-Notifier.Win32.Small.i malware.
<not used>	printer.exe	X	Malware related to and installed with different rogue anti-spyware programs including WinAntiSpyware 2006 or WinAntiSpyware 2007. This Trojan is responsible for the fake security alerts being displayed in your Windows taskbar.
<not used>	ActiveX.exe	X	Added by the W32/Rubble-C worm.
<not used>	taskmger.com	X	Added by the W32/Frawrm-A worm.
<not used>	msdun.exe	X	Identified as Trojan-Downloader.Win32.Small.ewt.
<not used>	WinSit.exe	X	Added by the W32/CoiDung-A worm.
<not used>	Other.exe	X	Added by the W32/CoiDung-A worm.
<not used>	viollice.exe	X	Added by the W32.Lecivio worm. W32.Lecivio is a worm that spreads by copying itself to all mapped drives on the compromised computer. It also downloads potentially malicious files on to the compromised computer.
<not used>	Empty.bat	X	Added by the W32.Pahatia.B worm. W32.Pahatia.B is a worm that spreads through mapped network drives and attempts to restart the computer if certain processes are running.
<not used>	corelnetwork.exe	X	Added by the Troj/Dial-DH Trojan.
<not used>	conime.exe	X	Added by the W32.Slurk.A worm. W32.Slurk.A is a worm that copies itself to all removable and shared drives, and drops other threats on to the compromised computer.
<not used>	MyComp.scr	X	Added by the W32.Odelud worm. W32.Odelud is a worm that spreads via network shares and removable media and may infect executable files.
<not used>	ctftpscr32.exe	X	Added by the Troj/Agent-FPN Trojan.
<not used>	czvhost.exe	X	Identified as Backdoor.IRC.Zapchast.
<not used>	userini.exe	X	Added by the Troj/Proxy-HP proxy Trojan.

Pages: (3) [1] 2 3

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.