| Name | Status | Filename | Description |
|---|
| .mscdr | X | lsvchost.exe | Added by the WEBUS.D TROJAN! |
| .mscdsr | X | lsvchost.exe | Added by the Troj/Bdoor-CR
Trojan!
|
| .mscsbl | X | svhost.exe | Added by the BACKDOOR-CMQ TROJAN! |
| .msfupdate | X | msveup.exe | Added by the W32.ALLOCUP.A WORM! |
| .mssecure | X | mssecure.exe | Added by the DDOS_BOXED.X TROJAN! |
| .mssecure | X | mssecure.exe | Added by the Troj/Borobot-B
Trojan!
|
| .NET config | ? | sysmon32.exe | ?? |
| .NET. | X | msnmgnr.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| .norton | X | rchost.exe | Added by a variant of the BOXED-A
TROJAN! |
| .nvsvc | X | smss.exe | Added by the BackDoor-CXT TROJAN! Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System (XP/WinNT/2K) and not in it's System32 subdirectory, as is the case with the legitimate Smss.exe system file. |
| .nvsvcb | X | smssb.exe | Added by the Win32/Boxed.CG TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Will attempt to disable antivirus, firewall and Windows Update software |
| .Prog | X | services.exe | Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the valid Windows Service Controller (services.exe ) process |
| .Prog | X | winlogon.exe | Added by NEVEG.A WORM! Note - this is not the valid Windows Logon winlogon.exe process |
| .protected | X | (no name) | Added by a Smithfraud infection. |
| .svchost | X | CSRSS.EXE | Added by the WEBUS.F TROJAN! - NOTE - this file is placed in the Winnt\System or Windows\System folder, and should NOT be confused with the legitimate Windows Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling, always located in the Winnt\System32 or Windows\System32 folder, and which moreover should NOT figure in Msconfig/Startup!
|
| .TEXTCONV | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process, which provides text window support, shutdown, and hard-error handling |
| .WMAudio | X | csrss.exe | Added by the WEBUS TROJAN! Note - this is not the valid Client Server Runtime Subsystem csrss.exe process" which provides text window support, shutdown, and hard-error handling |
| .WMAudio | X | lsass.exe | Added by a Webus.B trojan infection. Note - this is not the legitimate Lsass.exe system file, which should normally NOT figure in Msconfig/Startup |
| /l:eng | N | N/A | Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup |
| 000 | U | pit.exe | Added by the PrivateEye SPYWARE! **Note - If you did not intentionally install this remove it. |
0006 - C:Documents and SettingsCompaq_OwnerStart
MenuProgramsHP Internet Connection Center | N | command.com | Related to HP_Internet_Connection_Center provides access to a variety of valuable offers from Internet Service Providers. |
0008 - C:Documents and SettingsCompaq_OwnerStart
MenuProgramshp deskjet 990c series v3.0 | N | command.com | Related to HP_Internet_Connection_Center provides access to a variety of valuable offers from Internet Service Providers. |
| 000hpdllhos | X | hpdllhost.exe | LZIO.com adware downloader |
| 000StTHK | U | 000StTHK.exe | Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...) |
| 0050726-007-i32-1 | X | 0050726-007-i32-1.exe | Added by the Troj/Bancban-EC TROJAN! Read the link, keylogger/password stealing TROJAN(S) involved.
|
