29th October, 2004
There are no new items this time as I took the opportunity to do some much
needed maintenance on the database with the following aims and associated
impacts, in no particular order:
- Split all items that have one or more entries in the "Name or Startup
Item" and "Command" columns
- This will help programmers who use the list for their software by
removing the <br> - such as startup managers and HJT log analysis
- Revise all VIRUS entries to correctly identify whether they are a VIRUS,
TROJAN or WORM
- Correct all broken hyperlinks
- Correct all "Name or Startup Item" and "Command"
entries where bad characters were used leading to them being shown
incorrectly - for example <, > and #
- Correct the "Status" of some entries
- 3D Text - X - 3D Text.scr
- atitray - U - atitray.exe
- AtiTrayTools - U - atitray.exe
- Configuration Wizard - X - Cfgwiz32.exe
- Mcafee Anti Scan - X - NortonScn.exe
- MSConfig - X - MSCONFIG32.EXE
- PcEXPLODE - X - specialfile.exe
- pilif - X - pilif.exe
- Tweak UI - X - RunDLL32 tweakUI.DLL, TWEAKUI /tweakmeup
- WinMsrv32 - X - WinMsrv32.exe
- Replace backslash "\" entries where they were missing
- Removed entries attributed to random names and filenames - adding these to
the random entry list
- scheck - scheck**.exe - KETCH random entry
- win32app - winpup32.exe - Winpup random entry
- winpup32 - Winpup32.exe - Winpup random entry
- Removed entries caused by duplication elsewhere within the database
- Alevir - Alevir.exe - OPASERV.A duplicate
- Configuration Loader - windex.exe - GAOBOT.BM - duplicate pointing to
BZ version
- MSCONFG32.EXE - MSCONFG32.EXE - duplicate
- ScanRegistry - Scanregw.exe - GWGHOST
- ScrSvr - ScrSvr.exe - OPASOFT.A - duplicate of OPASE
24th October, 2004
New items
- 714
- $WindowsRegKey%update - X - IEXPLORE.EXE
-
(random 12 digit number) - X - avifile5.exe
-
(random 12 digit number) - X - bootvid4.exe
-
(random 12 digit number) - X - browser8.exe
-
(various names) - X - crsrs.exe
-
(various names) - X - navchk.exe
-
(various names) - X - Windows32.exe
-
.WMAudio - X - lsass.exe
-
\IEService.exe - X - IEService.exe
-
\Pribi.exe - X - Pribi.exe
-
_AntiSpyware - U - MssCli.exe
-
_Hazafibb - X - (path to file)
-
{12EE7A5E-0674-42f9-A76B-000000004D00} - X - rundll32.exe [path] stlb2.dll, DllRunMain
-
000hpdllhos - X - hpdllhost.exe
-
180adsolution - X - 180adsolution.exe
-
180ax - X - 180ax.exe
-
Aaou - X - amee.exe
-
AceGain LiveUpdate - N - LiveUpdate.exe
-
adstartup - X - automove.exe
-
Advanced Internet Protocol - X - cerf.exe
-
advmon32 - X - advmon32.exe
-
Adware Spy - N - AdwareSpy.exe
-
agp - X - agp32.exe
-
Aica - X - tuaa.exe
-
Aida - X - ttuh.exe
-
alcmtr - X - ALCMTR.EXE
-
AlcWzrd - ? - ALCWZRD.EXE
-
ANIWZCSService - ? - WZCSLDR.exe
-
ANONYMIZER_SPYWAREKILLER - U - SpyWareKiller.exe
-
AntiWindowsMessenger - U - AntiMsMsg.exe
-
AolAcsDaemon1 - Y - AOLACSD.EXE
-
AOLDialer - N - AOLDial.exe
-
Application Explorer - U - Naldesk.exe
-
aqadcup.exe - X - aqadcup.exe
-
ares - N - ares.exe
-
areslite - N - AresLite.exe
-
asdx - X - xwinrpc32.exe
-
ASHLT - X - Ashlt.exe
-
assistse - X - ASSISTSE.EXE
-
ATI Remote Control - ? - ATIRW.exe
-
ATI VIDEO REGKEY - X - ati2vid.exe
-
Audiocntl - X - audiocntl.exe
-
audioinf - X - audioinf.exe
-
authz - X - authz.exe
-
auto repair system - X - qualityx.exe
-
Auto updat - X - crsrs.exe
-
AWMON - U - Ad-Watch.exe
-
BCPC - X - bcpc.exe
-
bcpc_c - X - bcpc_c.exe
-
BDOESRV - Y - bdoesrv.exe
-
BDSwitchAgent - Y - bdswitch.exe
-
BestPopUpKiller - N - BestPopupKiller.exe
-
BGInfo - U - Bginfo.exe
-
BHODemon 2.0 - U - BHODemon.exe
-
blah service - X - winsysengine.exe
-
Break_Reminder - U - BREAK REMINDER.exe
-
Breg - X - bcre.exe
-
Browser Sentinel - U - BrowserSentinel.exe
-
BtStart - U - btstart.exe
-
BTV - X - btv.exe
-
BullsEye Network - X - bargains.exe
-
CacheBoost - U - trayicon.exe
-
Camera Detector - N - CAMDET~*.EXE
-
Camera Detector - N - Camdetect.exe
-
candy - X - command32.exe
-
caseyvideo - X - CaseyVideo.exe
-
caseyvideo - X - caseyvideo[*].exe (* = digit)
-
CashToolbar - X - CD_Load.exe
-
CashToolbar - X - svchost.exe
-
ccApp - X - WMADZ.EXE
-
ccpApps - X - lsass.exe
-
ccProxy - U - CCPROXY.EXE
-
CCWC7a - U - ac.exe
-
CCWC7I - U - idxl.exe
-
CCWC7s - U - stealth.exe
-
cddrv32 - X - cddrv32.exe
-
CentralProcessor - X - taskimgr.exe
-
Classes - X - int1.exe
-
Classes - X - intl.exe
-
Classes - X - run_21.exe
-
Classes - X - srv.exe
-
Classes - X - srv2.exe
-
ClickTheButton - X - csrss.exe
-
ClickTheButton - X - MSCStat.exe
-
ClipTrak - N - ClipTrak.exe
-
CLSID - X - com.exe
-
CLSID - X - dll.exe
-
CLSID - X - msgplus.exe
-
CLSID - X - plugin.exe
-
CLSID - X - sed.exe
-
cmdcon - X - cmdcon.exe
-
cmt101 - X - cmt101.exe
-
comxt - X - comxt.exe
-
conscorr - X - conscorr.exe
-
Controlled Resource System Service - X - crss.exe
-
CoolDownloads - X - rundll32.exe [path] MSA64CHK.dll, DllMostrar
-
CoolMP3 - X - rundll32.exe [path] MSA64CHK.dll, DllMostrar
-
cursor - N - Screendragon_VS_Taskbar.exe
-
cvmonitor.exe - X - cvmonitor.exe
-
cyberfree.exe - X - ****.dat (* = random char)
-
de32gen - X - de32gen.exe
-
DealHelperBrwsr - X - dhbrwsr.exe
-
DealHelperDown - X - download.exe
-
DealHelperUpdate - X - DHUpdt.exe
-
deejay - X - forboo.exe
-
dguard - N - dguard.exe
-
Dialer Control - U - dc.exe
-
DIECOX - X - csrss.exe
-
DietK - U - DietK.exe
-
Dimension - U - Dimension.exe
-
diskinf - X - diskinf.exe
-
Display Settings - N - hptasks.exe
-
Distributed File System - X - kernel32dll.exe
-
DKTime - X - dktime.exe
-
D-Link Air Utility - Y - AirCFG.exe
-
dlldmt - X - dlldmt.exe
-
dllhelp - X - dllhelp.exe
-
dllreg - X - dllreg.exe
-
dluxde - X - dluxde.exe
-
dmtdll - X - dmtdll.exe
-
dos - X - dos64.exe
-
DownloadLegalMusic - X - rundll32.exe [path] MSA64CHK.dll, DllMostrar
-
dpcproxy - X - dpcproxy.exe
-
DR_S - X - DR_S.exe
-
DSB - X - DSB.exe
-
dvd43 - N - DVD43_Tray.exe
-
DVDTray - ? - DVDTray.exe
-
dvraudio - X - dvraudio.exe
-
dvsfss - X - fbsfsdrs.exe
-
DynDNS-Updater Traytool - N - ddutray.exe
-
eanth_system_patcher - N - sys_alert.exe
-
EasyMessage - U - em2.exe
-
EbatesMoeMoneyMaker0 - X - EbatesMoeMoneyMaker0.exe
-
educational writer - X - (random filename)
-
enhance32 - X - enhance32.exe
-
ESPN BottomLine - N - bline.exe
-
EvtHtm - X - evthtm.exe
-
Explorer Updater - X - IEXPLORE.exe
-
eZWO - X - wo.exe
-
FAST Defrag - N - FAST2.EXE
-
FieldForms Sync - U - SyncService.exe
-
File System Service - X - wmiprvsc.exe
-
flpycntl - X - flpycntl.exe
-
Foul PX - U - FoulPX.exe
-
Fraps - N - fraps.exe
-
FriendlyType - X - lsass.exe
-
F-Secure Startup Wizard - Y - FSSW.EXE
-
F-Secure TNB - Y - TNBUtil.exe
-
fukerservice - X - fukerz.exe
-
Fwr Command Module - X - fwr.exe
-
fwservice - X - fwservice
-
gcasDtServ - U - gcasDtServ.exe
-
gcasServ - U - gcasServ.exe
-
Gene USB Monitor - U - USBMonit.exe
-
Generic Host Process for Win32 Services - X - winsvc.exe
-
Generic Host Service - X - lshost.exe
-
Generic Services Process - X - regsvc32.exe
-
GetTheMusic - X - rundll32.exe MSA64CHK.dll, DllMostrar
-
GinaDll - X - ntgina.dll
-
he3e3fc4 - X - rundll32.exe [path] he3e3fc4.dll, EnableRunDLL32
-
HorngTech4D - Y - bally4d.exe
-
HostManager - ? - AOLHostManager.exe
-
Hot_Tarts - X - Hot_Tarts.exe
-
hotplug - X - hotplug.exe
-
hpsysconf1 - X - (random filename)
-
hsim - X - isearch.exe
-
hsim - X - sexgame.exe
-
hsim - X - toolbar.exe
-
httpd - X - c_pan.exe
-
icdd7ee6 - X - rundll32.exe [path] icdd7ee6.dll, EnableRunDLL32
-
idecntl - X - idecntl.exe
-
IEengine - X - IEeng.exe
-
iel2cde8 - X - rundll32.exe [path] iel2cde8.dll, EnableRunDLL32
-
Iesearch.exe - X - Iesearch.exe
-
ieupdate - X - mcpdll32.exe
-
Iinl - X - iptl.exe
-
inetmgr - X - inetmgr.exe
-
intdctrr - X - idctup20.exe
-
Internet Explorer - X - IEXPLORE.EXE
-
Internet Services - X - systemdev.exe
-
Irwftp - X - (path to trojan)
-
ist service uninstall - X - (random filename)
-
ISUSPM Startup - N - ISUSPM.exe
-
ISUSScheduler - N - issch.exe
-
jawa32.exe - X - jawa32.exe
-
Jreg - X - Jreg2b.exe
-
KAVPersonal50 - Y - Kav.exe
-
kbddrv32 - X - kbddrv32.exe
-
kbddrvinf - X - kbddrvinf.exe
-
kern64dll - X - (random filename)
-
kernctl32 - X - rundll32 kctl32.dll, initialize
-
Keybdcntl - X - keybdcntl.exe
-
Kodak EasyShare software - U - EasyShare.exe
-
kw3eef76 - X - rundll32.exe [path] kw3eef76.dll, EnableRunDLL32
-
kX Mixer - N - kxmixer.exe
-
li01f948 - X - rundll32.exe [path] li01f948.dll, EnableRunDLL32
-
load32 - X - swchost.exe
-
loads.exe - X - loads.exe
-
loads.exe - X - medload.exe
-
LoadSIPS - X - rundll32.exe [path] SIPSPI32.dll, SIPSPI32
-
Logitech Hardware Abstraction Layer - ? - Khalmnpr.exe
-
LogitechSoftwareUpdate - ? - ManifestEngine.exe
-
lsasss.exe - X - lsasss.exe
-
LXBLKsk - ? - LXBLKsk.exe
-
LzioMediaUpdater - X - LzioMediaUpdater.exe
-
m32info - X - m32info.exe
-
main16 - X - main16.exe
-
main32 - X - main32.exe
-
Mcafee Anti Scan - X - NortonScn.exe
-
Mcaffe Antivirus - X - Mcafeescn.exe
-
Mdmdll32 - X - mdmdll32.exe
-
Media Load - X - msn32.exe
-
Media Player - X - wmplayer.exe
-
Media Service - X - msn64.exe
-
Media service - X - msnmsgxr.exe
-
Media service - X - SYSTEM64.EXE
-
MemScanner - N - MemScanner.exe
-
Micr Update - X - soundblaster.exe
-
Microsof Windows Host - X - svhost32.exe
-
Microsofot x386 System Monitor - X - system32.exe
-
Microsoft 16Bit Update - X - wuapdate16.exe
-
Microsoft Ansti Update - X - msie.exe
-
Microsoft Associates, Inc. - X - iexplorer.exe
-
Microsoft AUT Update - X - MSlti32.exe
-
Microsoft AutoUpdater - X - svhost.exe
-
Microsoft Config - X - msconf.exe
-
Microsoft Data Helper - X - cihost.exe
-
Microsoft Digital Clock - X - msclock.exe
-
Microsoft DirectX - X - rasmngr.exe
-
Microsoft Excell - X - wuamngr32.exe
-
Microsoft Features - X - ms32cfg.exe
-
Microsoft Firewall - X - firewallsp2.exe
-
Microsoft Help SVC - X - msnmngr.exe
-
Microsoft IE - X - Iexplore.exe
-
Microsoft Internet - X - expl0rer.exe
-
Microsoft Internet - X - windows32.exe
-
Microsoft Internet Exp - X - iiexplorer.exe
-
Microsoft Internet Services - X - Smss32.exe
-
Microsoft IT Update - X - (random filename)
-
Microsoft JavaVM - X - msjarun.exe
-
Microsoft Locals 332 - X - (random filename)
-
Microsoft Macro Protection SubSsy - X - msacroprots386.exe
-
Microsoft Macro Protection Subsystems - X - msmacroprotxz.exe
-
Microsoft media services - X - Iassd.exe
-
Microsoft media services - X - winmplayer.exe
-
Microsoft Office OneNote 2003 Quick Launch - U - ONENOTEM.EXE
-
Microsoft Personal Firewalls - X - bakw.exe
-
Microsoft Restore - X - scrgrd.exe
-
Microsoft Service - X - microhost.exe
-
Microsoft Service - X - winsvc.exe
-
Microsoft Services - X - lsrv.exe
-
Microsoft Software - X - sysinfo33.exe
-
Microsoft Software Update - X - nmon.exe
-
Microsoft Sound Driver - X - sound32.exe
-
Microsoft Synchronization Manager - X - asgard.exe
-
Microsoft Synchronization Manager - X - bot.exe
-
Microsoft Synchronization Manager - X - netscape.exe
-
Microsoft Synchronization Manager - X - slhost.exe
-
Microsoft Synchronization Manager - X - svhost.exe
-
Microsoft Synchronization Manager - X - WinLoginnn.exe
-
Microsoft Synchronization Manager - X - winupdate.exe
-
Microsoft Synchronization Manager - X - xXx.exe
-
Microsoft Time Manager - X - dveldr.exe
-
Microsoft Update - X - ascdl.exe
-
Microsoft Update - X - automgr32.exe
-
Microsoft Update - X - mediap.exe
-
Microsoft Update - X - Microsoftx.exe
-
Microsoft Update - X - msconfg.exe
-
Microsoft Update - X - Mslti32.exe
-
Microsoft Update - X - muamgrd.exe
-
Microsoft Update - X - navmgrd.exe
-
Microsoft Update - X - Smss32.exe
-
Microsoft Update - X - sys32cfg.exe
-
Microsoft Update - X - VPC32.EXE
-
Microsoft Update - X - winsys32.exe
-
Microsoft Update - X - wuamgrd.exe
-
Microsoft Update - X - wuammgr32.exe
-
Microsoft Update - X - wudmate.exe
-
Microsoft Update 32 - X - MSupdate32.exe
-
Microsoft Update Machine - X - (random filename)
-
Microsoft Update Machine - X - expl0rer.exe
-
Microsoft Update Machine - X - rxhost.exe
-
Microsoft Update Machine - X - servicz.exe
-
Microsoft Update Machine - X - SP2.exe
-
Microsoft Update Machine - X - winini.exe
-
Microsoft Update Machine - X - xvshost.exe
-
Microsoft Update Server - X - mssrv.exe
-
Microsoft Update Service - X - csrss32.exe
-
Microsoft Update Time - X - wuam.exe
-
Microsoft Update Win32a - X - winupdate32a.exe
-
Microsoft upnp Update - X - msie.exe
-
Microsoft Video Controls - X - tskmsgr.exe
-
Microsoft Visual Studio VSA - X - varpc32.exe
-
Microsoft Windows Secure Server - X - rpcxWindows.exe
-
Microsoft Windows Task Manger - X - Mstosk.exe
-
Microsoft Windows Update - X - msoffice2.exe
-
Microsoft Windows Update - X - spools.exe
-
Microsoft Windows Update - X - svchos.exe
-
Microsoft Windows Updater - X - WINIUPDATES.EXE
-
Microsoft WinUpdate - X - mntcgf032.exe
-
Microsoft WinUpdate - X - svh0st.exe
-
Microsoft WinUpdate - X - syslx32.exe
-
Microsoft WinUpdate - X - syswin32.exe
-
Microsoft WinUpdates - X - serm32.exe
-
Microsoft XML Service - X - msxmlx.exe
-
Microsofts Updatez - X - cmsssr.exe
-
MicrosoftSourceSafe - X - lsass.exe
-
MicrosoftUpdate - X - syshelper.exe
-
MicrosoftUpdate - X - WinUp32.exe
-
Microsoft-Update - X - wngard.exe
-
Microsoft-Updates - X - svxhost.exe
-
Microsoft--Updates - X - sxvhost.exe
-
Microsoftvirus - X - sysoverload.exe
-
mmcndmgr - X - mmcndmgr.exe
-
MMCWINMGMT - N - winmgmt.exe
-
Modeminf - X - Modeminf.exe
-
MoneyAgent - N - mnyexpr.exe
-
MoneyStartUp - N - Money Startup.exe
-
mousebut - X - mousebut.exe
-
Mousecntl - X - mousecntl.exe
-
mousedrv - X - mousedrv.exe
-
MPL32 driver - X - MPL32.exe
-
MS Config Service - X - Msloader32.exe
-
MS Decryption Software - X - active.exe
-
MS FIREWALL - X - msfrewall.exe
-
MS Sound Config 16bit - X - sndcfg16.exe
-
MS Update - X - syshost.exe
-
MSACM - X - msacm.exe
-
MSCommX - X - mscommx.exe
-
msconfig service - X - MSupdate32.exe
-
MsgApi - X - (path to file)
-
msgb1 - X - msgb1.exe
-
msidle - X - msidle.exe
-
msjava service - X - xpcd.exe
-
msn - X - msnmsg.exe
-
MSN - X - msnmsgs.exe
-
MSN Manager - X - cvss.exe
-
MSN Messanger - X - msnmsng.exe
-
Msn Messengers - X - MSNMSGR.EXE
-
MSN UPDATERS - X - virtualmemory.exe
-
msnmsgr32-.exe - X - msnmsgr-.exe
-
MSNMSGR5 - X - MSNMSGR5.exe
-
MSNMSGRE - X - swef.bat
-
MSNMSGRR - X - swin.bat
-
MSNMSGRS1 - X - swed.bat
-
msupdates - X - msupdt.exe
-
msurl - X - msurl32.exe
-
MSVSync - X - videosync.exe
-
mswave - X - mswave.exe
-
mswspl - X - (random filename)
-
Multimedia Codecs - X - mcc.exe
-
mwavscan - U - mwavscan.com
-
MyDailyHoroscope - X - MYDAIL~1.EXE
-
MyDailyHoroscope - X - MyDailyHoroscope.exe
-
mysoft - X - winexplor.exe
-
NAV Scan Service - X - NAVSCAN32.EXE
-
NDIS Adapter - X - ndis.exe
-
netdll32 - X - netdll32.exe
-
netdllex - X - netdllex.Exe
-
NETFP32.EXE - X - NETFP32.EXE
-
netsv32 - X - netsv32.exe
-
NetWork - X - csrs.exe
-
Network Protocol Service - X - wuamgrd.exe
-
Network Security Guard - X - **********.exe (* = random char)
-
New.net Startup - X - rundll32 [path], NewDotNetStartup -s
-
News Service - ? - ispnews.exe
-
NiceDownloads - X - rundll32.exe MSA64CHK.dll, DllMostrar
-
Norton SpySweeper AutoUpdate - X - navsw.exe
-
norton32 - X - norton32.exe
-
Notebook Maximizer - U - maximizer_startup.exe
-
Notn - X - Eber.exe
-
nssysconf - X - (random filename)
-
nstat - X - netstat.exe
-
NT Services - X - ntsvc.exe
-
NTFS16 - X - ntfs16.exe
-
ntldr - X - ntldr.exe
-
Nvidia Control Panel - X - ncsvc32.exe
-
NVIDIA Driver - X - MSPMSPSU.EXE
-
NVIDIA nForce APU1 Utilities - N - NVATray.exe
-
NVRTClk - ? - NVRTClk.exe
-
OEM Tools 32 - X - tres32.exe
-
OEM32 Tools - X - sres32.exe
-
OLE Automation Server - X - ole32aut.vbe
-
Open2Enter - X - runme.exe
-
Open2Enter - X - runme2.exe
-
Optus Cable Data Monitor - U - datamonitor.exe
-
OptusNetUsage - U - OptusNet Usage Meter.exe
-
Osus - X - acao.exe
-
P2P Networking3 - N - P2P Networking3.exe
-
p4mx4 - X - p4mx4.exe
-
PadTouch - N - PadExe.exe
-
PalNetaware - X - pnetaware.exe
-
Patches Value - X - WinGamed.exe
-
PCClient.exe - Y - PCClient.exe
-
PcEXPLODE - X - specialfile.exe
-
pilif - X - pilif.exe
-
pm32ctrl - X - pwr32crtl.exe
-
pm32info - X - pm32info.exe
-
pnpsvc_lock - X - ******.exe (* = random digit)
-
pnpsvc_lock - X - startsvs.exe
-
Popup Defence Updater - X - regsvr32 /s [path] pdf****.dll (* = random char/digit)
-
PopUpWasher - U - PopUpWasher.exe
-
PowerBar - N - Powerbar.exe
-
Prein - X - APP****.tmp (* = random char or digit)
-
PrintSpoolSv - X - System.exe
-
Prog - X - lsass.exe
-
projselector - N - projselector.exe
-
Pure Networks Port Magic - N - PortAOL.exe
-
QBRSR - X - QuickBrowser.exe
-
QTSvc - X - msocfg.exe
-
QTSvc - X - navchk.exe
-
QTSvc - X - shman.exe
-
QTSvc - X - ssvr.exe
-
QuicktimeMngr - X - QUICKTIMEMNGR.EXE
-
QuickZip - X - lu.exe
-
Rabo Session Monitor - Y - RaboSessionMon.exe
-
Randex virus built for IRBMe - X - irbme.exe
-
Rapid Restore - U - rrpcsb.exe
-
RasCon Remote Access Service Manager - X - rasmngr.exe
-
readdb40 - X - rundll32.exe [path] readdb40.dll, EnableRunDLL32
-
RecoverFromReboo - ? - RECOVE~1.EXE
-
RecoverFromReboo - ? - RecoverFromReboot.exe
-
RecoverFromReboot - ? - RECOVE~1.EXE
-
RecoverFromReboot - ? - RecoverFromReboot.exe
-
Reg Services - X - Winboot32.exe
-
RegDoneEx - X - lsass.exe
-
regservices.exe - X - regservices.exe
-
Remndr - X - CsRemnd.exe
-
Remote Procedure Call - X - winrpc.exe
-
Remote Procedure Call - X - winsysrpc.exe
-
Remote Procedure Call For Windows 32bit - X - rpc.exe
-
Remote Procedure Calls - X - mswinrpc.exe
-
RevoTaskbarApp - U - RevoTask.exe
-
romahere - X - matrixhere.exe
-
romahere2 - X - ************.exe (* = random char)
-
RoxAssist - N - RoxAssist.exe
-
Run XP Service Pack - X - xpservicepack.exe
-
runwin32 - X - runwin32.exe
-
saap - X - saap.exe
-
Safe - X - SafeWin.exe
-
SafeGuard Popup Blocker Updater (required) - X - regsvr32 [path] sfg****.dll (* = ramdom char/digit)
-
saie - X - saie.exe
-
sain - X - sain.exe
-
sais - X - sais.exe
-
Sametime Connect - U - Connect.exe
-
SBAutoUpdate - U - sbautoupdate.exe
-
SC3300CC - Y - SC3300CC.exe
-
scopedll - X - scopedll.exe
-
scvhost.exe - X - scvhost.exe
-
sd32info - X - sd32info.exe
-
sdfsdfsdf - X - sp2update.exe
-
SDIN Adapter - X - sdin.exe
-
SearchUpgrader - X - SearchUpgrader.exe
-
Service Manager - X - dxsound.exe
-
service updaer - X - qualityz.exe
-
ServiceLayer - Y - ServiceLayer.exe
-
Services - X - winread.exe
-
SFP - N - vzSFPWin.EXE
-
sginst - N - sginst.exe
-
si91e44b - X - rundll32.exe [path] si91e44b.dll, EnableRunDLL32
-
SigXC - X - SigX.exe
-
Simcast - N - SimcastAlerts.exe
-
slvchost32 - X - slvchost32.exe
-
sndsrvc - ? - SNDSRVC.EXE
-
Sound services - X - SOUND32.EXE
-
Sound System - X - WinSound1.exe
-
soundtasks - X - soundtasks.exe
-
soundtctrls - X - soundtctrls.exe
-
SoundView - X - msdview32.exe
-
sounofts - X - sounofts.exe
-
SP TimeSync - U - SP TimeSync.exe
-
sp2ctr - X - sp2ctr.exe
-
spc_w - N - hcm.exe
-
SpecialOffers - X - SpecialOffers*.exe (* = digit)
-
SpecialOffers - X - SpecialOffers.exe
-
SPnt - X - SPnt.exe
-
SPOOL Configuration - X - spoolsvc.exe
-
spoolserv - X - spoolserv.exe
-
spstore - ? - storesp.exe
-
SpyBlocs - X - SpyBlocs.exe
-
Spyware Begone - N - freescan.exe
-
Spyware Stormer - N - SpywareStormer.Exe
-
SpywareGuardPlus - X - winmm64.exe
-
SpywareKilla - N - SpywareKilla.exe
-
Srv32Win - X - sysdiag.exe
-
SSWPlauncher - X - comet.exe /app:SSWPlauncher
-
Start Service - U - upssrv.exe
-
Start Upping - X - taskmrg.exe
-
Start Uppings - X - svcchosts.exe
-
Starter - X - scvhosting.exe
-
StartMenu - X - s_menu.exe
-
stcinstaller - X - id53.exe
-
StopSignStatus - N - stopsinfo.dll", VerifyStatus
-
Suitcase Startup - U - Suitcase.exe
-
SuperAdBlocker - U - SAdBlock.exe
-
Supervisor.exe - ? - Supervisor.exe
-
SurfStream - U - SurfStream.exe
-
SvcH0st - X - msexploren.exe
-
Svchost - X - svchost.exe
-
SVCHOST - X - var.txt.exe
-
svcinfo - X - svcinfo.exe
-
SVX Control Service - X - svxhost.exe
-
Sygate Personal Firewall - X - Win32x.exe
-
Sygate Personal Firewall Start - X - services32.exe
-
Sys Ren - X - SysRen.exe
-
Sys29 - X - win***32.exe (* = random char)
-
SysA - X - win***32.exe (* = random char)
-
syscheck - X - iexplorer.exe
-
Sysdpt - X - sysdpt.exe
-
sysflg32 - X - sysflg32.exe
-
sysinit - X - services.exe
-
Sysino - X - lsess.exe
-
sysint16 - X - sysint16.exe
-
syslogin.exe - X - syslogin.exe
-
SYSTEM - X - lsas.exe
-
System Config Manager - X - crss.exe
-
System Failure Statistic - X - cnstat.exe
-
System Information Manager - X - Navcpe.exe
-
System Log Event - X - csrss32.exe
-
System Mechanic Popup Stopper - U - Popupstopper.exe
-
System Restore - X - svcnet.exe
-
System Service - X - systems.exe
-
System Startup - X - Voltio.exe
-
System Terminal - X - SYSTEM2.EXE
-
System Update - X - wupdmgr.exe
-
System Update2 - X - (various filename)
-
System Uptime Server - X - SYSENTRY.EXE
-
System Uptime Server - X - SYSENTRY32.EXE
-
System.exe - X - System.exe
-
System32 - X - sysdiag.exe
-
System32 - X - system32,1.exe
-
System32Dll - X - DLL32SYS.EXE
-
System32Ex - X - System32Ex.exe
-
System-Config - X - msptmf32.com
-
Systemiom Updater - X - Systemiom.exe
-
SystemMonitor - X - Sysmon32.exe
-
SystemService - X - msocfg.exe
-
SystemService - X - navchk.exe
-
SystemService - X - qservice.exe
-
SystemService - X - shman.exe
-
SystemWideHook for Windows NT - X - %WinHook32.exe
-
Systesms.exe - X - systesms.exe
-
SysTime - X - systime.exe
-
Systmesy - X - Systmesy.exe
-
SYSTRAY - X - UNMT.EXE
-
SysWin - X - SysWin.exe
-
syswin32 - X - syswin32.exe
-
t - X - xclean.exe
-
Tapisys - X - tss.exe
-
Task Manager - X - taskmngr.exe
-
TBPS - X - TBPS.exe
-
T-DSL SpeedMgr - N - speedmgr.exe
-
TELUS Security service - Y - freedom.exe
-
TEXTCONV - X - lsass.exe
-
TopDesk - U - TopDesk.exe
-
TOSCDSPD - ? - toscdspd.exe
-
tpcupdater - X - updatetc.exe
-
TPKMAPHELPER - ? - TpKmapAp.exe
-
TpShocks - Y - TpShocks.exe
-
TPSmain - ? - TPSMain.exe
-
TrojanShield - U - Init.exe
-
tsa - X - tsl.exe
-
tsa - X - tsm.exe
-
Uate - X - oocs.exe
-
un32info - X - un32info.Exe
-
uninstal - X - regsvr32 /u /s image.dll
-
Uninstall_TBPS - X - TBuninst.exe /remove
-
unldr16 - X - unldr16.exe
-
unldr32 - X - unldr32.exe
-
UpConfgVer - N - UpgConf.exe
-
UPNPService - X - WinSVCservice.exe
-
USB Device - X - servicelog.exe
-
USB Host Service - X - usbsvc.exe
-
USBPNP - Y - USBPNP.exe
-
VBundleOuterDL - X - BundleOuter.EXE
-
VGAUtil - U - G-VGA.exe
-
vid32cntl - X - vid32cntl.Exe
-
vidcntl - X - vidcntl.Exe
-
Video Multimedia Driver - X - ndrives32.exe
-
Video Process - X - MS32x16.exe
-
Video Process - X - netsvcs.exe
-
Video Services - X - explore.exe
-
Video Services - X - videol_32.exe
-
Videool32 - X - VIDEOL32.EXE
-
VirtualCloneDrive - N - VCDDaemon.exe
-
VirtuaReminder - U - VirtuaReminder.exe
-
VTPreset - U - VTPreset.exe
-
Wanadoo Messenger.exe - N - Wanadoo Messenger.exe
-
warez - N - warez.exe
-
wast - X - wast2.exe
-
WCPI - X - wintsvit.exe
-
WCPT - X - wintsvtr.exe
-
WeatherOnTray - X - WeatherOnTray.exe
-
WebRebates0 - X - WebRebates0.exe
-
WebSavingsfromEbates - X - WebSavingsfromEbatesrun.exe
-
webscan - N - stopsignav.exe
-
WebSecureAlert - X - WebSecureAlert.exe
-
Win Command - X - command32.exe
-
win update - X - wupda32.exe
-
Win32 Configuration - X - dllhelp.exe
-
Win32 exe file - X - winstr32.exe
-
Win32 Explorer - X - Explorer32.exe
-
Win32 Ms Auto Updater - X - AutomsUPD.exe
-
Win32 Services1 - X - wuamngr1.exe
-
Win32 System Spool - X - spoolsvc.exe
-
Win32 USB2 Driver - X - smsc.exe
-
Win32 USB2 Driver - X - svchosting.exe
-
Win32 USB2 Driver - X - sys32.exe
-
Win32 USB2 Driver - X - sys32snd.exe
-
Win32 USB2 Driver - X - win32usb.exe
-
Win32 USB2 Driver - X - wind32.exe
-
Win32 USB2 Driver - X - winupdate.exe
-
Win32 USB2.0 Driver - X - rundll16.exe
-
Win32 USB2.0 Driver - X - w32usb2.exe
-
Win32 Wmls Driver - X - winitr32.exe
-
WIN3S2SNDS - X - winabsmod.exe
-
WIN3S2SNDS - X - winiprtx.exe
-
Winamp media player - X - winapa.exe
-
wind.exe - X - wind.exe
-
WIND0WS - X - WIND0WS.exe
-
windbs - X - winxtc.exe
-
windllsys32.exe - X - windllsys32.exe
-
Window Monitor - X - winmon32.exe
-
Windows backup - X - systemss.exe
-
Windows Compliant - X - (random filename)
-
Windows Config - X - SSYS.EXE
-
Windows Debugger - X - windbg.exe
-
Windows DNS Daemon - X - windnsd.exe
-
Windows Driver Services - X - msdrvs32.exe
-
Windows Help Service - X - winhelpsv.exe
-
Windows Host Device - X - hostsvc.exe
-
Windows HTML file reader - X - Sysconf32.exe
-
Windows JavaScript Daemon - X - Winjsd.exe
-
Windows Login - X - explored.exe
-
Windows Monitor - X - winmon.exe
-
Windows Nivedia Driver - X - sysMGT.exe
-
Windows NT Login - X - ntlogin32.exe
-
Windows OEM Tools - X - winres32.exe
-
Windows Registry - X - msnmsg.exe
-
Windows Registry Cleaner - X - winclean.exe
-
Windows Registry Scan - X - regscan32.exe
-
Windows Registry Startup - X - wind32.exe
-
Windows secure - X - setver32.exe
-
Windows Sound Driver - X - SndMon32.exe
-
Windows Sound Manager - X - SndMon32.exe
-
Windows SSL File - X - winssv.exe
-
Windows Startup - X - services21.exe
-
Windows Startup 32 Bits - X - sysrun32.exe
-
Windows System Configuration - X - SYSCFG16.EXE
-
Windows System Manager - X - winsystem.exe
-
Windows System Tray - X - swhost.exe
-
Windows Telnet Server - X - wintel.exe
-
Windows Update - X - inetinf.exe
-
Windows Update Checker - X - (random filename)
-
Windows update config - X - svhost.exe
-
Windows Update Process - X - wmiprvsc.exe
-
Windows Update Service - X - csrs.exe
-
Windows Update Service - X - smcg.exe
-
Windows Update Service 2004/2005 - X - systemupdate.exe
-
Windows Update V6 - X - (random filename)
-
Windows Video Acquisition (WVA) - X - wvsvc.exe
-
Windows_Serivce - X - SERVICE.exe
-
Windows32 - X - rundll.exe
-
WindowsRegKey Autoupdate - X - (random filename)
-
WindowsRegKey update - X - (random filename)
-
WindowsRegKey%$ update - X - msi332.exe
-
WindowsRegKeys update - X - winsysi.exe
-
WindUpdates - X - WinUpdt.exe
-
WinFast_Taskbar - U - rundll32.exe wftask.dll, WFDllLoadDefaultSettings
-
winfont - X - winfont.exe
-
WinGuard Pro - U - wgp.exe
-
Winhost - X - win.exe
-
wininet32 - X - wininet32.exe
-
winltmpv - X - winln.exe
-
winphonics7536 - X - vbsystem35.exe setups.exe vb.vb
-
WinProfile - X - sndcfg16.exe
-
Winsock2 driver - X - WINCFG.SCR
-
Winsock2 driver - X - winupdate.exe
-
Winsock32driver - X - sp2XPupdate.exe
-
Winsock32driver - X - win32server.exe
-
Winsock32driver - X - ZoneAlarmPr0.exe
-
Winsock32driver - X - ZoneLockup.exe
-
winsys32 Driver - X - winsys32.exe
-
WinSysAppMon - U - WinSysRM.exe
-
Winsystem - X - winsystem.exe
-
winupdat - X - winupdat.exe
-
winupdate2846 - X - vbsystem35.exe msvbrun.exe
-
Wireless Provider Server - X - wpsvr.exe
-
wm41a398 - X - rundll32.exe [path] wm41a398.dll, EnableRunDLL32
-
WNSC - X - wns*****.exe (* = random char)
-
WNST - X - wns*****.exe (* = random char)
-
wovax - X - wovax.exe
-
WSAConfiguration - X - svchostt.exe
-
WSSAConfiguration - X - wmmon32.exe
-
WTSI - X - wapisvit.exe
-
WTSS - X - wap***.exe (* = random char)
-
WTSS - X - wapicc.exe
-
WTSS - X - wapiit.exe
-
WTSS - X - wapisu.exe
-
WTSS - X - wapisvsu.exe
-
WTST - X - wapisvtr.exe
-
wvsvc - X - wvsvc.exe
-
x3yy - X - (path to trojan)
-
Xcpy1 - X - Xcpy1.exe
-
Xfire - N - Xfire.exe
-
xp service pack 2 - X - xpsp2.exe
-
xp_system - X - services.exe
-
Xtray - X - xtray_link.exe
-
xxxvideo - X - xxxvideo.exe
-
Zen.A - X - (path to trojan)
-
ziphelp - X - ziphelp.exe
-
Zone Alarm - X - vsmon.exe
-
zonealarm - X - (random filename)
-
zSearch - X - Zstb.exe
Changed items
- 40
- AOL Messenger - X - (random filename)
-
AolAcsDaemon1 - Y - Acsd.exe
-
auxAudioDevice - X - aux32.exe
-
CashBack - X - cashback.exe
-
ClickTheButton - X - CTB.exe
-
Configuration Loader - X - msgfix.exe
-
ContentDownload - X - rundll32.exe MSA64CHK.dll, DllMostrar
-
Cryptographic Service - X - ******.exe (* = random char)
-
D4 - U - D4.exe
-
DAupdate - X - DAupdate.exe
-
Dell AIO Printer A*** - N - dlbabmgr.exe
-
Dimension4 - U - d4.exe
-
EbatesMoeMoneyMaker - X - wjview ...Code
-
editpad - X - editpad.exe
-
EnigmaPopupStop - N - EnigmaPopupStop.exe
-
Free Download Manager - N - fdm.exe
-
FreeMP3download - X - rundll32.exe MSA64CHK.dll, DllMostrar
-
ICQ Center - X - (path to worm)
-
ICQ Lite Messenger - X - (random filename)
-
Microsoft Gina V Encryption - X - MSGINAV.EXE
-
Microsoft Greetings Reminders - N - MHPRMIND.EXE
-
msnappau - ? - msnappau.exe
-
NaviSearch - X - nls.exe
-
NDrv - X - NDrv.exe
-
netpc32.exe - X - netpc32.exe
-
OSS - X - ossproxy.exe
-
PartSeal - U - PartSeal.exe
-
PCDRealtime - N - realtime.exe
-
Print Spooler - X - spools.exe
-
Search-Exe - X - se.exe
-
SESync - X - sed.exe
-
SNDmon - U - SNDmon.exe
-
Spyware Begone - N - SpywareBeGone.exe
-
SpyHunter - N - SpyHunter.exe
-
SSC_UserPrompt - ? - UsrPrmpt.exe
-
Symantec NetDriver Monitor - U - SNDMon.exe
-
taskmgr - X - taskmgr.exe
-
VAIO Recovery - U - PartSeal.exe
-
vTTIMER - U - VTTIMER.EXE
-
Win32 USB2.0 Driver - X - 386.exe
All CoolWebSearch links replaced