| Name | Status | Filename | Description |
|---|
| M-Audio CMIDI Installer (MA_CMIDI_InstallerService) | L | MA_CMIDI_Inst.exe | Related to M-Audio_CMIDI Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio MA_CMIDI\ |
M-Audio Fast Track Installer
(FastTrackInstallerService) | L | MAUSBFTInst.exe | Related to M-Audio_Fast_Track Installer from Avid Technology, inc. Note: Located in C:\Program Files\M-Audio\Fast Track USB\ |
M-Audio Fast Track Pro Installer
(MAudioFAstTrackProService) | L | MAUSBFTPInst.exe | Related to M-Audio_Fast_Track Pro Installer from Avid Technology inc. Note: Located in \%Program Files%\M-Audio\Fast Track Pro\ |
| M-Audio Ozone Installer (OzoneInstallerService) | L | ozinst.exe | Related to M-Audio_Ozone products. Note: Located in C:\Program Files\M-Audio\Ozone\Install\ |
| M-Audio Producer USB Installer (MAudioProducerService) | L | MAUSBProducerInst.exe | Related to M-Audio_Producer_USB Installer from Avid Technology, Inc. Note: Located in \%Program Files%\M-Audio\Producer USB\ |
| M-BUS/M-NET Administration (MCONTROL) | L | mcontrol.exe | Related to Siemens Energy & Automation Platform. Note: located in C:\Program Files\ProcessSuite\MBUSDRVR\ |
| M1 Licensing Helper (iLicenseSvc) | L | iLicenseSvc.exe | Related to Related to GE_Fanuc_Automation enable you to act in real-time to optimize productivity and increase profitability. Note: located in C:\WINDOWS\Intellution\ |
| M1crosoft Agant | X | qhotsew.exe | Added by a variant of the Backdoor.Sdbot Note: Located in \%WINDIR%\System32\dllcache\ |
| mac128 | X | mac128.sys | Added by the Troj/Klutz-A
Trojan!
|
| MacFormatService | L | FORMATM.EXE | Related to Conversions Plus from DataViz |
| Machine Debug Manager (Machine_Dbg-Mgr) | X | mdm.exe | Added by a variant of the SdBot.aad family of worms and IRC backdoor Trojans. Note: This trojan is located in C:\WINDOWS\AppPatch\ |
| Machine Debug Manager (MCH_Debug) | X | mdm.exe | Detected as Backdoor.Win32.SdBot.aad by Kapersky
Note: Located in C:\WINDOWS\Resources |
| Machine Debug Manager (MDM) | L | mdm.exe | Visual studio debuger, if you install vs2003, mdm.exe is found in c:/program files/common files/microsoft shared/vs7debug
For more info Click_Here
|
| Macro Scheduler Service (mschedsvc) | L | msschedsvc.exe | Related to Macro_Scheduler from MJT Net Ltd. Save time and increase productivity by automating frequent tasks. |
| Macromedia Licensing Service | L | Macromedia Licensing.exe | Related to Macromedia products: Flash, Dreamweaver, etc. |
| Macromedia Updater (mmupdate) | X | 19D.tmp".exe | Added by a variant of the Win32.Small.oa TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\TEMP\
The filename is randum in the format xxxx.tmp".exe |
| Madentec Discover Monitor | L | MadResServ.exe | Related to Madentec_Discover Monitor from Madentec Limited. Note: Located in \%Program Files%\Madentec Limited\Discover\Services\ |
| Madentec USB | L | MadWinServ.exe | Related to Madentec_USB discover service. Note: Located in \%Program Files%\Madentec Limited\Discover\Services\ |
| MagicTuneEngine | L | MagicTuneEngine.exe | Related to MagicTune_Engine from Samsung. Magic Tune Premium is an update of MagicTune 3.6 for Samsung monitors. Note: Located in C:\Program Files\MagicTune Premium\ |
| Mailgate Mail/Proxy Service | L | mgatesvc.exe | Mailgate Internet Connectivity Server |
| MailList Controller | L | amlcSVC.exe | Related to MailList Controller from arclab.com Note: Located in \%Program Files%\Arclab\MailList Controller\ |
| Manageer Network Connections | X | telcmd.exe | BAD - Look how manager is spelled. |
| Manageer Network Connections (Kern32) | X | telcmd.exe | A new service added by the Troj/Agent-CP TROJAN, with a display name of Manageer Network Connections. |
| Management Consultants (CLMCs) | X | clmcs.exe | Added by a variant of the Backdoor.Sdbot Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Management System (XSML) | X | sxml.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Manager (Windows XP Manager) | X | msnmgr.exe | Added by the W32/Kassbot-L Read the link, rootkit type stealth involved. |
Managing FAT and NTFS partitions (Defragmentation
Manage) | X | dfrgfat16.exe | Added by the W32/Codbot-N
WORM!
|
| Mangomind Drive Repair (MindRepair) | L | dirtcon.exe | Related to Mangomind access your business critical files from anywhere, at any time, from any computer. Note: Located in C:\Program Files\Mango\Mind\Utilities\ |
| MarkVision Server (MvServer) | L | lexmvservice.exe | Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\ |
| MarkVision Web Server (MvWebServer) | L | lexwebservice.exe | Related to MarkVison_Server From Lexmar. Note: Located in C:\WINDOWS\SYSTEM32\ |
| Marvell RAID Event Agent (Marvell RAID) | L | mvraidsvc.exe | Related to Marvell_RAID Event Agent. Note: Located in \%Program Files%\Marvell\61xx\svc\ |
| Mass Effect(TM) Xbox 360 | X | mfxbox.exe | W32/Spybot-MS Read the link, allows remote access |
| Mass Effect™ Xbox 360 | X | mfxbox.exe | Added by the W32/Spybot-MS WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling the automatic startup of other software |
| MATLAB Server (matlabserver) | L | matlabserver.exe | Related to The MathWorks Inc. |
| MaxBackServiceInt | L | MaxBackServiceInt.exe | Related to Maxtor_backup service. Note: Located in C:\Program\Maxtor\Maxtor Backup\ |
| MaxSyncService (NTService1) | L | SyncServices.exe | Related to Maxtor_OneTouch service. Note: Located in C:\Program\Maxtor\OneTouch\Utils\ |
| Maxtor Performance Analysis Tool | X | winrcn.exe | Troj/IRCBot-VY Read the link, allows remote access |
| Maya 6 PLE Documentation Server | L | wrapper.exe | Related to Alias Systems Corp. |
| Maya 7.0 Documentation Server (maya70docserver) | L | wrapper.exe | Related to Maya |
| MBackMonitor | L | MBackMonitor.exe | Mcafee related |
| MBAMService | L | mbamservice.exe | Malwarebytes'_Anti-Malware |
| MC/Empower i.collect Service (iCollectService) | L | icserv.exe | an internet cleaning utility issued by various ISP's for their customers use |
| McAfee Agent | L | myAgtSvc.exe | Related to Network Associates, Inc. |
| McAfee Alert Manager (AlertManager) | L | amgrsrvc.exe | Related to McAfee_Alert_Manager , http://www.mcafee.com/ deals with alert management. Note: Located in C:\Program Files\Network Associates\Alert Manager\ |
McAfee AntiSpyware Real-Time Scanner
(McAfeeAntiSpyware) | L | Msssrv.exe | Related to Network Associates, Inc. |
| McAfee AntiSpyware Service | L | massrv.exe | Related to McAfee AntiSpyware service. |
| McAfee Application Installer Cleanup | ? | 012703~1.EXE | Appears to be related to a mcafee uninstaller, if it is still present after a reboot, it should be removed |
| McAfee Desktop Firewall Service (FireSvc) | L | FireSvc.exe | Related to McAfee Desktop Firewall Service. Note: located in C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\ |
| McAfee E-mail Proxy (Emproxy) | L | emproxy.exe | Related to McAfee_Email_Proxy c:\program files\common files\mcafee\EmProxy\ |
| McAfee Firewall | L | CPD.EXE | Related to Network Associates |
| McAfee Framework Service (McAfeeFramework) | L | FrameworkService.exe | McAfee/CA related |
| McAfee HackerWatch Service | L | HWAPI.exe | Related to McAfee_HackerWach Service installed by the McAfee Internet Security suite and whose role is to update the HackerWatch.org website with any suspected hacker attack which you decide to report to the HackerWatch service run by McAfee. Down to end-user preference. Note, however, that this service, introduced in mid-2006, has a tendency to gobble up memory on some PCs, from 30Mb to 50Mb. Read the recommandations. Note: Located in C:\Program Files\Common Files\McAfee\HackerWatch\ |
| McAfee Internet security suite | X | Avsynmgr.exe | W32/Tilebot-KC
Note: Located in C:\Windows
Turns off anti-virus applications, Allows others to access the computer. Read the link |
| McAfee Log Manager (McLogManagerService) | L | mclogsrv.exe | Related to McAfee_SecurityCenter Log Manager. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee McShield (McShield) | L | mcshield.exe | Related to McAfee_Virus_Shield Note: Located in \%Program Files%\McAfee\VirusScan Enterprise\ |
| McAfee Network Agent (McNASvc) | L | mcnasvc.exe | Related to McAfee_Network_Agent Note: Located in c:\program files\common files\mcafee\mna\ |
| McAfee Personal Firewall Service (MpfService) | L | MPFSrv.exe | Related to McAfee_Personal_Firewall Service. Note: Located in C:\Program Files\McAfee\MPF\ |
| McAfee Personal Firewall Service (MpfService) | L | MPFSERVICE.exe | Related to McAfee.com Personal Firewall. Note: Located in \%Program Files%\McAfee.com\PERSON~1\ |
| McAfee Privacy Service (GuardDogEXE) | L | GUARDDOG.EXE | Belongs to the software McAfee Internet Security or McAfee Privacy Service. For more information Click_Here
|
| McAfee Privacy Service (MPS9) | L | mps.exe | Related to McAfee_Privacy_Service Includes many features for families online including Internet content filtering, blocking personal information from being sent, an event log, and Internet time limits. Note: Located in C:\Program Files\McAfee\MPS\ |
| McAfee Protection Manager (mcpromgr) | L | mcpromgr.exe | Related to McAfee_Integrated_Security Platform. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Proxy Service (McProxy) | L | mcproxy.exe | Related to McAfee Proxy Service Note: Located in c:\Program Files\COMMON~1\mcafee\mcproxy\ |
| McAfee Real-time Scanner (McShield) | L | mcshield.exe | Related to McAfee_Virus_Shield Note: Located in C:\Program Files\McAfee\VIRUSSCAN\ |
| McAfee Redirector Service (McRedirector) | L | redirsvc.exe | Related to McAfee_Redirector Service Module. Note: Located in c:\program files\common files\mcafee\redirsvc\ |
| McAfee Scanner (McODS) | L | mcods.exe | Related to McAfee_VirusScan On Demand Scan. Note: Located in C:\Program Files\McAfee\VIRUSSCAN\ |
| McAfee Security Agent Taskbar Extension. | X | Mctray.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| McAfee SecurityCenter Update Manager | L | mcupdmgr.exe | McAfee Antivirus updater |
| McAfee SecurityCenter Update Manager (mcupdmgr.exe) | L | mcupdmgr.exe | McAfee Update manager - http://castlecops.com/s5681-MCUPDMGR_EXE.html |
| McAfee Services (mcmscsvc) | L | mcmscsvc.exe | Related to mcafee |
| McAfee SpamKiller Server (MskService) | L | MSKSrvr.exe | Part of McAfee Spamkiller. http://computercops.biz/s6154-MSKSrvr_exe.html |
| McAfee SpamKiller Service (MSK80Service) | L | MskSrver.exe | Related to McAfee SpamKiller Note: Located in C:\Program Files\McAfee\MSK\ |
| McAfee SystemGuards (McSysmon) | L | mcsysmon.exe | Related to McAfee_SystemGuards Service. Note: Located in C:\Program Files\McAfee\VIRUSSCAN\ |
| McAfee Task Manager (McTaskManager) | L | VsTskMgr.exe | Related to Network Associates Virus protection software. Previously known as McAfee. |
| McAfee Task Scheduler (McTskshd.exe) | L | mctskshd.exe | Related to McAfee_Task_Scheduler Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Update Manager (mcmispupdmgr) | L | mcupdmgr.exe | Related to McAfee_SecurityCenter Update Manager. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee User Manager (mcusrmgr) | L | mcusrmgr.exe | Related to McAfee_SecurityCenter MISP User Manager. Note: Located in C:\Program Files\McAfee\MSC\ |
| McAfee Wireless Network Security Service (MWLSvc) | L | MwlSvc.exe | Related to McAfee_Wireless_Security_Service, http://www.fileresearchcenter.com/M/MWLSVC.EXE-6002.html Note: Located in \%Program Files%\Mcafee\MWL\MwlSvc.exe |
| McAfee Wireless Security Service (MwlSvc) | L | MwlSvc.exe | Related to McAfee_Wireless_Security_Service Note: located in C:\PROGRA~1\McAfee\MWL\ |
| McAfee WSC Integration (McDetect.exe) | L | mcdetect.exe | Related to McAfee WSC Integration. |
| McAfee.com McShield (McShield) | L | mcshield.exe | Related to McAfee |
| McAfee.com Personal Firewall Service | L | MPFSERVICE.exe | Related to McAfee.com Personal Firewall |
| McAfee.com VirusScan Online Realtime Engine (MCVSRte) | L | mcvsrte.exe | McAfee AntiVirus |
| McciCMService | L | McciCMService.exe | Related to McciCMService from Motive Communications. Note: Located in \%Program Files%\Common Files\Motive\ |
| MCFservice (mcfdrv) | X | mcfdrv.sys | Added by the TROJ_ROOTKIT.R
TROJAN!
Read the link, rootkit type stealth involved.
|
| mchInjDrv | X | mc2A.tmp | Added by the Dialer.ICcontrol
DIALER!
Note: This malware can make the modem dials long-distance phone numbers that were not configured in the system.
This malware file can be found in the Documents and Settings\[CURRENT USER]\Local Settings\Temp folder. |
| mcmmng32 (Microsoft Control Manager) | X | mcmmng32.exe | Added by the W32/Tilebot-HK WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software |
| mcp | L | mcp.exe | Transbase® CD, http://www.transaction.de/
permits the distribution of data base contents on CD/DVD ROM and a following actualization of the data over the Web to Transbase® CD unites in ideal way variable and static data.
Note: Located in c:\opt\MBCASE\pm\bin\mcp
|
| McShield | L | mcshield.exe | Related to McAfee_Virus_Shield Note: Located in \%Program Files%\Common Files\Network Associates\McShield\ |
| MD Simple Burner DB Access Service (mdrcdb) | L | mdrcdb.exe | Sony Corp. MiniDisk Simple Burner |
| MD Simple Burner Service (NetMDSB) | L | NetMDSB.exe | Sony Corp. MiniDisk Simple Burner |
| MDaemon - Alt-N Technologies, Ltd. | L | MDAEMON.EXE | Related to MDaemon,a Windows-based email server. |
| MdeRy | X | rpe.sys | Added by the Backdoor.Ryejet
TROJAN!
Read the link, rootkit type stealth involved.
|
| MEAOI Service (MEAOI) | X | _meaoi.exe | Added by the W32/Tilebot-AM
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Media Center Receiver Service (ehRecvr) | L | ehRecvr.exe | Related to Media_Center_Receiver Service from Microsoft. Note: Located in \%ROOT%\%WINDIR%\eHome\ |
| media playr (mediaply) | X | mediaply32.exe | Added by a variant of the IRCbot family of worms and IRC backdoors. Note: located in C:\%WINDIR%\ |
| Mediabee (Mediabee Desktop Server) | L | MbXmlRpcServer.exe | Related to Mediabee Group Planner & Dashboard |
| MediaMall Server | L | MediaMallServer.exe | Related to MediaMall Server. Access to Internet video services, delivered over broadband to the Entertainment System. Note: Located in \%Program Files%\MediaMall\ |
| MediaMax XL Service (MediaMaxXLService) | L | MediaMaxXLService.exe | Related to MediaMax_XL from Streamload, Inc. An application that automatically backs up your files and syncs files between computers. Note: Located in C:\Program Files\Streamload\MediaMax XL\ |
| Medie Sariel Number Services | X | moviemk.exe | Added by the Troj/DownLd-AAP TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| MemDRV (vdnt32) | X | vdnt32.sys | Added by the Troj/Haxdoor-AA
TROJAN!
|
| Memeo (BMUService) | L | MemeoService.exe | Related to Memeo backup service. Note: Located in C:\Program Files\Tanagra\Memeo\ |
| Memorex Network Analysis Tool | X | winsntp.exe | Added by the W32/Vanebot-AT WORM! Note: This worm is located in C:\%WINDIR%\dllcache\ |
| Memory Check Service (AcerMemUsageCheckService) | L | MemCheck.exe | Found on Acer laptops |
mental ray 3.5 Satellite (32-bit)
(mi-raysat_3dsmax9_32) | L | raysat_3dsmax9_32server.exe | Related to Autodesk_3ds_Max_9_3D_animation Create rich and complex design visualization. Note: Located in D:\3dsMax9\mentalray\satellite\ |
mental ray 3.5 Satellite (64-bit)
(mi-raysat_3dsmax9_64) | L | raysat_3dsmax9_64server.exe | Related to Autodesk_3ds_Max_9_3D_animation Create rich and complex design visualization. Note: Located in \%Program Files%\Autodesk\3ds Max 9\mentalray\satellite\ |
mental ray 3.5 Satellite for Autodesk VIZ 2008
(mi-raysat_VIZ2008_32) | L | raysat_VIZ2008_32server.exe | Related to Autodesk on line game. Note: Located in \%Program Files%\Autodesk\VIZ2008\mentalray\satellite\ |
mental ray 3.6 Satellite for Autodesk 3ds Max 2008
32-bit 32-bit (mi-raysat_3dsMax2008_32) | L | raysat_3dsMax2008_32server.exe | Related to Autodesk on line game. Note: Located in \%Program Files%\Autodesk\VIZ2008\mentalray\satellite\ |
| Merak GroupWare Server (MerakCalendar) | L | calendar.exe | Related to Merak_GroupWare from Merak. Note: Located in \%Program Files%\Merak\ |
| Merak Instant Messaging Server (MerakIM) | L | im.exe | Related to Instant_Messaging from Merak. Note: Located in \%Program Files%\Merak\ |
| Merak Mail Server Control (MerakControl) | L | control.exe | Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux |
| Merak Mail Server POP3/IMAP (MerakPOP3) | L | pop3.exe | Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux |
| Merak Mail Server SMTP (MerakSMTP) | L | smtp.exe | Related to Merak_Mail_Server Software. A high performance mail server software suite for Windows or Linux |
| MERANT XDB Server for NX 3.1 | L | xsrvnx.exe | Related to SERENA Software, Inc. - http://www.serena.com/ |
| Mespanger | X | svchost.exe | Added by a variant of the Trojan-Downloader.Win32.Delf.asz Trojan. Note: Located in \%ROOT%\Recyclers\ This infection should not be confused with the legitimate Note: \%WINDIR%\System32\svchost.exe file. |
| Messaging Application Programming Interface (Mapi) | X | mapi.exe | Added by the W32/Sdbot-DFC Worm Read the link, allows remote access |
| Messander | X | svchost.exe | Added by a variant of the Trojan-Downloader.Win32.Delf.asz Trojan. Note: Located in \%ROOT%\Recyclers\ ,or \%ROOT%\Recyclers\. This infection should not be confused with the legitimate Note: \%WINDIR%\System32\svchost.exe file. |
| Messanger | X | svchost.exe | Added by a variant of the Trojan-Downloader.Win32.Delf.asz Trojan. Note: Located in \%ROOT%\Recyclers\ This infection should not be confused with the legitimate Note: \%WINDIR%\System32\svchost.exe file. |
| Messenger | X | svchost.exe -k Messenger | Added by the Fuwudoor TROJAN! |
| Messenger | X | kernel32.exe | Added by the Troj/Kyth-A
TROJAN!
Note: Replaces any existing services named Messenger. |
| Messenger | X | sys.exe | Added by the Troj/PcClient-H
TROJAN!
Note: This worm\trojan file is found in the System32 folder. |
| Messenger | X | KB08953265.exe | Added by the Esteems.F
TROJAN!
Note: Drops multiple files. |
| Messenger (Messenger) | X | (TROJAN FILE NAME) | Added by the Trojan.Neasemal
TROJAN!
Note: This trojan file will be found in the System32 folder and may have one of the following file extensions: .kop or .del or .axs
|
| Messenger (Messenger) | X | hacker.exe | Added by the Troj/PcClient-M
TROJAN!
Note: This trojan file is found in the System32 and Temp folders.
|
| Messenger Accelerator (Accelerator Tools) | X | mdn.exe | Troj/Bifrose-UV
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
Messenger Sharing Folders USN Journal Reader service
(usnjsvc) | L | usnsvc.exe | Related to Messenger_Sharing_Folders_USN_Journal Reader service from Microsoft. Note: Located in C:\Program Files\MSN Messenger\ |
| Messenger Sharing USN Journal Service | X | usnsv.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Messssanger | X | svchost.exe | Added by a variant of the Trojan-Downloader.Win32.Delf.asz Trojan. Note: Located in \%ROOT%\Recyclers\ This infection should not be confused with the legitimate Note: \%WINDIR%\System32\svchost.exe file. |
| MetaFrame COM Server (MFCom) | L | mfcom.exe | Related to Citrix MetaFrame |
| MFA Security Services (MFASec) | L | mfasvc.exe | Related to Sentry_At_Home Parental Controls software. Note: Located in \%WINDIR%\System32\ |
| MGABGEXE | L | mgabg.exe | Matrox BIOS Guard. What does it do and is it required? |
| MGACtrl | L | mgasc.exe | Related to products from Matrox graphics |
| MgiSvr | L | uMgiSvr.exe | Related to Magic-i from ArcSoft A powerful webcam application designed to enhance users' video chat experience. Note: Located in C:\Program Files\ArcSoft\Magic-i 3\ |
| Micr0s0ft Agent | X | sxch0st.exe | Added by a variant of the Worm.RBot.UTA family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\dllcache\ |
| MICR0SOFT SVCH0ST (MS_SVCH0ST) | X | SVCH0ST.EXE | Detected by BitDefender as Trojan.Spy.Agent.PV |
| Microsoft Agent | X | rschost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K) |
| Microsoft Agent | X | snchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) More: here |
| Microsoft Agent | X | ffchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: Located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | lpohost.exe | Added by the W32/Sdbot-CWQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | qxchost.exe | Added by the W32/Sdbot-CWP WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | lkmhost.exe | W32/Vanebot-AD Note: Located in %windir%\system32\dllcache Read the link, allows remote access |
| Microsoft Agent | X | xnchost.exe | Added by an unidentified TROJAN! of the Sdbot family. |
| Microsoft Agent | X | ppchost.exe | Added by a variant of the W32/Sdbot-CYE WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Agent | X | suchost.exe | W32/Sdbot-DDD Read the link, allows remote access |
| Microsoft Agent | X | cvchost.exe | W32/Sdbot-DFH Read the link, allows remote access |
| Microsoft AntiSpyware (Beta 1) | L | gcasDtServ.exe | Microsoft AntiSpyware Data Service
|
| Microsoft AntiSpyware (Beta 1) | L | gcasServ.exe | Microsoft AntiSpyware Service
|
| Microsoft AntiSpyware (Beta 1) | L | GIANTAntiSpywareMain.exe | Microsoft AntiSpyware Main
|
| Microsoft Apache for Windows (Windows Apache Service) | X | wpablin.exe | Added by the W32/Tilebot-IL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Microsoft ASPI Manager (aspi113210) | X | aspi113210.exe | Added by the Troj/Danmec-T TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Modify the hosts file, Terminate AV related processes and services, Steal information. Read the article. Filename is partly random (aspinnnnnn.exe) n representing a number. |
| Microsoft ASPI Manager (aspimgr) | X | aspimgr.exe | Detected as Backdoor.Win32.Agent.aju by Kaspersky |
| Microsoft authenticate service (MsaSvc) | X | msasvc.exe | Added by Worm_Ircbot_Gen Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Bluetooth Support (BthSupp) | X | bthsupp.exe | Added by the W32/Btbot-A
WORM!
|
| Microsoft cache control (MSControlService) | X | windows | Detected by NOD32 as Win32/Adware.SecToolbar application Note: Located in %windir%\System32 |
| Microsoft Client Agent Service (Microsoft Client Agent) | X | msclient.exe | Added by the W32/Tilebot-BP
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Microsoft Config (mscfg) | X | dczznet.exe | Added by the W32/Rbot-ARK
WORM! Note: This is not the legitimate Windows process Msconfig.exe (Which is found in the System or System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Microsoft Corporation | X | systemi32.exe | Variant of the W32.SPYBOT WORM |
| Microsoft Corporation | X | utorrent.exe | Added by a variant of the Backdoor.Win32.Bifrose.la TROJAN! Note: This trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Microsoft Corporation (Windows Wordpad) | X | wordpad.exe | Added by the W32/Tilebot-GL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ This is not Microsoft's wordpad.exe. To make sure check the properties of the file. |
| Microsoft Coyshader Runtime | X | serv32.exe | Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool |
| Microsoft Coyshader Runtime | X | service.exe | Added by the W32/Rbot-GHJ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Install a rookit. rdriv.sys run a rootkit removal tool |
| Microsoft CTF Loader | L | ctfmon.exe | CTF Loader
|
| Microsoft DHCPA Service | X | mshcp.exe | Added by the W32/Rbot-FNA WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Digital Identity Service (InfoCard Service) | L | infocard.exe | Related to Microsoft_NET_Framework .NET Framework is a development and execution environment that allows different programming languages & libraries to work together seamlessly to create Windows-based applications. |
| Microsoft Dir32 | X | Dirhost.com | W32/IRCBot-YC
Note:Located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Steals information, allows remote access, read the link |
| Microsoft Display Service | X | msds.exe | Troj/Spybot-NZ
Note: Note:Located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32\dllcache (XP/WinNT/2K)
Allows others to access the computer |
| Microsoft Distributed Transaction (MSDT) | X | msdt.exe | Added by the W32/Tilebot-BQ
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Microsoft DLL System | X | smsc.exe | Added by the W32/Tilebot-FY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Genuine Advantage | X | winmga.exe | Reported as Backdoor.Win32.VanBot.dk
Note: Located in \%WINDIR%\system32\dllcache (XP/WinNT/2K) |
| Microsoft Genuine Update Advantage | X | mswan.exe | Identified as a variant of the Backdoor.Win32.VanBot.dk worm. Note: Located in \%WINDIR%\System32\dllcache\ |
| Microsoft HDA Protocol (svhda) | X | svhda.exe | aDEED BY THE Backdoor.Win32.IRCBot.rr as detected by Kaspersky TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft IE | X | IEXPLORE.EXE | Added by the W32/Forbot-AG WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: This is not the legitimate Windows Process. (Which is found in the C:\Program Files\Internet Explorer\ folder.) This worm\trojan file is found in the C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 |
| Microsoft IIS helper | X | msiishlp.exe | Added by the Backdoor.Isen.Rootkit
TROJAN!
Read the link, rootkit type stealth involved.
|
| Microsoft Inet Service | X | _svchost.exe | Added by the Troj/Dwnldr-GYS Trojan! Note: Located in \%WINDIR%\System32\ This infection should not be confused with the legitimate \%WINDIR%\System32\svchost.exe file. |
| Microsoft information dll service (msidll) | X | msidll.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Microsoft Internet Explorer | X | iexplore.exe | W32/Tilebot-JS Read the link, allows remote access |
Microsoft Internet Information Services kernel mode
driver | X | msiisdrv.exe | Added by the Backdoor.Isen.Rootkit
TROJAN!
Read the link, rootkit type stealth involved.
|
| Microsoft Java Service (Windows Java Service) | X | jusched.exe | Added by an unidentified TROJAN! Note: This trojan is located in C:\%WINDIR%\ |
| Microsoft Language Service (Windows Language Service) | X | alg.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| Microsoft Loading Service | X | files.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\ Note: Use SDFix under supervision. |
| Microsoft Loading Service | X | loader.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft Loading Service | X | msdates.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft Logitech WLAN | X | mslw.exe | Added by a variant of the Win32/IRCBot.UG Note: Located in \%WINDIR%\System32\dllcache Note: Use SDFix under supervision. |
| Microsoft Logon Service | X | mslogon.exe | Added by the W32.Woredbot.C TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Logon User Interface Skining (LogonUInterf) | X | logonui.exe | Detected by Ewido as Backdoor.SdBot.aad. This worm file is found in the Windows or Winnt folder.
|
| Microsoft Main Window Service | X | mainwin32.exe | Added by the W32/Spybot-MR WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection |
| Microsoft Media | X | rtsecas.exe | W32/Rbot-KPH Read the link, allows remote access |
| Microsoft Media | X | Rtsecar.exe | W32/Vanebot-AX Read the link, allows remote access |
| MicroSoft Media Tools | X | MSMEDIA.EXE | Added by the SDBOT.CUH
WORM!
Note: This worm file is found in the System32 folder. (NT/2000/XP)
Read the link, rootkit type stealth involved.
|
| MicroSoft Media Tools (MicroSoft Media Tools) | X | MSmedia.exe | Added by the W32/Tilebot-BC
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Microsoft MSI Service | X | msi.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Name Server | X | nssrv.exe | W32/Tilebot-EK Read the link, allows remote access |
| Microsoft Net API (NETAPI) | X | msapi.exe | Added by the W32/Tilebot-HJ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft NetWork FireWall Services | X | Net_Services.exe | http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html |
| Microsoft NetWork FireWall Services | X | NetServices.exe | http://www.sophos.com/virusinfo/analyses/w32lovgateaa.html |
| Microsoft Network RPC | X | msnetrpc.exe | Related to the Troj/Isen-B |
| Microsoft Networks DN (msndn) | X | msndn.exe | Added by the Backdoor.SdBot.AQZ, A.K.A. Ircbot_Gen
WORM! Allows a remote intruder to gain access and control over the computer. |
| Microsoft New Game 2 (svehost32) | X | svehost32.exe | Added by the W32/Tilebot-I
TROJAN!
Read the link, rootkit type stealth involved.
|
| Microsoft Null Development Monitor (msdevnull) | X | msdevnull.exe | Added by the W32/Rbot-AGE
Worm!
Read the link, rootkit type stealth involved.
|
| Microsoft Passport Network CyberShots | X | cybershots.exe | Added by the W32/Spybot-ND WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). |
| Microsoft Path Finder Service (MSpath) | X | mspath.exe | Added by the W32/Sdbot-AEO
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Microsoft Path Finder Service (mspathfinder) | X | mspathfinder | Added by the W32/Tilebot-AH WORM! Rootkit Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Performance WMI Adapter AddOn (WMIPervAddOn) | X | wmiapsv.exe | Added by the Backdoor.Win32.SdBot.aad TROJAN! Reported by Kaspersky More Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft Print Spooler (WINDRIVER) | X | scvhost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft proxysys (proxysys) | X | proxysys.exe | W32/Tilebot-JC Read the link, allows remote access |
| Microsoft PS Service | X | _svchost.exe | Identified as a variant of the TrojanDownloader:Win32/Tipikit.A malware. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft register shield | X | Mrshield.exe | Added by a variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ |
| Microsoft Registry Viewer (Dumpreg) | X | DUMPREG.EXE | Added by the SDBOT.BXI
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft RPC API Helper (Random Letters) | X | (Random FileName).sys | Troj/Conhook-AG
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K)
Installs multiple services. Read Link |
| Microsoft Sata emulation (mside) | X | mside.exe | Added by the Worm.Opanki.BK WORM! Note: This worm\trojan is located in C:\%WINDIR%\SYSTEM\ Read the technical details |
| Microsoft SCC Host Protocol (POOLSVR) | X | poolsv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft SCC Host Protocol (TaskMGM) | X | taskmg.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft sdk core (sdk) | X | lsass.exe | Added by the Troj/IRCBot-PF TROJAN! Note: Located in C:\%WINDIR%\ |
| Microsoft Security Login Service | X | mssecure32.exe | Added by the W32/Vanebot-R WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) Attempts to terminate a number of processes related to security and anti-virus applications. |
| Microsoft security update service (msupdate) | X | msvcrtd.exe | Related to a variant of the Trojan.Win32.Agent.NCR family. TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Microsoft security update service (msupdate) | X | mssrv32.exe | Troj/Agent-GCE
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (Vista/XP/WinNT/2K) |
| Microsoft Service Manager (winmdgr) | X | winsvcmgr.exe | Added by the W32/Rbot-AAD
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft SQL Server Debug (sql) | X | sqldebug.exe | Added by the W32/Tilebot-FF WORM! Note: Located in C:\%WINDIR%\ |
| Microsoft SSL (ssl) | X | ssl.exe | Added by the W32.Esbot.C
WORM! Note: This Worm\Trojan file is found in the System32 folder and has nothing to do with the (Secure Socket Layer) |
| Microsoft Star Window Service | X | starwin32.exe | Added by the W32/Rbot-FNT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) |
| Microsoft Star Window Service | X | svcshoter.exe | Added by the WORM_SDBOT.ANK WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32]dllcache (XP/WinNT/2K) provides the remote user virtual control over the affected system, thus compromising system security. |
| Microsoft Star Window Service | X | starwksvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) |
| Microsoft Startup Manager. (Microsoft Startup Manager) | X | msput.exe | Added by the W32/Sdbot-BAY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Svc Services Dispatcher | X | svcsrv.ldr | unknown malware |
| Microsoft Terminal Service | X | msterminal.exe | Added by the W32/Sdbot-CPZ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\DllCache\ (XP/WinNT/2K) |
| Microsoft TG Mannager | X | mtgm.exe | Added by the WORM_SDBOT.EMT WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access |
| Microsoft Translation Service (MTServ) | X | mtserv.exe | Added by the W32/Rbot-GAL WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Updata ver2005 (Microsoft Updata ver2005) | X | tw725.exe | Added by the Troj/Feutel-P
TROJAN!
|
| Microsoft Update | X | SCVVC.exe | Added by a variant of the W32/Malware Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft update (msnupdate) | X | windupdate.exe | Added by the SDBOT.CGV
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft update Service | X | msiupdate32.exe | Added by the W32/Vanebot-S WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). Attempts to terminate a number of processes related to security and anti-virus applications |
| Microsoft usnsvc Service | X | usnsvc.exe | Added by a variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ |
| Microsoft Validation Service | X | mvsr32.exe | Detected as Backdoor.SdBot.bem by AVG-antispyware |
| Microsoft Validation Service | X | wmiprsv.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ |
Microsoft Virtual Private Network (MS Virtual Private
Network) | X | MSVPN32.exe | Added by the W32/Rbot-AIO
WORM!
|
| Microsoft Vista Updater System | X | nvcsc23.exe | Added by a variant of the BACKDOOR.IRC.BOT Note: This worm\trojan is located in \%WINDIR%\ |
| Microsoft Visual Studio (W32MVS) | X | w32mvs.exe | Identified by VBA32 as a variant of the Backdoor.Win32.Agent.cjo malware. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft VPS Service | X | msvps.exe | Added by the W32/Rbot-FNI WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software |
| Microsoft Webserver (Microsoft Webserver) | X | Microsoft Webserver.exe | Added by the Troj/Hupigon-FU
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder.
|
| Microsoft Windows (Microsoft Windows) | X | system.exe | Added by the W32/Rbot-AMQ
WORM! Note: This worm file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved.
|
| Microsoft Windows Avantage Service (Windows Avantage) | X | avantage32.exe | Added by the W32/Tilebot-HE WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disables the automatic startup of other software. |
| Microsoft Windows BDA Service | X | svhba.exe | Added by the W32/Vanebot-P WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software |
| Microsoft Windows DMR Service (Windows DMR Service) | X | dmrproc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ More here |
| Microsoft windows FTPd | X | updtftpini.exe | Added by the W32/Rbot-FUS WORM! Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) More] here |
| Microsoft Windows HDA Service | X | svhda.exe | Added by the W32/IRCBot-SL WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Windows HelpFile (Windows Helpfile) | X | services.exe | Added by the W32/Tilebot-FQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software |
| Microsoft Windows Internet Connections Manager (net32b) | X | net32b.exe | Added by the W32/Cuebot-N WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Deactivates the Microsoft Internet Connection Firewall (ICF).
|
| Microsoft Windows Man Service (Windows Man Service) | X | winmgr.exe | Added by the W32/Sdbot-DTL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
Microsoft Windows Protection (Windows Protection
Service) | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft Windows Software Update Service (mswsus) | X | mswsus.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Windows Spool Service (Windows Spool Service) | X | wdfmgr.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Not to be mistaken with wdfmgr.exe which is part of Microsoft Windows Media Player and located in, C:\WINDOWS\System32\. |
| Microsoft Windows Spool Service (Windows Spool Service) | X | services.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
Microsoft Windows Spooler Service (Windows Spooler
Service) | X | winlogon.exe | Added by the W32/Tilebot-FR
WORM!Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
|
Microsoft Windows Spooler Service (Windows Spooler
Service) | X | services.exe | Added by the W32/Tilebot-FW
WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
|
| Microsoft Windows SQL Service | X | winesql.exe | Win32/IRCBot.UG |
| Microsoft Windows System32 | X | winservs.exe | Added by the W32/Tilebot-GU WORM! Note: This worm\trojan is located in C:\%WINDIR%
Also been identified with the filename: winsysdir.exe |
| Microsoft Windows System32 | X | windll32.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft Windows Update | X | wuautcl.exe | Troj/Spybot-NQ Read the link, allows remote access |
| Microsoft Windows Update (Microsoft Update) | X | scvvhost.exe | Added by the W32/Forbot-FH
WORM!
|
| Microsoft Windows Update (Microsoft Windows Update) | X | msconfig32.exe | Added by the W32/Tilebot-P
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft Windows Update (msupdate) | X | csrss.exe | Added by an unknown TROJAN!, Note: This has nothing to do with Microsoft Windows Update and this is not the legitimate Windows Process csrss.exe. (Which is found in the System32 folder.) This trojan file (csrss.exe) is found in the Windows or Winnt folder. |
Microsoft Windows Validation Service (Windows
Validation Service) | X | devldr32.exe | Added by a variant of the WIN32.RBOT WORM! - Note - do NOT confuse with the legitimate Creative Labs devldr32.exe file. Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| MicroSoft Windowz Update (MsFtUpd) | X | MsFtUpdateXP.exe | Added by the W32/Tilebot-BL
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Microsoft WMI Performance Adapter AddOn (WMIPerAddOn) | X | wmiapsrv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ NOT TO BE confused with C:\WINDOWS\System32\wbem\wmiapsrv.exe which is a Microsoft application |
| Microsoft XP TCP Ack Timing | X | winxptcp.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft(R) Windows(R) Operat (Microsoft Corporation) | X | iexplorer.exe | Added by the Troj/Feutel-W
TROJAN!
Note: This is not the legitimate Windows Process (iexplore.exe) which is found in the Program Files\Internet Explorer folder. (Notice the difference in the spelling.) This trojan file (iexplorer.exe) is found in the System32\Internet Explorer folder. |
| microsoftdvdhelp (MicrosoftDVD) | X | msdvd.exe | Added by the W32/Rbot-AWQ
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Microsoftkeysd | X | systemwin32.exe | |
| MilShieldCleaner | L | ShieldService.exe | Related to Mil_Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities. Note: Located in C:\Program Files\Mil Incorporated\Mil Shield\ |
| MindRetrieve Engine (MindRetrieve) | L | MindRetrieve.exe | MindRetrieve
Appears to be a personal desktop search engine.
|
| MindStorm Agent | L | srvpxa.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm AnalyzerPro Controller | L | srvctr.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm AnalyzerPro Correlation Engine | L | srvcor.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm Controller | L | srvctr.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| MindStorm Correlation Engine | L | srvcor.exe | Related to MindStorm_AnalyzerPro from Secure Associates. A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices. |
| Mini USB Driver | X | svñhîst.exe | Troj/Proxy-CY Note: Located in %windir%\system32 Read the link, allows remote access |
| MINIServer (MiNiService) | X | MiniServer.exe | Added by the |
