22nd January, 2004
New items
- 66
- X - ;Rundll (<filename>)
-
U - AltoMB_service (AltoMBsrv.exe)
-
U - APC_SERVICE (mainserv.exe)
-
N - ASUS Probe (AsusProb.exe)
-
U - Atray (Atray.exe)
-
N - AutoTKit (AUTOTKIT.EXE)
-
Y - avgamsvr.exe (Avgamsvr.exe)
-
? - BackupNotify (backupnotify.exe)
-
N - BJ Printer Status Monitor (Cjstsr.exe)
-
X - CTime (<path to trojan>)
-
U - CWatch (cw.exe)
-
X - d3dupdate.exe (bbeagle.exe)
-
X - DivX MediaPlayer 7.0 (Dr.DivX.exe)
-
X - Driver (gbot.exe)
-
X - Dx (sys#.exe)
-
U - FilterGate (filtergate.exe)
-
N - GCS (GrabClipSave.exe)
-
U - HpMmKbd (HpMmKbd.exe)
-
? - IDA (IDA.EXE)
-
X - InteliSys (smss.exe)
-
X - K2ps_full.task (K2ps_full.exe)
-
X - kv3000 (lover.vbe)
-
? - McRegWiz (mcregwiz.exe)
-
X - Microsoft MSUPDATE (SpoolSvc.exe)
-
N - Monstersoundtray (Freectrl.exe)
-
N - MPXPTray (mpxptray.exe)
-
X - MSkernel32 (System.exe 4820)
-
X - MutexServiceEx (Sys32Smm.exe)
-
N - MWProEng (MWProEng.exe)
-
X - My App (SMSSvc.exe)
-
X - My Agent (msagent.exe)
-
X - MyCometCursor (MYCOME~1.EXE)
-
N - ntlfreedom (RyDial.dll,QuickStart)
-
X - Nvid = (<8 random charachters>)
-
U - OmniPass (scureapp.exe)
-
X - OrgyCam (OrgyCam.exe)
-
U - plmg.exe (plmg.exe)
-
X - precpop2 (starter.exe)
-
X - Print Spooler (spoolsvc32.exe)
-
U - QuickPassword (agquickp.exe)
-
X - Real player updater (realupd.exe)
-
X - RealUpdater (realupd.exe)
-
N - Remote Control (Rc.exe)
-
N - RoboForm (RoboTaskBarIcon.exe)
-
X - Rundll32_8 (rundll32.exe inetp60.dll,DllRunServer)
-
N - SAClient (RegCon.exe)
-
X - SchedulingAgant (MMTASK.EXE)
-
X - Service (service.exe)
-
U - SlickRun (sr.exe)
-
X - Spooler Service (Spoolsrv.exe)
-
X - Spooler Subsytem App (spoolsvc.exe)
-
X - Spooler Sub System Process (SPOOL32.EXE)
-
X - ssgrate.exe (system.exe)
-
U - Sunkist2k (shwicon2k.exe)
-
X - System (YPager.exe)
-
U - USBDetector (USBDetector.exe)
-
X - VCatch (Vcatch.exe)
-
X - webHancer Survey Companion (whSurvey.exe)
-
X - WhenUSearch (Search.exe)
-
X - Windows Print Spooler (SVEHOST.EXE)
-
X - Windows Spooler (SPOOLSRV.EXE)
-
X - Windows Update (wudate.exe)
-
X - Windows Update (wupdate.exe)
-
X - Win_vader (Win_vader.vbs)
-
X - xpsystem (y.exe or services.exe)
-
X - XXXmpeg (XXXmpeg.exe)
Changed items
- 10
- Alps Electric USB Server - status (N) and description changed
-
Diskstart - grouped common items together and added "Snt.exe" as another variant
-
FontFix - status (X) and description changed
-
HPHmon** - changed from HPHmon04 to reflect different versions
-
HPHUPD** - changed from HPHUPD04 to reflect different versions
-
IMEKRMIG6.1 - status (N) and description changed
-
InternetWasherPro - added "Internet Washer Pro" as an alternative name
-
Necutray - status (U) changed and description updated
-
Sunkist - status (U) changed and description updated
-
UMonit - status (U) and description changed
15th January, 2004
New items
- 30
- X - {2CF0B992-5EEB-4143-99C2-5297EF71F44B} (rundll32.exe stlbupdt.DLL,DllRunMain)
-
X - AST (AST)
-
X - AStart (AStart)
-
X - Autoloaderaproposclient (Apropos_Client_Loader.exe)
-
N - AIMWDInstall (AIMWDInstall.exe)
-
X - Configuration Loader (sysinfo.exe)
-
X - Control (rundll32.exe ctrlpan.dll,Restore ControlPanel)
-
X - editpad (editpad.exe)
-
U - E_SOEIC1 (E_SOEIC1.exe)
-
U - E_S10IC2 (E_S10IC2.exe)
-
N - Fromine WinPopup (winpopup.exe)
-
N - IncMail (IncMail.exe)
-
X - msvcc (msvchost.exe)
-
X - Name (Iexplorer0.exe)
-
U - NetPatrol (winclient.exe)
-
X - NewtonKnowsUpd (NewtKnow.exe ...NewtnUpd.dll,runkey)
-
X - nscntrl (nscntrl.exe)
-
X - Omf4 (OMF4.EXE)
-
X - quicken (WINRAR.EXE)
-
U - QWS3270 Sessions (sessions.exe)
-
N - Skype (Skype.exe)
-
U - SpyHunter (SpyHunter.exe)
-
X - System Toolkit (Systools.exe)
-
U - TM Outbreak Agent (TMOAgent.exe)
-
X - User32 (<filename>)
-
X - WDInfo (wdinfo.exe)
-
N - WinDates (windates.exe)
-
X - windows update (uddater.exe)
-
X - winrar (winrar.exe)
-
U - XTNDConnect PC - ErTray (ErTray.exe)
Changed items
- 3
- HPHmon03 - status (U) and description changed
- HP OfficeJet Series xxx Startup - changed from "HP OfficeJet Series 700 Startup"
- AcerPowerkey - status (U) changed and description updated
8th January, 2004
New items
- 208
- X - <various names> (elf.exe)
-
X - 4wd!!! (Natal!.pif)
-
Y - a² (a2guard.exe)
-
U - AcctMgr (AcctMgr.exe)
-
X - ACTIVEDS (ACTIVEDS.EXE)
-
X - Adobe (Adobe.exe)
-
X - AdobeFonts (fonts.hta)
-
X - AdRoarUpdate (ARUpdate.exe)
-
Y - AdslTaskBar (rundll32.exe stmctrl.dll,TaskBar)
-
U - Adware Agent (adware agent.exe)
-
X - Alevir (Alevir.exe)
-
X - AlevirOld (<worm filename>)
-
N - AlienAutopsy (Test_BS.exe)
-
? - AnnotateCheck (AnnCheck.exe)
-
X - Aucompat (Aucompat.exe)
-
X - Automatic Windows Updater (Update.exe)
-
X - Avimgt (Avimgt.exe)
-
X - Avimgt32 (Avimgt32.exe)
-
X - BIE (Rundll32.exe BDSrHook.dll,Rundll32)
-
X - BIOS1 (BIOS1.EXE)
-
X - Brasil (BRASIL.PIF)
-
X - BrasilOld (<worm filename>)
-
Y - BullguardoptIn (bulldownload.exe)
-
X - bxxs5 (RunDLL32.EXE bxxs5.dll,dllrun)
-
X - Cabchk (Cabchk.exe)
-
X - Cabchk32 (Cabchk32.exe)
-
N - CABCInstall (CABCInstall.exe)
-
Y - CacheMgr (Cachemgr.exe)
-
Y - Capon (Capon.exe)
-
N - Cashsurfers Cashbar Navigator (Cashbar.Exe)
-
X - Cdcompat (Cdcompat.exe)
-
U - ChineseStar (cstar.exe)
-
X - Cissi (Cissi.exe)
-
U - CleanTemp (CLEANT~1.EXE or CleanTemp.exe)
-
X - CLICONFG (CLICONFG.EXE)
-
X - Configuration Loader (dosrun32.exe)
-
X - Configuration Loader (Service.exe)
-
X - Configuration Loader (Servicess.exe)
-
X - Configuration Loader (sw32.exe)
-
X - Configuration Loader (System.exe)
-
X - Configuration Loader (Winreg.exe)
-
X - ContentDownload (rundll32.exe MSA64CHK.dll,DllMostrar)
-
X - Cpusave (Cpusave.exe)
-
X - Cpusave32 (Cpusave32.exe)
-
Y - CSAV_CheckViruses (vchk.exe.exe)
-
U - Cyber-Defender 2003 (uwcdsvr.exe)
-
X - (Default) (media_driver.exe)
-
X - delsubmit (rundll32.exe advpack.dll,DelNodeRunDLL32 submit.exe)
-
X - Desktop (rundll32.exe msconfd.dll,Restore ControlPanel)
-
X - Diskstart (hit.exe)
-
X - DM_server (dmserver.exe)
-
X - DownloadWare Engine (Dwe.exe)
-
Y - Drwebscheduler (Drwebscd.exe)
-
X - Dskcompat (Dskcompat.exe)
-
X - Dvdcompat (Dvdcompat.exe)
-
X - Dx8compat (Dx8compat.exe)
-
X - Dxsty (Dxsty.exe)
-
U - Edwizard (Edwizard.exe)
-
U - EssSpkPhone (essspk.exe)
-
U - EuroGlot (EuroGlot.exe)
-
U - FMStart (Fmstart.exe)
-
N - FoneSyncSystemTray (FoneSyncSystemTray.Exe)
-
X - FONTVIEW (FONTVIEW.EXE)
-
X - G00123 (<worm filename>)
-
X - Generic Host Process for Win32 Services (ntspcv.exe)
-
U - Glass2k (Glass2k.exe)
-
X - gssomatic (gssomatic.exe)
-
X - Hvid (Hvid.exe)
-
X - IASHLPR (IASHLPR.EXE)
-
X - iConfigLoader (DIIhost.exe)
-
X - IEFeatures (IEFeatures.exe or Internetfeatures.exe)
-
X - Iesar (Iesar.exe)
-
X - Imagemgt32 (Imagemgt32.exe)
-
X - Info32x (Info32x.exe)
-
X - instit (INSTIT.BAT)
-
X - Intmgr (Intmgr.exe)
-
? - iPodWatcher (iPodWatcher.exe)
-
U - iPodManager (iPodManager.exe)
-
N - IS CfgWiz (cfgwiz.exe)
-
U - KREC32 (krec32.exe)
-
X - Linksts (linksts.exe)
-
X - LoadManager (msload.exe)
-
X - LoadPowerProfile (Rundll32.exe)
-
X - lsass (<path to lsass.exe>)
-
U - Memory Stick Monitor (MSstat.exe)
-
X - Microsoft .NET Confingurator (msnconf.exe)
-
X - Microsoft Netview (mssvc32.exe)
-
X - Microsoftİ PID Lex (PIDLex.exe)
-
X - Microsoft Windows 2000 (Winupdsdgm.exe)
-
X - Microsoft Windows Update (rundlls.exe)
-
? - MigrationVendorSetupCaller (rundll32.exe migrate.dll,CallVendorSetupDlls)
-
X - mload (lxmstart.exe)
-
X - Monitormgt (Monitormgt.exe)
-
X - MPREXE (MPREXE.EXE)
-
X - Msemu32 (Msemu32.exe)
-
X - Msnarrator (msnarrator.exe)
-
X - MS_NETD_WIN32 (netd32.EXE)
-
X - MsSystem (msdos.exe)
-
X - MsSystem (mssys.exe)
-
X - Mstask (mstask.exe)
-
X - MSVersion (INTERNETFEATURES.exe or clrschp038.exe)
-
U - MUAL (Mual.exe)
-
X - Natal (Natal.scr)
-
U - Network Associates Error Reporting Service (TBMon.exe)
-
X - NJG40 (NJG40.EXE)
-
X - Norton Live Updater (Cavapsvc.exe)
-
X - Norton Live Updater (Sochost.exe)
-
U - NSHelper (aexnsinstallhelper.exe)
-
N - NSystemMonitor (Symmon.exe)
-
X - Nvid32 (Nvid32.exe)
-
X - Nvidex32 (Nvidex32.exe)
-
X - Nvidia32 (nvidia32.exe)
-
N - NVRT (nvrt.exe)
-
X - Olehelp (Olehelp.exe)
-
X - online_party (online_party.exe)
-
X - P3p4chk (P3p4chk.exe)
-
X - PGStub.exe (various filenames)
-
X - Pixel32 (Pixel32.exe)
-
X - Pixelpwr32 (Pixelpwr32.exe)
-
X - Pixelsvr (Pixelsvr.exe)
-
X - pqhelper (pqhelper.exe)
-
U - PractiSearch (PSearch.exe)
-
? - PreAnnotate (PreAnntt.exe)
-
Y - PSNotify (psnotify.exe)
-
X - PutA!! (PutA!!.exe)
-
X - PutAS! (PutA!!.com)
-
X - Pwr32ctr (Pwr32ctr.exe)
-
X - Pwr32ctrl (Pwr32ctrl.exe)
-
X - Pwr32mgt (Pwr32mgt.exe)
-
X - Pwroff (Pwroff.exe)
-
? - QMusic (QMAgent.exe)
-
N - QuikShield (qkshield.exe)
-
X - Registry Loader (winhlpp32.exe)
-
X - Reg_WFT (Regsysw.com)
-
U - RhinoBlocker (RhinoBlocker.exe)
-
Y - run= (smsrun16.exe)
-
X - RunDLL (rundll32.exe bridge.dll,Load)
-
X - s4helper (s4helper.exe)
-
X - Scr (scr.scr)
-
X - ScrSvr (ScrSvr.exe)
-
X - ScrSvrOld (<worm filename>)
-
Y - Scsi (Scsi.exe)
-
X - Serials (serials.exe)
-
X - Service Controller (Csrrs.exe)
-
X - Services (back32.exe ...service.exe)
-
X - Services004 (<worm filename>)
-
U - Sgecrypt (Sgecrypt.exe)
-
U - Sgeecview (Ecview.exe)
-
X - Shmgrate.exe (ibot4.exe)
-
X - Sidebar (Sidebar.exe)
-
? - smbdpmi (smbdpmi.exe)
-
X - smss (<path to smss.exe>)
-
X - Sndcompat (Sndcompat.exe)
-
X - Sndsaver (Sndsaver.exe)
-
X - somatic (somatic.exe)
-
U - SpeedMeter (SpeedMeter.exe)
-
X - Spees1 (speedy.scr)
-
X - Spees2 (Speedy.bat)
-
X - Spees3 (SPEEDY.PIF)
-
X - SpeedBoss (<worm filename>)
-
X - spoolsvv (spoolsvv.exe)
-
X - SQInstaller (SQInstaller.exe)
-
X - Srv32 (Srv32.exe)
-
U - Startacc (startacc.exe)
-
X - startpage (startpage.exe)
-
X - Startup Update (Cvshost.exe)
-
X - stlbupdt (rundll32.exe stlbupdt.DLL,DllRunMain)
-
X - SYSsfitb (SYSsfitb.exe)
-
X - SystemEmergency (directx.exe)
-
X - SystemEmergency (explore.exe)
-
X - SystemExplorer (explore.exe)
-
N - Systest (Systest.exe)
-
X - tat (tatss.exe)
-
X - TB_setup (tb_setup.exe)
-
U - The Easy Bee's Hive (ATCEgSvr.exe)
-
X - This is a virus, please delete it (bigbadvirus.exe)
-
X - tmchook (tmchook.exe)
-
X - TrueFonts (fonts.hta)
-
Y - untray (untray.exe)
-
X - Update (CDUpdater.exe)
-
X - Update Install (Schost.exe)
-
X - UPSUtl (web.exe)
-
? - VAIO Recovery (PartSeal.exe)
-
X - Vidcompat (Vidcompat.exe)
-
N - visionGS (VISIONGS.EXE)
-
X - webalize (webalize.exe)
-
X - WinActiveJ (WinActiveJ.exe)
-
X - Win_api_driver (system.exe)
-
X - WinAuth (winlogon.exe)
-
X - Window Loader (Dos32.exe)
-
X - WindowsAPI.DLL (Server5.exe)
-
X - Windows Configuration (wsys32.exe)
-
X - Windows Explorer (Lsas.exe)
-
X - Windows Networking (winsys32.exe)
-
X - Windows Security Assistant (rundll32.vbe)
-
X - Windows Security Assistant (winsec.exe)
-
X - Windows Startup (Wdrun32.exe)
-
X - Winhost (wintt.exe)
-
X - winlogon (winlogon.exe)
-
X - WinMgr32 (winmgr32.exe)
-
X - winsockdriver (winsock2.2.exe)
-
X - Winsrv (winsrv.exe)
-
Y - WLAN_Cfg.exe (WLAN_Cfg.exe)
-
X - Wminf (Wminf.exe)
-
X - Wminfo (Wminfo.exe)
-
U - WTIndicator (SchedInd.exe)
-
X - wzhelper (wzhelper.exe)
-
U - X Server (X.exe)
Changed items
- 13
- AdDestroyer - status (X) and description changed
-
Config Loader (scvhsot.exe) - "GAOBOT.AO" added as an alternative VIRUS name
-
DeviceDiscovery - status (U) and description changed
-
dpi - status (X) and description changed
-
ISDN Monitor - status (N) and description changed
-
msmc - additional exectuables added
-
Naimagent_UI - "naimag32.exe" added as an alternative executable and description updated
-
pdfFactory Pro Dispatcher v1 - executable corrected to "fppdis1.exe"
-
PowerS - description updated
-
RtlMon.exe - status (N) and description changed
-
Svchost (winhost.exe) - VIRUS identified as "LOLAWEB.A"
-
uc_start - status (N) and description changed
-
winsockdriver - "WARPIGS.C" added as an alternative VIRUS name
Removed all VIRUS related "run=" entries to save on duplication