17th December, 2004
New items
- 81
- ACCDEFRAGINFO - X - [path to worm]
-
AdobeVersionCue - N - VersionCueTray.exe
-
appis.exe - X - appis.exe
-
"BelNotify - U - [path] NPBelv32.dll, RunDll32_BelNotify"
-
blah service - X - tazkmgr.exe
-
clock - X - [various file names]
-
Config Loadr - X - winsys32.exe
-
dllhostxp.exe - X - dllhostxp.exe
-
Dvx - X - wsxsvc.exe
-
ei10.exe - X - ei10.exe
-
FX - X - ieloader.exe
-
Inet DataBase - X - Inetdbs.exe
-
LiveSexCams - X - LiveSexCams.exe
-
Logitech SetPoint - U - KEM.exe
-
Microsoft Config - X - MSCONF.EXE
-
Microsoft Synchronization Manager - X - al.exe
-
Microsoft System Checkup - X - sysmgr.exe
-
Microsoft Word - X - BootSector.exe
-
Microsofts Security Manager - X - ****.exe [**** = random char]
-
MonTest - X - vccxzq.exe
-
MSN - X - msnmesengers.exe
-
MSN Manager - X - mscmgr.exe
-
mspaint.exe - X - check32.exe
-
MSR - X - msr.exe
-
MSSGisg - X - [path to file]
-
MSSVC - X - svcsys.exe
-
MSSYSTEM - X - svcsys.exe
-
netservices - X - recall.exe
-
NvClipRsv - X - svchost.exe
-
NvClipRsv - X - swchost.exe
-
NvCplD - X - ntcpl.exe
-
NvCplScan - X - nvsc32.exe
-
Print Driver Helper Service - X - crsrr.exe
-
reg1.reg - X - vuamgard.exe
-
run= - X - dec25.exe
-
sdchosts32 - X - vbdd.exe
-
Security iGuard - N - Security iGuard.exe
-
Sepate Security Firewall - X - sepate.exe
-
Services Process - X - services.exe
-
soundtask - X - soundtask.exe
-
Spore - X - MsNews.vbs
-
Spore.b - X - Scmhlpr.vbs
-
Srv32 spool service - X - runsrv32.exe
-
Srv32 spool service - X - spoolsrv32.exe
-
srvexc.exe - X - srvexc.exe
-
SStb.exe - X - SStb.exe
-
svchost - X - [path] SETUP.EXE
-
Symantec Security Routine Addon for Microsoft Windows - X - navpxaw32.exe
-
SYSfit - X - SYSfit.exe
-
SysSearch - X - REGEDIT.EXE -s [path] sysreg.reg
-
target=_blank>AGENT-BC</a> TROJAN!
-
TDS3 - U - TDS-3.exe
-
update service - X - svxhost.exe
-
VBouncer - X - VirtualBouncer.exe
-
Video Process - X - [random filename]
-
vmsnGraber - X - VMSNGRABER.EXE
-
vmss - X - vmss.exe
-
win - X - xwinxrpc.exe
-
Win Patch - X - ntldr.exe
-
WinAC v4 - X - klsuicbn.exe
-
Winamp - X - winamp.exe
-
Windows Anti-Virus Built 32 - X - AntiVirus32.exe
-
Windows Auto Update - X - winupdater.exe
-
Windows ControlAd - X - WinCtlAd.exe
-
Windows Loader Service - X - civsc.exe
-
Windows Media Player Update - X - [random filename]
-
Windows NT Update Manager - X - WINL0G0N.exe
-
Windows Taskbar Manager - X - internat.exe
-
windows update - X - wuaurlt.exe
-
Windows Update Client - X - wuclient.exe
-
Windows Update Client Service - X - windrvl32.exe
-
WinDriver Configuration - X - windrvconf.exe
-
winpipe - X - winpipe.exe
-
winsock - X - svch0st.exe
-
WinUpdateProtection - U - csrss.exe
-
winusb.dll - X - winguard.exe
-
Wxp4 - X - Norton Update.exe
-
XPSP2 Firewall - X - xpsp2fw.exe
-
XTServiceUpdate - X - XTServiceUpdate.exe
-
XtTb.exe - X - XtTb.exe
-
ZoomingHook - ? - ZoomingHook.exe
Changed items
- 10
- AStart (AStart) - name and command changed
-
Cn323 (cnfrm33.exe) - description changed
-
Cnfrm32 (cnfrm.exe) - description changed
-
"Intervideo WinCinema Manager (WinCinemaMgr.exe) - name and command changed from ""Intervideo WinCinema Manager"" and ""WINCIN~1.EXE"" respectively"
-
Microsoft Windows DHCP (___r.exe) - description changed
-
updater32 (winload32.exe) - description changed
-
ViewMgr (ViewMgr.exe) - status (N) and description changed
-
Windows Media Player ([random filename]) - description changed
-
Windows report (swchost.exe) - description changed
-
®Windows Update (svchosts.exe) - status (X) corrected
Remove items - 3
- Astart - X - Astart -> TROJANDOWNLOADER.WIN32.VB.AH
- Microsoft Update Machine - X - [random filename] -> Duplicate entry
- Windows Media Player - X - WMP23.exe -> Replaced with generic [random filename] entry
10th December, 2004
New items
- 119
- [various names] - X - shch.exe
-
®Windows Update - X - svchosts.exe
-
adstartup - X - Adstartup.exe
-
AST - X - AST
-
Astart - X - Astart
-
BootWarn - U - BootWarn.exe
-
Care20 - X - Care20.exe
-
CARPserver - X - CARPserver.exe
-
ccAppr - X - svcrhost.exe
-
Client Server Runtime Process - X - csrsss.exe
-
cmsound - X - vcpdll.exe
-
cmsound - X - vcsystem.exe
-
cmx32 - X - cmx32.exe
-
Coolwallpaper - N - cwm_tray.exe
-
CSRSS Loader - X - csrsss.exe
-
Divamon.exe - ? - Divamon.exe
-
EasySearchBar - X - ESBUpdate.exe
-
EPS - N - e_srcv02.exe
-
EPS - N - e_srcv03.exe
-
eTrust PestPatrol Active Protection - U - PPActiveDetection.exe
-
Fresh Desktop - U - freshdesktop.exe
-
Gay_Sexy_** - X - Gay_Sexy_**.exe
-
HDDHealth - U - hddhealth.exe
-
igsex2x - X - igsex2x.exe
-
IPTable Configuration - X - Winipcfgs.exe
-
irwftp - X - iexplorer.exe
-
kalvsys - X - kalv****.exe [* = random char]
-
load= - X - a1g.exe
-
load= - X - dapdll.exe
-
mainviewex - X - mainviewex.exe
-
Mcafee Antivirus Monitoring System32mn - X - VSStatmn32.exe
-
MessengerDiscovery - U - MessengerDiscovery.exe
-
Microsoft IT Update - X - IEserv.exe
-
Microsoft IT Update - X - msupdate.exe
-
Microsoft IT Update - X - winn43.exe
-
Microsoft Synchronization Manager - X - ___synmgr.exe
-
Microsoft System Checkup - X - libsysmgr.exe
-
Microsoft Update - X - webm.exe
-
Microsoft Update - X - wuagrd.exe
-
Microsoft Update Emulator - X - kern-mxe.exe
-
Microsoft Update Machine - X - wuagrd.exe
-
Microsoft Update Service - X - mswin32.exe
-
Microsoft Windows DHCP - X - ___r.exe
-
Microsoft Wxdate - X - Syswu32.exe
-
MNS - U - MNS.exe
-
MoodBook - U - mb.exe
-
Mscolour - X - mscolour.exe
-
MSConfig Manager - X - msupdate.exe
-
msmon - X - msmon.exe
-
Msn Config - X - msngf.exe
-
Msn Updater - X - msnplugins.exe
-
mssvc32 - X - mssvc32.exe
-
mstasks - X - mstasks.exe
-
MSWinSrv - X - MSWinSrv.exe
-
MSWinSrv32 - X - MSWinSrv32.exe
-
Netunit32 - X - wunit32.exe
-
Network Service Manager - X - netsvc.exe
-
NoAdware - N - NoAdware.exe
-
Norton Updater - X - winset.exe
-
NvCplD - X - m2gr32.exe
-
outlook - X - outlook.exe
-
pdfSaver3 - N - pdfSaver3.exe
-
PktAnything - U - PocketCompanion.exe
-
PrivateNet - X - [various filenames]
-
prvtect - X - prvtect.exe
-
rate.exe - X - ********.exe [* = random char]
-
romahere3 - X - ************.exe [* = random char]
-
RPC - X - MSschost.exe
-
SafeGuard Popup Updater (required) - X - regsvr32 [path] PDF****.dll [* = random char/digit]
-
SafeGuard Popup Updater (required) - X - regsvr32 [path] sfg****.dll [* = ramdom char/digit]
-
SDJobCheck - ? - triggusr.exe
-
Service Process - X - winset.exe
-
SheduIer - X - svchst.exe
-
SpySubtract - U - SpySub.exe
-
stmha - X - wkfxi.js
-
svshost32 - X - msgrsv32.exe
-
Sxplog - ? - sxpstub.exe
-
Sygate Personal Firewall - X - Mcafeeupdate.exe
-
System Applications Profile - X - sap.exe
-
System Update2 - X - services.exe
-
System Update2 - X - svchost.exe
-
System Update2 - X - system.exe
-
System Update2 - X - taskman.exe
-
System Update2 - X - taskmon.exe
-
System Update2 - X - update.exe
-
System Update2 - X - webcheck.exe
-
System Update2 - X - wininet.exe
-
System Update2 - X - winlogon.exe
-
System Update2 - X - winspool.exe
-
System Update2 - X - wupdmgr.exe
-
THGuard - U - THGuard.exe
-
transtask - U - transtask.exe
-
Videocntl - X - Videocntl.exe
-
virtual - X - winit.exe
-
Win Command - X - command32.exe
-
Win32 FRT Driver - X - msfr32.exe
-
win32usbd - X - ssrs.exe
-
Windows AdService - X - WinAdServ.exe
-
Windows Automatic Update - X - wuamgrder.exe
-
Windows Media Player - X - msass43.exe
-
Windows Registry Express Loader - X - regexpress.exe
-
Windows Update - X - ebay.exe
-
Windows Update - X - windows.exe
-
Windows Update AutoUpdate Client Product - X - wuauct.exe
-
WinDriv32 - X - WinDriv32.exe
-
winltmpv - X - wutop.exe
-
winsecure - X - winsecure.exe
-
WinSig - X - NetXP.exe
-
Winsock32driver - X - winXPupdate.exe
-
winupdt - X - RUNDLL32.EXE [random.dll]
-
winversion - X - winversion.exe
-
winxpdll32.exe - X - winxpdll32.exe
-
WIP Config GUI - X - Winipcfgs.exe
-
Wlan Drier - X - Winusb2.exe
-
wmiprv - X - wmiprv.exe
-
WNSI - X - wnscp**.exe [* = random char]
-
WNSI - X - wnscpsu.exe
-
WNSI - X - wnscpsv.exe
-
xload32 - X - netdd.exe
Changed items
- 31
- 666 (Ska.exe) - description changed
-
ATI Remote Control (ATIRW.exe) - status (Y) and description changed
-
blads (blads.exe) - hyperlink changed
-
BlockAds (blads.exe) - hyperlink changed
-
blss (blss.exe) - description changed
-
COM+ System Applications (lsas.exe) - description changed
-
Controlled Resource System Service (crss.exe) - description changed
-
DVDLauncher (DVDLauncher.exe) - description changed
-
Hot_Tarts_** (Hot_Tarts_**.exe) - name, command and description changed
-
Microsoft Excell (wuamngr32.exe) - description changed
-
Mufix (mufix.exe) - description changed
-
NAV Agent (navapw32.exe) - description changed
-
navapw32 (navapw32.exe) - description changed
-
NetPumper (NetPumperIEProxy.exe) - description changed
-
Norton Auto-Protect (navapw32.exe) - description changed
-
Pop-Up_Blocker (Popup.exe) - hyperlink changed
-
Popup Blocker Updater (regsvr32 veev****.dll [**** = random char]) - command and description updated
-
Reactor7 ([random name]32.exe) - description changed
-
System Update2 (explorer.exe) - command changed
-
tranicon (tranicon.exe) - hyperlink changed
-
TransparentIcons (tranicon.exe) - hyperlink changed
-
Tweak-xp (Tweak-xp.exe) - hyperlink changed
-
ViewMgr (ViewMgr.exe) - description changed
-
Win Server (winserv.exe) - description changed
-
Win Server Updt (wupdt.exe) - description changed
-
winadm (winadm.exe) - description changed
-
Windows Update (wudate.exe) - description changed
-
Windows32 (rundll.exe) - description changed
-
winltmpv (winln.exe) - description changed
-
winupdtl (winupdtl.exe) - description changed
-
wupdt (wupdt.exe) - description changed
Remove item
- Reactor7 - X - [random name]32.exe -> MYDOOM.AJ
1st December, 2004
New items
- 166
- !1_pgaccount - Y - pgaccount.exe
-
!1_ProcessGuard_Startup - Y - procguard.exe
-
%FP%012-L2TP fts.exe - ? - fts.exe
-
%FP%012-L2TP FWPortal.exe - ? - FWPortal.exe
-
%FP%1776 Internet fts.exe - ? - fts.exe
-
%FP%1776 Internet FWPortal.exe - ? - FWPortal.exe
-
%FP%Barak013 fts.exe - ? - fts.exe
-
%FP%Barak013 FWPortal.exe - ? - FWPortal.exe
-
[random 12 digit number] - X - advpack1.exe
-
[] - X - spolsvr2.exe
-
ActMaker - U - ActMak25.exe
-
Adobe - X - sysconfig.exe
-
Adope File Manager - X - lsasv.exe
-
AmazingTens - X - AmazingTens.exe
-
AOL Instant Messenger - ? - AlM.EXE
-
AOL Messenger - X - aolmsngr.exe
-
API32 - X - api32.exe
-
APIMon - X - apimonx.exe
-
APIMon - X - winapix.exe
-
Athan - U - Athan.exe
-
blah service - X - msnmsgrr.exe
-
BlueToothAuthentication Agent - U - rundll32.exe irprops.cpl, BluetoothAuthenticationAgent
-
Bouncer RunStartup - X - bouncer.exe
-
Bouncer RunStartup - X - LiveUpdate.exe
-
candynet - X - Taskmsg.exe
-
CSV7P70 - X - CSV7P070.exe
-
DATABASE MySql - X - [path] repcale.exe [path] beird.exe
-
Default_Page_URL - X - http://find.naupoint.com
-
Default_Search_URL - X - http://find.naupoint.com
-
DiskeeperSystray - N - DkIcon.exe
-
Dlite - X - dllmanager.exe
-
Dmsvc32 - X - Dmsvc32.exe
-
DNS Service - X - dnsresolver.exe
-
DSAcass - X - [path to file]
-
DVDLauncher - N - DVDLauncher.exe
-
eMusicClient Systray - N - eMusicClient.exe
-
ErrorGuard - X - ErrorGuard.exe
-
First Home Page - X - http://find.naupoint.com
-
FSCBoss - N - FSCBoss.exe
-
Grokster - N - Grokster.exe
-
hErcUnes - X - softhost.exe
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - X - windowsupdate.exe
-
IEDriver - X - TD.exe
-
Intel system works - X - iis.exe
-
Internet Service - X - intersvc.exe
-
irc session - X - sessionmgr.exe
-
KCeasy - N - KCeasy.exe
-
Kernel_check - X - wmiprvse.exe
-
kernel32dll - X - guardpc.exe
-
loads.exe - X - suploads.exe
-
Local Page - X - http://find.naupoint.com
-
lsass service - X - lsass2.exe
-
masqform.exe - N - masqform.exe
-
MatrixScreen - X - [filename]
-
mediamotor.exe - X - mmups.exe
-
Memory Watcher - X - MemoryWatcher.exe
-
MeTaLRoCk (irc.musirc.com) has sex with printers - X - metalrock-is-gay.exe
-
Microsoft ALG32 Protocol - X - alg32.exe
-
Microsoft CSRSS386 Protocol - X - csrss386.exe
-
Microsoft Document - X - krisp.exe
-
Microsoft EXPLOREXP Protocol - X - explorexp.exe
-
Microsoft LSASS386 Protocol - X - scvhost32.exe
-
Microsoft MSGPLUS32 Protocol - X - msgplus32.exe
-
Microsoft MSNGR32 Protocol - X - msngr32.exe
-
Microsoft MsnST - X - msnst32.exe
-
Microsoft SCVHOST32 Protocol - X - scvhost32.exe
-
Microsoft SSISVRI32 Protocol - X - ssisvri.exe
-
Microsoft Update - X - NAV.exe
-
Microsoft Update - X - systemi32.exe
-
Microsoft Update - X - xpupdate.exe
-
Microsoft Update Machine - X - [random filename]
-
Microsoft Update Machine - X - linux.exe
-
Microsoft Update Machine - X - lmrss.exe
-
Microsoft Update Machine - X - windowsu.exe
-
Microsoft Update Machine - X - wininigo.exe
-
Microsoft Update Machine - X - winmgr.exe
-
Microsoft Update Machine - X - Winmsixp32.exe
-
Microsoft Update Machine - X - Winregs32.exe
-
Microsoft Update Machine - X - winxpini.exe
-
Microsoft Update Machine - X - wuamgrd.exe
-
Microsoft Windows - X - mstask0.exe
-
Microsoft Windows Loader - X - wloader.exe
-
Microsoftkeysd - X - systemwin32s.exe
-
MirrorFolderShell - U - mrfshl.exe
-
MS lsass Startup - X - lsass135.exe
-
MS Remote Procedure Call - X - msrpc32.exe
-
MS SyS Restore - X - sysrestore.exe
-
msconfig.exe - X - proxy.exe
-
msconfig.exe - X - uline.exe
-
msdev - X - msconfig.exe
-
msgserv_ - X - Syss.exe
-
mswspl - X - searchbarcash.exe
-
MyTotalSearch Email Plugin - X - mtsoemon.exe
-
Narrator - X - ******.exe [* = random char]
-
navp.exe - X - navp.exe
-
NBT System alias - X - [path] repcale.exe [path] beird.exe
-
NDIS Adapter - X - lsass2.exe
-
Norton Guard 32 - X - ntguard32.exe
-
nse - X - nse.exe
-
NvCpl - X - NvCpl.EXE
-
PcCtlCom - Y - Pcctlcom.exe
-
Plug And Play - X - msnmsg.exe
-
PrevxHome - Y - SAGUI.exe
-
RandomWin32 - X - mgnwin32.exe
-
Real Internet Player - X - Reaiplay.exe
-
RegFreeze - U - regfreeze.exe
-
S3 Internal Chip - X - s3serv.exe
-
salm - X - salm.exe
-
satmat - X - satmat.exe
-
ScManager - X - scman.exe
-
Screen Calendar - U - scrcal.exe
-
scvhost loader - X - ixplore.exe
-
SDPhotoBar.exe - N - SDPhotoBar.exe
-
Search Page - X - http://find.naupoint.com
-
security service - X - syss.exe
-
Sexy_sg - X - Sexy_sg.exe
-
Shareaza - N - Shareaza.exe
-
Software - X - software.exe
-
Spyware Slayer - X - SpywareSlayer.Exe
-
Spyware Vanisher - X - FreeScanner.exe
-
Start Page - X - http://find.naupoint.com
-
Start RF Wireless Keyboard - Y - ktrexe.exe
-
Start RF Wireless Mouse - Y - cm20.exe
-
Start Upping - X - taksmgr.exe
-
svchost - X - [path] SETUP.EXE
-
svchost1 - X - svchost1.exe
-
sysmon - X - sysmon44.exe
-
SysSearch - X - Regedit.exe -s [path] pcsearch.reg
-
system check - X - updater.exe
-
System Document Application - X - nmod.exe
-
System Restore Data - X - [path] repcale.exe [path] beird.exe
-
System Stats - X - SystemStats.exe
-
system xp - X - acdsee demo.exe
-
taskmgr.exe - X - paint.exe
-
tibs3 - X - tibs3.exe
-
Tsa2 - X - tsm2.exe
-
VirtuaGirl2 - U - VirtuaGirl2
-
web - X - ******.exe [* = random char]
-
WebCpr0 - X - WebCpr0.exe
-
Win32 Device Loader - X - Win32ldr.exe
-
Win32 DRK Driver - X - wdrk32.exe
-
win32 regedit - X - msn32.exe
-
WinApi - X - winapix.exe
-
windows - X - system copy.exe
-
Windows Dcom2 Fix - X - mscom32.exe
-
Windows debug logging - X - winloggs.exe
-
Windows DLL Loader - X - defragfat32pi.exe
-
Windows Explorer - X - olecom32.exe
-
Windows Logon - X - winlogin.exe
-
Windows Monitoring Service - X - winmon.exe
-
Windows OLE Automation Server - X - ole32aut.vbe
-
Windows Registry Security - X - crss.exe
-
Windows TaskAd - X - Wintaskad.exe
-
windows update - X - Wuanclt.exe
-
WindowsRegKey upd4te2d4te - X - *********.exe [* = random char]
-
WindowsSQL service - X - boner.exe
-
WinDrv - X - windrvx.exe
-
winhlp3.exe - X - winhlp3.exe
-
winhlp32.exe - X - winhlp32.exe
-
Winlogin.exe - X - log.exe
-
winlogin.exe - X - logfile.exe
-
Wlan Driver - X - avscan.exe
-
WMP54Gv4 - Y - WMP54Gv4.exe
-
WSAConfiguration - X - rpcxmn32.exe
-
yahoo groups - X - upgrdmgr.exe
-
Yahoo Messenger - X - YPager.exe
Changed items
- 36
- ADSL_A2 (A2Installed) - description changed
-
Alchem (Alchem.exe) - description changed
-
ASE Scheduler (ASE Scheduler.exe) - status (N) changed and description updated
-
Configuration Loader (systemry.exe) - description changed
-
Control handler (***********.exe [* = random char]) - command changed
-
Distributed File System (Dfsvc.exe) - description changed
-
Distributed File System (kernel32dll.exe) - description changed
-
Games Acceleration (svshost.exe) - description changed
-
IEDriver (xplore.exe) - description changed
-
Internet Connection Wizard (stisvsq.exe) - description changed
-
Internet Mail and News (msqdevl.exe) - description changed
-
jawa32 (jawa32.exe) - name changed from "jawa32.exe"
-
Microsoft CSRSS32 Protocol (csrss32.exe) - description changed
-
Microsoft Internet Acceleration Utility (iau.exe) - description changed
-
Microsoft Management Console (lssas.exe) - description changed
-
Microsoft Update (msconfg.exe) - description changed
-
msconfig (msconfig.exe) - description changed
-
msdev (msdev.exe) - description changed
-
msnappau (msnappau.exe) - status (N) and description changed
-
Multimedia extensions (mservice.exe) - description changed
-
MusIRC (irc.music.com) client (musirc4.71.exe) - description changed
-
Norton Update (ccUpdate.exe) - description changed
-
Premeter (nrpr.exe) - description changed
-
Premeter (prmt.exe) - description changed
-
SESync (sed.exe) - description changed
-
Spyware Scanner (AseScanner.exe) - status (N) changed and description updated
-
Supervisor.exe (Supervisor.exe) - description changed
-
SurfSideKick 2 (Ssk.exe) - description changed
-
Sysupd (Sysupd.exe) - description changed
-
tsa (tsl.exe) - description changed
-
tsa (tsm.exe) - description changed
-
WindowsUpd1 (WindowsUpd1.exe) - name changed from "Sysupd" and description updated
-
WindowsUpd2 (WindowsUpd2.exe) - name changed from "Sysupd" and description updated
-
winlogon (winlogin.exe) - description changed
-
YahooStock (Prmvr.exe) - description changed
-
YahooStock (ystckAO32.exe) - description changed