Name Filename Status Description
explorer `.vbe X Added by the Troj/Psyme-FE Trojan.
Flash Media ^^^^^^.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Flash Media ^^^^^.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
Yeah ^$4!N$^.exe X Added by the W32/VB-DZA worm.
winapi _.exe X Added by the Troj/Lulador-A backdoor Trojan.
jamil _.exe X Added by the Troj/Lulador-A backdoor Trojan.
_accwiz.exe _accwiz.exe X Added by the Troj/Certif-N password-stealing Trojan.
[Various Names] _ctcp.exe X Part of the Wareout infection as described here.
Graphics _default.pif X Added by the W32.Autosky worm. W32.Autosky is a worm that attempts to spread to all shared and removable drives that are accessible from the compromised computer.
Bron-Spizaetus-5118REPM _default32142.pif X Added by the W32/Brontok-R mass-mailing worm.
A5118r _default32142.pif X Added by the W32/Brontok-AK mass-mailing worm.
ezurl _epnt.sys X Added by the Spyware.Ezurl spyware.
sniffer _ex-08.exe X Added by the Troj/Oficla-X Trojan.
SmartIndex _ex-08.exe X Added by the WORM_KELIHOS.SM worm.
IntelAgent _ex-08.exe X Added by the Troj/FakeAV-FIP Trojan.
_explore manager _explore.exe X Added by the Troj/Spexta-B Trojan.
lololol _hideme_imhiddenlololol.exe X Added by the Troj/Hideme-A Trojan. This infection is hidden by the rootkit file C:\_hideme_MYFILE.SYS.
_mzu_stonedrv2 _mzu_stonedrv2.exe X Added by the Trojan.Jupillites.B backdoor Trojan. Trojan.Jupillites.B is a Trojan horse the downloads remote files and opens a back door on the compromised computer.
_mzu_stonedrv3 _mzu_stonedrv3.exe X Added by the Troj/DwnLdr-FTB downloader Trojan.
_ntrdlhost _ntrdlhost.exe X A downloader TROJAN, Troj/Dloader-JV, adds this file.
_ntrrescueservice _ntrrs.exe X Added by the TROJ/DLOADER-JV TROJAN!
<Various Startup Names> _qbotinj.exe X Added by the Troj/Dloadr-BLP Trojan. The components of this infection are C:\documents and settings\all users\_qbothome\_qbotinj.exe and C:\documents and settings\all users\_qbothome\_qbotinj.dll.

This Trojan, when installed will pick a random startup already configured on your computer and change how it launches. Instead of the startup launching directly like it used to, this infection instead inserts itself in front of it. Then when your computer starts, the infection files will automaticall start, and then launch the original startup. Therefore when fixing these entries, if you delete the startup entry, the original program will no longer run either.
(randomly chosen existing folder name) _setup.exe X Added by the W32/Antinny-L
_System_Run _svchost_.exe X Added by the Troj/Lineage-Z password-stealing trojan for the online game Lineage.
Microsoft Internet Explorer _svchost.exe X Identified as a variant of the Trojan-Downloader.Win32.Tiny.nj malware.
Microsoft Int Service _svchost.exe X Identified as a variant of the Win32/TrojanDownloader.Tiny.NJ malware.
_tdiserv_ _tdicli_.exe X Added by the W32.TDISERV.A WORM!
stup1db0t _win.exe X A variant of the IRCBot family of worms and IRC backdoor Trojans.
windll32 _WIN32.EXE X Added by the LEGMIR.AQ TROJAN!
[random name] ??anregw.exe X PurityScan/Clickspring adware

Login

Remember Me
Sign in anonymously