O4 HijackThis Entries

bleepingcomputer.com

Welcome Guest (Log In | Create Account)

New Member? Join for free.

BleepingComputer.com -> Startup Programs Database -> O4 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (144) « First ... 131 132 [133] 134 135 ... Last »

Name	Filename	Status	Description
minimo	[random]	X	Added by the Troj/Mosuck-X. A backdoor Trojan, it can log keypresses, capture screen and webcam images, steal files, provide a remote command shell and download updates.
Security Patch	scmss.exe	X	Added by the W32/Rbot-ZW WORM/IRC backdoor Trojan.
Internet	Internet.exe	X	Added by the Troj/Singu-I. It will steal passwords and listen for remote commands.
IefxTray	Iefxtray.exe	X	Added by the Troj/Bdoor-ZAS. The backdoor can be instructed by remote users to find and read arbitrary files.
NTdhcp	NTdhcp.exe	X	Added by the Troj/QQRob-A. It will kill processes and disable services.
Snow	swon4.exe	X	Added by Backdoor.Fxdoor.
QuickTask	WliveUPdate.exe	X	Added by the Backdoor.Futh backdoor. This infection listens on TCP ports 7896 and 7897 awaiting commands.
Shell2938	WliveUPdate.exe	X	Added by the Backdoor.Futh backdoor. This infection listens on TCP ports 7896 and 7897 awaiting commands.
Player00997	WliveUPdate.exe	X	Added by the Backdoor.Futh backdoor. This infection listens on TCP ports 7896 and 7897 awaiting commands.
NortonAVProtect	WliveUPdate.exe	X	Added by the Backdoor.Futh backdoor. This infection listens on TCP ports 7896 and 7897 awaiting commands.
MAT	WliveUPdate.exe	X	Added by the Backdoor.Futh backdoor. This infection listens on TCP ports 7896 and 7897 awaiting commands.
FTH2004	WindowsDAT.exe	X	Added by the Backdoor.Futh backdoor. This infection listens on TCP ports 7896 and 7897 awaiting commands.
Nortan Anti Virus	nava32.exe	X	Added by Backdoor.FTP_Ana.C. This infections listens on TCP port 666.
MS IIS 5.01	MS_IIS.exe	X	Added by Backdoor.FTP_Ana.B.
Explorer Service	Explorer32.exe	X	Added by Backdoor.Fraggle.
LocalSystem	clipsvr32.exe	X	Added by Backdoor.Femo
LocalSystem	clipsvr16.exe	X	Added by Backdoor.Femo
sysyemdl	sysedit.exe	X	Added by Backdoor.Evilbot. This infection connects to an IRC server where it awaits remote commands.
Wincfg.exe	Wincfg.exe	X	Added by Backdoor.Elitem.
Control	msn.exe	X	Added by Backdoor.Ducy.
nbsession	nbsystem.exe	X	Added by Backdoor.DTR. This infection listens on port 10001 awaiting remote commands.
Windows Logon Application	winlogon.exe	X	Added by Backdoor.Dsklite. This infection listens on port 890 awaiting commands.
System-Time	systimeupdate.exe	X	Added by Backdoor.Denwp.
Windows Service	Scanvegw.exe	X	Added by the Backdoor.Delf backdoor. This infection will attempt to protect itself by terminating known antivirus programs.
SVGA Adapter	svgainit.exe	X	Added by Backdoor.Deftcode. This infection connects to an IRC server where it awaits commands.
TaskMonitor	Msinter.exe	X	Added by Backdoor.DarkSky.C
SysArchive	SysArchive.exe	X	Added by Backdoor.DarkSky.B. This infection listens on ports 5418 and 5419 awaiting commands.
System Server Manager	Ntsrvc.exe	X	Added by Backdoor.DarkSky.B. This infection listens on ports 5418 and 5419 awaiting commands.
User32	Read101.exe	X	Added by Backdoor.Cyn. This infection listens on ports 15432 and 51234 awaiting remote commands.
Reg32	Registry32.exe	X	Added by Backdoor.Crazynet.
Wingmnt	wingmnt.exe	X	Added by Backdoor.Cmjspy.B.
Windll	wingmnt.exe	X	Added by Backdoor.Cmjspy.B.
Microsoft auto update	wuauclt.exe	X	Added by BackDoor CLT. This infections connects to an IRC server where it awaits commands. If this infection is on a Windows XP, NT, 2000, 2003, or Vista box then it may have overwritten your legitimate file.
tunelling	sys64.exe	X	Added by Backdoor.Checkesp. This infection listens on TCP port 666.
Hello World	WinPad.exe	X	Added by Backdoor.CHCP. This infection listens on TCP port 1145 awaiting remote connections.
OSLoader	OSLoader.exe	X	Added by Backdoor.CamKing. If you have a web cam on your computer, it will activate it to spy on you.
Krnlcheck	csrss.exe	X	Added by Backdoor.Botnachala. This infection also adds entries to your HOSTS file.
Snow	Sk.exe	X	Added by Backdoor.Blizzard
System-Tray	[random filename]	X	Added by Backdoor.BladeRunner
IO System Debug	[random filename]	X	Added by Backdoor.Bla
winprofile	iexpiore.exe	X	Added by a variant of the MONCHER WORM!
LCDPlayer	LCDPlyer.exe	Y	Related to SuperAdBlocker
NAV Auto Updates	slserves.exe	X	Added by a variant of the W32/SDBOT WORM!
Systweak Memory Optimizer	memtuneup.exe	U	Part of SysTweak Advanced System Optimizer
[random name]	??erinit.exe	X	PurityScan/Clickspring adware
load system	MSDOSDLL.EXE	X	Added by the Backdoor.Badcodor backdoor trojan.
Internet Explorer Plugin	WinStop32.exe	X	Added by the Backdoor.Backage backdoor.
Internet Explorer Plugin	Mskernel16.exe	X	Added by the Backdoor.Backage backdoor.
Hrxmp	Win Const.exe	X	Added by Backdoor.Assasin.E Trojan
Packet001	packet001.exe	X	Added by Backdoor.Asniffer.
WinIgon	netlogon.exe	X	Added by the Backdoor.Armageddon backdoor.
foto	foto.exe	X	Added by the Backdoor.Antilam.g1 backdoor.
SVCHOST	internat.exe	X	Added by the Backdoor.AntiLam.20.K.
winmrg	winmrg.exe	X	Added by the Backdoor.AntiLam.20 backdoor.
MS Scandisk	Help.exe	X	Added by the Backdoor.AntiLam.20 backdoor.
MS Scandisk	Scandisk.exe	X	Added by the Backdoor.AntiLam backdoor.
bbbbb	qI00tbz.exe	X	Added by the Backdoor.AIMVision backdoor. This backdoor listens on port 1111 awaiting a remote connection.
extapp	extapp.exe	X	Added by the Backdoor.Acidoor backdoor trojan. This backdoor listens on TCP ports 4432 and 4433 awaiting connections.
MSWindows	spool16.exe	X	Added by the Avkiller.Trojan.
nsysconf	[random filename]	X	Added by the Adware.ZioCom.C adware.
MSTask	run_dll.exe	X	Added by the Adware.Yuupsearch toolbar.
windump	autosearch.dll	X	Added by the Adware.YellowPages search bar.
EasySearch Start Page	install.exe	X	Added by the Adware.Umaxsearch hijacker.
Conducent	TSADBOT.exe	X	TimeSink Add Client - advertising spyware
couponsandoffers	wjview.exe	X	Added by the Adware.TopMoxie adware. Not to be confused with the legitimate wjview.exe Microsoft file.
ControlPanel	internst32.exe	X	Added by the Adware.StartPage.B hijacker.
svrhost	Svrhost.exe	X	Added by the Adware.Satbo adware.
RGZCDHTN	%System%\RGZCDHTN.exe /install	X	Added by the adware/redirector.
HsuGuiControl	HsuGuiControl.exe	?	Part of the Starband Internet satellite client. Is this necessary?
NettGain2000 Verifier	NettGain2000 Verifier.exe	Y	Part of the Starband satellite client that attempts to optimize your satellite connection to increase speed.
NettGain2000	WgwMngr.exe	Y	Required for Starband satellite service.
TMDevMon	TMDEVMON.EXE	?	Installed as part of the Thrustmaster game controller. Is this necessary to run?
CPQ BackWeb Monitor	BackMon2.exe	?	Installed by certain Compaq computers. Is this necessary"
HPHUPD06	hphupd06.exe	?	Part of the Hewlett Packard printer drivers. Is this necessary to run?
HPHmon06	HPHMON06.EXE	N	Related to the Hewlett Packard software HP Photosmart software that is bundled with many of their printers.
BMan	BMan1.exe	X	Abcsearch.com/DealHelper adware variant
apycxt	apycxt.exe	X	Unidentified malware!
RUNGogoTools	LaunchAdware.exe	X	Unidentified adware.
ohsvof	ohsvof.exe	X	Unknown Malware!
exp.exe	exp.exe	X	Added by a variant of the SMALL.ABD downloader TROJAN
Upromise0	Upromise0.exe	U	Software for the Upromise College Savings Program. If you have this software installed and visit an online store that is part of this program, it will display a notification that the store is part of the program and how to use it to get money contributed to a college fund.
Gaim	gaim.exe	N	"Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks."
mscdex32	mscdex32.exe	X	Unknown malware.
WOOTASKBARICON	TaskbarIcon.exe	N	Adds a task bar icon to perform tasks related to the Wanadoo Internet access provider.
autoclk	autoclk.exe	X	Identified as Troj.AutoClick
X-Cleaner Freeware	XCleaner_free.exe	U	Part of the X-Block XCleaner spyware removal software.
Spyware Nuker	swn2.exe	U	Part of the Spyware Nuker 2004 program.
Server Backbone	server05.exe	X	Added by the W32/Rbot-ZM worm.
EPSON Stylus Photo RX600	E_S4I2M1.EXE	?	Part of the printer drive for the Epson Stylus Photo RX600 printer. Is this necessary?
proxim_orinoco_11abg	orinoco.exe	Y	Part of the driver for the ORiNOCO 11a/b/g PCI Card.
Microsoft PCI Manager	mspci.exe	X	SDbot variant.
Ner0 Check	ner0check.exe	X	Added by a variant of the RBOT WORM!
twunk service	twunk16.exe	X	Added by a variant of the RBOT WORM!
Windows_Protect	winregal.exe	X	Added by a variant of the WIN32.RBOT WORM!
Systems	svch0st.exe	X	Added by the W32.MYDOOM.BI WORM!
WINLOG0N	WINLOG0N.EXE	X	Added by the W32.MYDOOM.BI WORM!
windhost.exe	oswin32.exe	X	Added by an unidentified password-stealing "Banker" TROJAN!
Hostren.exe	Hostren.exe	X	Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN!
ssgrate.exe	winsystems.exe	X	Added by the TROJ/BAGLEDL-J TROJAN
nsvcin	n20050308.exe	X	adware, probably VX2/Look2Me related

Pages: (144) « First ... 131 132 [133] 134 135 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.