| Name |
Filename |
Status |
Description |
|
Distributed Link Tracking Extensions
|
dltksvc.exe
|
X
|
Added by the W32.Myfip.K worm. |
|
zzzxIPSPEC_1
|
zzzx[random characters].exe
|
X
|
Added by the Trojan.Netdepix.B Trojan. |
|
NetBios Ext32
|
services.exe
|
X
|
Added by the W32.Mydoom.AN@mm worm. |
|
Microsoft SSL
|
ssl.exe
|
X
|
Added by the W32/Cuebot-D worm. |
|
NetBios Ext
|
services.exe
|
X
|
Added by the W32.Mydoom.AB@mm worm. Note: This should not be confused with the legitimate windows file, services.exe, found in the Windows System32 folder. |
|
intellectual_property
|
PRODUCT.exe
|
X
|
Added by the Troj/Feutel-R Trojan. |
|
Network Client
|
winlogon.exe
|
X
|
Added by the Trojan.Boxed.E Trojan. |
|
Network Client
|
[Unknown]
|
X
|
Added by the Trojan.Boxed.C Trojan. |
|
Network Client
|
netclnt.exe
|
X
|
Added by the Trojan.Boxed.A Trojan. |
|
Windows Desktop Security
|
svcagnt.exe
|
U
|
Added by the Spyware.DesktopScout surveillance software. Uninstall this software if it was not installed by yourself. |
|
[Various Names]
|
Svchost.exe
|
X
|
Added by the W32.Welchia.K worm. |
|
CSRS Windows NT
|
[various names]
|
X
|
Added by the Backdoor.WinShell.50 backdoor. |
|
Ntlm_Drive_Connect
|
TimerU.sys
|
X
|
Added by the Backdoor.Tuimer backdoor. |
|
Distributed Link Tracking Extension
|
temp.exe
|
X
|
Added by the W32.Myfip.T worm. |
|
Messenger
|
514.exe
|
X
|
Added by the Trojan.Esteems.D Trojan. |
|
ACMService
|
ACMService.exe
|
U
|
Added by the Spyware.ACM surveillance software. Uninstall this software if it was not installed by yourself. |
|
Windows 32-bit PnP Driver
|
winpnp32.exe
|
X
|
Added by the W32.Wallz worm. |
|
Event Monitor
|
spoolcll.exe
|
X
|
Added by the W32.Spybot.IVQ worm. |
|
Compaq Networks
|
svchost.exe
|
X
|
Added by the Backdoor.XTS.B backdoor. Note: This is not the legitimate svchost.exe found in the Windows system32 directory. |
|
NetDDEipx
|
[Random file name].exe
|
X
|
Added by the Trojan.Netdepix Trojan. |
|
Win32 service
|
WIN32SVC.EXE
|
X
|
Added by the Backdoor.Selka backdoor. |
|
System Monitor
|
ssys.exe
|
U
|
STARR key logger. "It logs almost everything that goes through the box. It logs all key strokes, all passwords transacted even if they weren't keyed in, all web sites visited, every program launched including the path to that program, and more". This software should be uninstalled if it was not installed by yourself.
|
|
Network Client Monitor
|
[unknown]
|
X
|
Added by the Trojan.Boxed.B Trojan. |
|
TCP/IP NetBIOS Provider
|
lmhsvc.exe
|
X
|
Added by the W32.Dalbug.Worm worm. |
|
shdde
|
shdde.exe
|
X
|
Added by the Backdoor.Masteseq backdoor. |
|
MS Software Generic Host Process for Win32 Services
|
svchost.exe
|
U
|
Added by the Spyware.AdvancedKey surveillance software. This software should be uninstalled if it was not installed by yourself. Note: This is not the legitimate svchost.exe file found in the Windows system32 directory. |
|
Virtual Manager System
|
vmsprog.exe
|
U
|
Added by the Spyware.EmailSpy surveillance software. Uninstall this software if it was not installed by yourself. |
|
vmsdrv
|
vmsdrv.sys
|
U
|
Added by the Spyware.EmailSpy surveillance software. Uninstall this software if it was not installed by yourself. |
|
Vanquish Autoloader v0.1 beta10
|
[various names]
|
X
|
Added by the Hacktool.Vanquish rootkit. |
|
Logical Disk Manager Administrative Service
|
dmadmin.exe
|
Y
|
This Windows service manages hard disk and volume functions in Windows.
|
|
WinFax PRO
|
WFXSVC.EXE
|
U
|
This service handles many of the automated tasks of Winfax Pro such as receiving faxes. Disabling this service will impair the functioning of this program.
|
|
TrueVector Internet Monitor
|
vsmon.exe
|
Y
|
Used by ZoneLab firewalls to implements the access rules you have set in the firewall software.
|
|
ptssvc
|
PTSsvc.exe
|
Y
|
Kodak's picture transfer service is involved in the task of the transferring pictures from camera when it is connected to the PC.
|
|
pml driver hpz12
|
HPZipm12.exe
|
Y
|
Used by HP Printer/Scanner/Copier printers to prevent Windows from entering hibernation mode.
|
|
NVIDIA driver Helper Service
|
nvsvc32.exe
|
Y
|
Part of the display driver for Nvidia cards.
|
|
PC-cillin PersonalFirewall
|
PCCPFW.exe
|
Y
|
Trend Micro's PC-Cilling Personal Firewall.
|
|
Trend NT Realtime Service
|
Tmntsrv.exe
|
Y
|
Part of the real-time scanning engine for Trend Micro's PC-Cilling antivirus software. Note: The pathname to the file will change based upon the version of the software you are using.
|
|
Mouse Button Monitor
|
mousemm.exe
|
X
|
Added by the W32.Esbot.A worm. |
|
WindowsService
|
service.exe
|
X
|
Added by the W32/Tilebot-K worm. |
|
Enables Javascript Support
|
javascript.exe
|
X
|
Added by the W32/Codbot-V worm. |
|
ORANS
|
orans.sys
|
X
|
Added by the W32/Tilebot-J worm. |
|
NETINFO
|
netinfo.exe
|
X
|
Added by the W32/Tilebot-J worm. |
|
Microsoft New Game 2
|
svehost32.exe
|
X
|
Added by the W32/Tilebot-I worm. |
|
Registry Editor
|
regedit.exe
|
X
|
Added by the W32/Codbot-U backdoor Trojan. |
|
WindowsProduct Activation
|
wpa.exe
|
X
|
Added by the W32/Hwbot-B worm. |
|
MSUpdate
|
msupdate24.exe
|
X
|
Added by the W32/Tilebot-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
Lpdriver
|
lpdriver.sys
|
X
|
Added by the W32/Tilebot-H worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
Mouse Synchronization
|
mousesync.exe
|
X
|
Added by the W32/Esbot-A worm. |
|
WIN32 Sound Drivers.
|
sounddv.exe
|
X
|
Added by the W32/Tilebot-Z worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
VPNonDemand
|
VPN.exe
|
X
|
Added by the W32/Tilebot-G worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
DVDrealm
|
DVDrealm.sys
|
X
|
Added by the W32/Tilebot-G worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
System Messenger Service
|
smsc.exe
|
X
|
Added by the W32/Tilebot-F worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
Mouse Button Monitor
|
mousebm.exe
|
X
|
Added by the W32/Sdbot-ACG worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
Remote Procedure Call (RPC) Monitoring
|
Rpcmon.exe
|
X
|
Added by the W32/Codbot-T worm and IRC backdoor. |
|
X10 Device Network Service
|
x10nets.exe
|
Y
|
Belongs to X10 video streaming device(s).
|
|
msvnc
|
vsmom.exe
|
X
|
Added by the W32/Tilebot-E worm. |
|
AntiSpyUltra
|
vsmom.exe
|
X
|
Added by the W32/Tilebot-E worm. |
|
Ywvpysxl
|
Ywvpysxl.sys
|
X
|
Added by the Troj/Psupda-A Trojan. |
|
ET dll Locator
|
frepdll.exe
|
X
|
Added by the W32/Tilebot-D worm. |
|
STOPzilla Service
|
SZServer.exe
|
U
|
|
|
usb2
|
usb2.sys
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
ntmssvc
|
ntms.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
W32Time
|
w32t.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
LmHosts
|
lmhosts.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
NetLogon
|
netlogin.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
dmserver
|
dmsrv.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
kdc
|
kdc.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
TrkSvr
|
trks.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
TrkWks
|
trkw.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
Browser
|
browsvr.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
AppMgmt
|
appmgmt.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
Policy Agent
|
ipsec.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
Messenger
|
mesg.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
ProtectedStorage
|
protstrg.dll
|
X
|
Added by the Backdoor.Fuwudoor backdoor. |
|
Events
|
services.exe
|
X
|
Added by the Backdoor.EggHead backdoor. |
|
Service Sequence
|
services32.exe
|
X
|
Added by the W32/Tilebot-C worm. When started, this infection connects to a remote IRC server where it waits for commands to execute. |
|
Messenger
|
zone-h.ddo.jp.exe
|
X
|
Added by the Trojan.Esteems.C Trojan. |
|
Net Functions Monitoring
|
Netmon.exe
|
X
|
Added by the W32/Codbot-R worm and IRC backdoor. |
|
system32
|
system32.exe
|
X
|
Added by the Troj/Graybird-G Trojan. |
|
Webroot Spy Sweeper Engine
|
WRSSSDK.exe
|
Y
|
Webroot Spysweeper's realtime scanning engine.
|
|
Remote Procedure Call (RPC) Locator
|
rpclocator.exe
|
X
|
Added by the W32/Codbot-Q worm and IRC backdoor. |
|
Microsoft Updata ver2005
|
tw725.exe
|
X
|
Added by the Troj/Feutel-P backdoor Trojan. |
|
Microsoft Locator Service
|
wkssvc.exe
|
X
|
Added by the W32/Sdbot-ABE worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. |
|
Mouse Cursor Monitor
|
mousecrm.exe
|
X
|
Added by the W32/Sdbot-ABQ worm. |
|
Win_Pigeon_Server
|
Win_Server.dll
|
X
|
Added by the Troj/Feutel-N backdoor Trojan. |
|
DirectX Graphics
|
dxdmain.exe
|
X
|
Added by the W32/Codbot-O worm. |
|
lsass
|
lsass.exe
|
X
|
Added by the W32/Rbot-AJA worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. This should not be confused with the legitimate Windows file of the same name found in the %System% folder. |
|
SVKP
|
SVKP.sys
|
Y
|
Svkp.sys is a clean driver used in anticracking software & several legitimate programs. Disabling this software will cause the legitimate programs to no longer work. Unfortunately, this driver can also be installed by malware that is packed by it, so it should be judged on case by case basis. Please ask in the forums if you are unsure. |
|
winfws
|
winfws.exe
|
X
|
Added by the W32/Sdbot-ABA worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. |
|
avsuite
|
msuite.exe
|
X
|
Added by the W32/Sdbot-ABC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. |
|
Microsoft Virtual Private Network
|
MSVPN32.exe
|
X
|
Added by the W32/Rbot-AIO worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. |
|
lsass
|
lsass.exe
|
X
|
Added by the W32/Rbot-AIC worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. |
|
WIN32
|
image.exe
|
X
|
Added by the W32/Sdbot-AAQ worm. This infection, when started, connects to an IRC server where it sits on a channel awaiting commands. |
|
Ykemml
|
Ykemml.sys
|
X
|
Added by the Troj/PcClient-K trojan. |
|
Universal Serial Bus Control Protocol
|
smrs.exe
|
X
|
Added by the Troj/Bdoor-JD backdoor Trojan. |
|
WDNDrive
|
chgsprt.sys
|
X
|
Added by the Troj/Haxspy-A backdoor. |
|
COM Message Transfer
|
Ntmssvcs.dll
|
X
|
Added by the Troj/Dbit-A trojan. |
|
Protected Exchange
|
loadsvc.exe
|
X
|
Added by the Troj/Urbin-C trojan. |
|
Hardware Monitor Service
|
mshms.exe
|
X
|
Added by the Troj/Wollf-A backdoor trojan. |
|
Windows Updata Server
|
server.exe
|
X
|
Added by the Backdoor.Graybird.N backdoor. |
Disclaimer