O4 HijackThis Entries

Bleeping Computer

Welcome Guide Blogs Chat Help Search RSS

Welcome Guest (Log In | Create Account)

New Member? Join for free.

Have a problem and would like to ask us for help? To learn how to ask your question Click Here!

Do you have popups or other malware infecting your computer? If so, Start Here!

Are you having trouble using this site? Then you should visit the New User Orientation Center!

BleepingComputer.com -> Startup Programs Database -> O4 HijackThis Entries

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

HJT: F0, F1, F2, F3 · O4 · O20 · O21 · O22 · O23

Rootkit List · Submit a Startup · Top Submitters

Startup Index · Newest Entries · Mozilla Search Tools · WebMaster Site Tools · Status Key
Startup Database Forum · Computer Help Forums · How to use the Startup Database

Enter the filename or keyword you would like to search for:

Advanced Search

Pages: (128) « First ... 2 3 [4] 5 6 ... Last »

Name	Filename	Status	Description
SYSrow32	SYSrowdl32.exe	X	A variant of the Backdoor:W32/PoisonIvy backdoor Trojan. Backdoor:W32/PoisonIvy is a family of backdoors that give a remote user extensive access to an infected computer.
SIMO.exe	C:\WINDOWS:slm.exe	X	A variant of the Backdoor:W32/PoisonIvy backdoor Trojan. Backdoor:W32/PoisonIvy is a family of backdoors that give a remote user extensive access to an infected computer. Please note that this infection is an Alternate Data Stream file attached to the legitimate C:\Windows folder. Do not delete the C:\Windows\ folder as Windows will not operate correctly without it. To delete the Alternate Data Stream you should read this tutorial.
Messenger	msnmgsr.exe	X	A variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans.
Botnet	blablabla.exe	X	Identified as a variant of the Backdoor.IRC.Flood malware.
Windows System 32	System32.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
MsnMessengerSvc	msnmsgr.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Firewall DRV	spfhost.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
AdobeReaderPro	msnservex.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
firewal	firewal.exe	X	Added by the Troj/Bancban-QY Trojan.
AdvancedPrivacySuite	APS.exe	X	Added by the AdvancedPrivacySuite rogue privacy software.
AdvancedPrivacyGuard	apg.exe	X	Added by the AdvancedPrivacyGuard rogue anti-spyware program.
SpyDevastator	SpyDevastator.exe	X	Added by the SpyDevastator rogue anti-spyware program.
NVIDIA nTune	nTuneCmd.exe	U	nTune allows a user to tweak the settings of Nvidia based motherboards from within Windows and save these settings as individual profiles that can load on startup. The default settings file that loads with this command is osbootpf.nsu. This command does not need to run on Windows startup unless you use nTune to customize motherboard settings.
Smart Antivirus-2009.exe	Smart Antivirus-2009.exe	X	Added by the Smart Antivirus 2009 rogue anti-spyware program.
AntiMalwareSuite	AMS.exe	X	Added by the AntiMalwareSuite rogue anti-spyware program.
QuickInstallPack	QuickInstallPack.exe	X	QuickInstallPack is used to install the Cleaner2009 rogue anti-spyware program.
Cleaner2009 Freeware	UCLN.exe	X	Added by the Cleaner2009 rogue anti-spyware program.
cheatmonitor	start.exe	U	Added by the Spyware.CheatMonitor surveillance software. This software should be uninstalled if found on your computer without your permission.
Windows NT Net Service Monitor	ntsvc.exe	X	Added by the W32/SdBot-DKY worm and IRC backdoor.
vr64	prnjobt.vbe	X	Added by the VBS/AutoRun-IT removable media worm.
lol.exe	sys21.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
sconfig	mshosts.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
Windows Taskmanager	taskmngr.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows Service Agent	dsass.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Services Control	iexplore.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
RIOTBOT	riotz.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows xmutler	cftmon32.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services Managt	wpservice.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Security Monitor Process	lsas.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Helper	service.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Cpl32ver	Cpl32ver.exe	X	Identified as a variant of the Trojan.Drop.Kobcka.EO malware.
VnrBlock20	VnrBlock20.exe	X	Identified as a variant of the WORM_AUTORUN.AGM malware.
RealtekAC	RealtekAC.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
Realtek_Audio	Realtek.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
Sound Manager	winrun32.exe	X	A variant of the Backdoor.Bifrose backdoor Trojan. Backdoor.Bifrose is a Trojan horse that uses a backdoor server to send information to a remote server. It then uploads one or more files and runs them on the compromised system.
svchostt	TH.exe	X	Identified as a variant of the Backdoor.Win32.Poison.cpb malware.
smile	wcs.exe	X	Identified as a variant of the FakeAlert/Zlob malware.
AcerVGA Engine Drivers V1.2	iuengine32.exe	X	Identified as a variant of the Trojan-Spy.Win32.Delf.bxr malware.
manager	manager.exe	X	Identified as a variant of the Backdoor.Win32.Small.cvt backdoor.
Microsoft Updates	service.exe	X	Identified as a variant of the Backdoor.Win32.Poison.hpt backdoor Trojan.
Windows Live Messenger	msnmsgr.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows Genuine Check	Windows Genuine Check.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Nero Burner	svdhost.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Sound Driver for Windows	sdshost.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Microsoft Windows	System.exe.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Microsoft Host Scheduler	svchostt32.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Microsoft	winlogonsys.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Computer Driver	scshost.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Adobe SpeedLaunch	(Random 6 Letter).exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Shellwin Time Service Tools	winskvc32.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
MSN	winmedia.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	msnmngs.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services	weccom.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows mid Control Services	wuactll.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Debug Manager	DebugManager.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
aspch	ASpCh.exe	X	Malware related to rogue anti-spyware infections.
Personal	Personal.exe	U	Added by the Nexus Personal security software.
gbpsvblust	gbpsvblust.exe	X	Added by the Trojan.Purplebot Trojan. Trojan.Purplebot is a Trojan horse that downloads more files on to the compromised computer.
msvideoavicap	msvideoavicap.exe	X	Added by the Trojan.Purplebot Trojan. Trojan.Purplebot is a Trojan horse that downloads more files on to the compromised computer.
userinit	oembios.exe	X	Added by the TSPY_ZBOT.WL spyware Trojan.
Symantec Control Client	symclisvc.exe	X	Added by the Troj/Bdoor-ANN backdoor Trojan.
TotalSecure2009	scan.exe	X	Added by the Total Secure 2009 rogue anti-spyware program.
Antivirus	XPA.exe	X	Added by the XPert Antivirus Enterprise rogue anti-spyware program.
Antivirus	MSA.exe	X	Added by the MS Antivirus rogue anti-spyware program.
Windows Newresck	(Random 8 Letter).exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Service PAck hard	(Random 8 Letter).exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows Update	Nod32Av.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows msvc Control Host	msvs32s.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	installer.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services	windows.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows MSN Live 2.3	svhvchost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Symantec Configuration Settings	symconfig.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Sound System Driver	svlhost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Microsoft Windows Sound Drivers	sounddrivers.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Genius Mose Driver	svghost.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
F-Secure Gatekeeper	taskmon.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
WinDLL (wintmp.exe)	wintmp.exe	X	Identified as a variant of the Backdoor:Win32/Akbot.A malware. Do not delete C:\Windows\System32\rundll32.exe as it is a legitimate application.
WinDLL (algs.exe)	algs.exe	X	Identified as a variant of the Backdoor:Win32/Akbot.A malware. Do not delete C:\Windows\System32\rundll32.exe as it is a legitimate application.
updater for windows	updater service windows.exe	X	Added by the Troj/Bckdr-QPE backdoor Trojan.
SiZhu	SiZhu.exe	X	Added by the TW32/AutoRun-IE removable media worm.
kamsoft	ckvo.exe	X	Added by the Troj/Gamania-BW Trojan.
Antivirus	SPP.exe	X	Added by the Spyware Preventer rogue anti-spyware program.
AntivirusDoc	AntivirusDoc.exe	X	Added by the AntivirusDoc rogue anti-spyware program.
Somefox	<random>.exe	X	Added by the Troj/Dwnldr-HHB Trojan.
AutoPoll Application	autopoll.exe	?	Unsure, but research leads me to believe it may be malware. I advise that you scan this file at VirusTotal to make sure.
Rvsystem	Returnil.exe	U	Related to Returnil Virtual System 2008 Personal Edition. This program will show a pop-up when you logon that shows whether or not your hard drive is protected.
NT Printing Services	chkdsks.exe	X	Added by the Troj/Buzus-M Trojan.
VAIOCameraUtility	VCUServe.exe	U	This program is related to the functionality of the built-in camera on a Sony VAIO. The Sony camera application will not start without this program running, however the camera was still able to be used with other programs.
WinXPService	taksmgr.exe	X	Identified as a variant of the IRC/Flood.tool malware.
WinDLL (tmp.exe)	tmp.exe	X	Identified as a variant of the Net-Worm.Win32.Kolab.l malware.
Help	lshost.exe	X	Identified as a variant of the Trojan-Clicker.Win32.Delf.aro malware.
Nod32 Service	nod6.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Internet	msn.exe	X	A variant of the Rbot family of worms and IRC backdoor Trojans.
Windows Update	winsc.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	taksmrg.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	msnpd.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows UDP Control Center	auth.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Windows Services M7	ctfmon32.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
System Core Memory	syscoremem.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.
Security Monitor	securemon.exe	X	A variant of the IRCBot family of worms and IRC backdoor Trojans.

Pages: (128) « First ... 2 3 [4] 5 6 ... Last »

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.