6th November, 2003
New items - 56
- ? - acc (acc.exe)
- X - AddClass (Addclass.exe)
- U - AdDelete (AdDelete.exe)
- X - cpr (cpr)
- N - Creative MediaSource Go (CTCMSGo.exe)
- X - Disk Master (<filename>)
- X - drvupd (rundll32 ..drvupd.inf)
- X - EScorcher (escorcher.exe)
- U - IAAnotif (iaanotif.exe)
- X - Iamnacho On Irc.MusIrc.com Is a Homosexual! (XBox64.exe)
- X - Iehelper (syslaunch.exe)
- X - ld (ld.exe)
- N - lhttseng (rundll32.exe ..lhttseng.inf,RemoveCabinet)
- U - LPS (Lps.exe)
- U - MAIN (main.exe)
- U - Mediafour Mac Volume Notifications (Macvntfy.exe)
- U - Mediafour XPlay Tray Notification Icon (Xptryicn.exe)
- X - Memory Check (memore.exe)
- N - mmtask (2) (mmtask.exe)
- X - Mscnt (mscnt.exe)
- X - MSNService (MSNService.exe)
- X - msreg.exe (msrege.exe)
- X - msrunocx32 (msrunocx32.exe)
- X - msuser32.exe (msuser32.exe)
- N - Necbar (Necbar.exe)
- U - NGServer (ngserver.exe)
- X - ntdll (ntdll.exe)
- ? - NWEReboot (dummy.exe)
- U - OWCWebCamDV (wcdvtray.exe)
- U - Pervasive.SQL Workgroup Engine (W3dbsmgr.exe)
- X - Pofatch (nstrue.exe)
- U - Privoxy (privoxy.exe)
- X - RavTimeXP (<worm filename>)
- X - RavTimXP (<worm filename>)
- X - sagnt (sagnt.exe)
- ? - screxe (scruser2k.exe)
- X - SearchSquire33 (SearchUpdate33.exe)
- X - Service.exe (Service.exe)
- X - Service Process (SVCHOST.EXE)
- U - siService.exe (siService.exe)
- ? - SprintPort (SprintPortA.exe)
- X - SYS_CLEAN (Service.exe)
- X - SysInit (wininit32.exe)
- U - SysMetrix (SysMetrix.exe)
- X - syspath (drv.exe)
- X - System Configuration (iexplore.exe)
- X - Ulubione (sys****.exe)
- ? - UMonit (umonit.exe)
- N - uoltray (exec.exe)
- X - VividGalut (VividGalut.exe)
- X - Win64 Compatibility Check (load win64.drv)
- X - Windows-System (System32.exe)
- X - WinKernel (2) (<path to
worm>
- X - WinShowUpdate (copy C:\WINDOWS\winshow.new C:\WINDOWS\winshow.dll)
- N - WXProcMgr Module (WXprocMgr.exe)
- U - YPC (ypc.exe)
Changed items
- 16
- b9 - status (U) corrected
- Cn323 - MIMAIL.G added as an alternative VIRUS name
- Cnfrm32 - MIMAIL.G added as an alternative VIRUS name
- cpntmgc (2) - "navpmc.exe" added as an alternative command
- DivX Updater - NALDEM added as an alternate virus name
- DXDllRegExe - status (N) and description changed
- LoadQM - description updated
- MMtask Service - description updated
- mwsoemon - status (X) and description changed
- NECMFK - status (Y) and description changed
- SERVER.EXE - removed service.exe (2) and combined
- sharedprem - status (X) and description changed
- soundman - description updated
- SpyCop ScanCheck - description updated
- supporter5 - description updated
- Zone Labs Client - "zlclient.exe" added as an alternative command
*kwxpxyb, kwxpxyb, *miqpazc and miqpazc deleted - random COREFLOO-C
VIRUS entries6th November, 2003
New items - 45
- X - ccApp (2) (<filename>)
- X - Cn323 (cnfrm33.exe)
- X - Cnfrm32 (cnfrm.exe)
- X - Config Loader2 (explores.exe)
- X - Configuration Loader (7) (windex.exe)
- X - Configuration Loader (8) (explorex.exe)
- ? - DDialler (DDialler.exe)
- ? - DeviceDiscovery (hpotdd01.exe)
- X - Dluxjp (Dluxjp.exe)
- X - DOGStart (GSDOGST.EXE)
- ? - dpi (dpi.exe)
- U - FamilyKeyLogger (cisvc.exe)
- N - GEARsec (gearsec.exe)
- X - Generic host proccess for windows (SVCHOSTS.EXE)
- U - IE Doctor (IEDoctor.exe)
- X - INTERNET SERVISES (WINZ32.exe)
- N - KaZooM (KaZooM.Exe)
- X - MHDOGStart (mhdogst.EXE)
- N - Microsoft Utility Startup (OSA9.Exe)
- X - Microsoft Windows Updater (winupdgm.exe)
- X - MS Explorer (mexplore.exe)
- ? - msmgr (msmgr.exe)
- X - NavScan (<filename>)
- X - NetWatch32 (netwatch.exe)
- X - Office Startup (2) (Exploer.exe)
- N - PNAgent (PNAgent.exe)
- X - putil (<filename>)
- ? - Reminder (2) (Remind_XP.exe)
- X - rngmf (<path to trojan>)
- ? - Roxio Engine (MSMNGR32.EXE)
- Y - SAVAgent (SAVAgent.exe)
- ? - SM1BG (SM1BG.EXE)
- X - SysService32l (systask32l.exe)
- X - SystemLoad32 (sysload32.exe)
- X - SystemSearch (regedit.exe -s c:\ie.reg)
- X - System time updator (CSysTime.exe)
- ? - TlcR (avp.exe)
- X - UpdateComponent (CNF UPD.EXE)
- ? - updater (2) (updater.exe)
- X - Winamp (winamp.hta)
- X - Windows Loader (wstart32.exe)
- ? - WinFavorites (WinFavorites.exe1)
- U - WService (WService.exe)
- ? - xuio.exe (xuio.exe)
- Y - Zapro (Zapro.exe)
Changed items
- 16
- DIGStream - description updated
- DkService - description
- explore (1) - "HAWAWI" added and an alternative VIRUS name
- ISLP2STA - status (N) changed and description updated
- ISStart - description updated
- LogitechGalleryRepair - description updated
- Microsoft Office (1) or Microsoft Office Startup - description updated
- netfxupdate - "NetFxUpdate_v1.0.3705" added as an alternative name and description updated
- OEMCLEANUP and OEMRESET - combined
- Office Startup - description updated
- Remind_XP - changed from "Remind XP", command added and description updated
- Svc - description updated
- svchost (3) - "TARNO" added as an alternate VIRUS name
- Syscpy - description updated
- Warning: do not remove it! - status (U) and description changed
- Windows Explorer Update Build 1142 - "KWBOT.Y" added as an alternative VRIUS name
IDEDMA - identified as a random entry and removed
1st November, 2003
New items - 100
- ? - *kwxpxyb (rundll32 kwxpxyb.dll,Init 1)
- X - absr (2) (mwsvm.exe)
- X - AKEYNAME (WinServ.exe)
- ? - BCNT (bcnt.exe)
- ? - BELORVBI (BELORVBI.exe)
- ? - Bingo Charm (charms.exe)
- X - bxsx5 (RunDLL32.EXE bsx5.dll)
- X - cesmain.dll (cmail.dll,Rundll32)
- U - CLCLSet (CLCL.exe)
- X - Configuration Loader (6) (wincrt32.exe)
- X - cpntmgc (2) (simcss.exe)
- ? - DGJM (DGJM.exe)
- ? - DHNUXB (DHNUXB.exe)
- U - Disk_Monitor (Disk_Monitor.exe)
- X - Dxupdate.exe (Dxupdate.exe)
- U - E-color (IconMgr.Exe)
- ? - ENCSurf (surfboard.exe)
- ? - file indexing service (msfindfile.exe)
- ? - FLMTRUSTMOUSE (mouse32a.exe)
- ? - FLMTRUSTKB (KbdAp32A.exe)
- ? - gluon (gluon.exe)
- X - helper.dll (helper.dll,Rundll32)
- X - Internal (2) (regedit.exe /s %windir%\c<month number>)
- X - Internet Explorer Updater (lexbac.exe)
- U - ISStart (ISStart.exe)
- Y - iTunes Helper (iTunesHelper.exe)
- X - KAVutil (<worm filename>)
- Y - KeyAccess (keyacc32.exe)
- ? - kwxpxyb (rundll32 kwxpxyb.dll,Init 1)
- X - LAsIAf32 (RePEAtLD.exe)
- X - lnternet Explorer (AMSNDMGR.EXE)
- X - load= (12) (msater.exe)
- X - load= (13) (shambl3r.exe)
- X - loader (2) (WMPLAYER.EXE)
- X - LoadPowerProfile (4) (rundl.exe)
- N - LogiTray (LogiTray.exe)
- U - Master Volume Spy (MASTERVOLUMESPY.EXE)
- X - Messenger (messenger.exe)
- X - Microsoft Office (3) (MSMSGR.exe)
- X - Microsoft Office Start (winupdates.exe)
- U - MotMon (motmon.exe)
- ? - MPT (MPT.exe)
- X - mscman (mscman.exe)
- X - MS Config Loader (2) (MSWin32bck.exe)
- X - MSMcAfeeh (Avsynmgr32h.exe)
- ? - Mstcgww (MSTCGWW.EXE)
- X - msvc32 (msvc32.exe)
- ? - mwsoemon (mwsoemon.exe)
- X - Mwsvm (mwsvm.exe)
- ? - MySoftware NewsFlash (Newsflsh.exe)
- ? - Necutray (Necutray.exe)
- N - NetPumper (NetPumperIEProxy.exe)
- N - NkvMon.exe (NkvMon.exe)
- X - pmc (764.exe)
- N - Points Manager (points manager.exe)
- U - Pop-Up Smasher (PopupSmasher.exe)
- U - Popup Terminator (GLADManager.exe)
- ? - POWERR~1 (POWERR~1.exe)
- ? - PRISMSTA.EXE (PRISMSTA.EXE)
- X - Quicktime Pro 3.0 (winuodps.exe)
- ? - Realtime Audio Engine (mmrtkrnl.exe)
- X - redirect (redirect*.exe)
- X - restory (restory.exe)
- U - RH (rh32.exe)
- U - rmctrl (rmctrl.exe)
- X - run= (22) (unicall.exe)
- X - run= (23) (cnf.bat)
- X - run= (24) (svcinit.exe)
- ? - Rundll32 (7) (Rundll32.exe ptipbm.dll,SetWriteBack)
- X - SafeSearch (safesearch.exe)
- U - SeMS (SeMS.exe)
- N - SetHook (Sethook.exe)
- N - SetIcon (SetIcon.exe)
- X - shambl3r (cnf.bat)
- X - shambl3r* (shambl3r.exe)
- X - slmss (slmss.exe)
- N - Smax4 (Smax4.exe)
- U - SMax4PNP (SMax4PNP.exe)
- X - SVC Service (2) (svcinit.exe)
- X - SVC Service (3) (svcpack.exe)
- X - sysfiler (sysfiler.exe)
- X - system service (2) (spoolcrv.cpl)
- ? - TB_setup (TB_ANI~1.EXE)
- ? - TMEEJME (TMEEJME.EXE)
- ? - TMERzCtl (TMERzCtl.EXE)
- ? - TMESBS32 (TMESBS32.EXE)
- ? - TMESRV31 (TMESRV31.EXE)
- ? - tsyssmon (tsyssmon.exe)
- U - UBSShell (UBSShell.exe)
- X - updater (wupdater.exe)
- ? - URLLSTCK.exe (UrlLstCk.exe)
- Y - UrtSvcExe (Urt95Svc.exe)
- X - Wardo (syslaunch.exe)
- X - Windows Başlangıç Dosyası (sistem.exe)
- X - Windows Manager (winmants.exe)
- ? - Windows Print Spooler (SCVHOSTS.EXE)
- X - Windows Services (service.exe)
- X - Windows Shell Library Loader (load shell.dll /c /set)
- X - winlocatorupdate (updatewinlocator.exe)
- ? - ZGNUBI (ZGNUBI.exe)
Changed items
- 27
- 3D Text - status (X) and description changed
- bttray - status (U) and description changed
- Cmaudio - status (N) changed and description updated
- CnsMax - description updated
- CnsMin - description updated
- Connection Manager - changed from "ConnectionManager"
- dhcpagnt - status (Y) and description changed
- Diskstart - status (X) and description changed
- ImgIcon - status changed (U) and description updated
- Iomega Disk Icons or Iomega Drive Icons - status changed (U) and description updated
- LogitechGalleryRepair - status (U) changed and description updated
- LogitechImageStudioTray - description updated
- NTFSCLUP - status (Y) and description changed
- NT Logging Service - "DONK.B" added as an alternative VIRUS name
- officejet 6100 - description updated
- pop3trap.exe - changed from "pop3trap"
- Quickbooks Update Agent - status (N) changed and description updated
- RecShe - status (N) and description changed
- RemoteControl - status (U) and description changed
- setup - status (N) changed and description updated
- stlbdist - status (X) and description changed
- TosHKCW - changed from ToshHKCW
- TSPower - "spower.drv" added as the command
- WinMySQLadmin Tool - "winmysqladmin" added as alternative name
- WinSys32 - "RECKUS" added as an alternative VIRUS name
- Yahoo! Pager or ypager - description updated
- ZipDisk Icons - status changed (U) and description updated
"rtos" and "soot" - removed as they were proven to be random entries
Back to Updates - 2003