StartupList

Added by a variant of the http://vil.nai.com/vil/content/v_100454.htm SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field

Added by the http://www.sophos.com/virusinfo/analyses/trojdelfux.html DELF-UX TROJAN! Note - this is not the legitimate http://www.liutilities.com/products/wintaskspro/processlibrary/svchost/ svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field

Added by Trojan-Downloader.Win32.Banload.cil, http://www.bleepingcomputer.com/startups/mstdmc.exe-19557.html MALWARE! [red]Note:[/red] Located in \%WINDIR%\System32\ [red]The startup name is empty[/red] This will make sure that it's start at startup.

Identified as a variant of the Rootkit.Win32.Agent.uj, http://www.bleepingcomputer.com/startups/msmapiax32.exe-21900.html rootkit. [red]Note:[/red] Located in \%WINDIR%\System32\ [red]Note:[/red] Use SDFix under supervision.

Added by the W32/Sdbot-DHY,http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdhy.html Worm! [red]Read the link, allows remote access[/red] [red]Note:[/red] located in \%WINDIR%\ [red]Note:[/red] Use SDFix under supervision.

hamachi

Related to hamachi, https://secure.logmein.com/ Instantly connect multiple computers in a VPN from LogMeIn Inc. [red]Note:[/red] Located in \%Program Files%\Hamachi\

Security Patch

Added by the W32/RBOT-ZW, http://www.sophos.com/virusinfo/analyses/w32rbotzw.html WORM! [red]Read the link, keylogger/password stealing trojan(s) involved.[/red]

WinCheck

Added by the W32.Sober.V, http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.v@mm.html WORM! [red] Note:[/red] This worm file is found in the Windows\ConnectionStatus\Microsoft or Winnt\ConnectionStatus\Microsoft folder.

Windows

Added by the W32.Sober.X, http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.x@mm.html WORM! [red] Note:[/red] This is not the legitimate Windows process services.exe (Which is always found in the System32 folder.) This worm file is found in the Windows\WinSecurity or Winnt\WinSecurity folder.

!1_pgaccount

DiamondCS ProcessGuard, http://www.diamondcs.com.au/processguard/ security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly

!1_ProcessGuard_Startup

!AVG Anti-Spyware

Related to AVG_Anti-Spyware, http://www.grisoft.com/doc/1 from Grisoft. [red]Note:[/red] Located in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\

!ewido

Part of http://www.ewido.net/en/ Ewido anti-spyware

!NoLoad

Winrecon, http://www.symantec.com/avcenter/venc/data/spyware.winrecon.html. [red]Read the link, keylogger/password stealing trojan(s) involved.[/red] - Commercial Keylogger

$EnterNet

Connection manager for the EnterNet ISP. You can also use RASPPOE

$sys$cmp

Added by the Backdoor.Ryknos.B, http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ryknos.b.html TROJAN! Note: This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer. [red]Read the link, rootkit type stealth involved.[/red]

$sys$crash

Added by the Welomoch, http://securityresponse.symantec.com/avcenter/venc/data/trojan.welomoch.html TROJAN! [red] Note:[/red] This worm\trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. [red]Read the link, rootkit type stealth involved. SONY ROOTKIT, THANKS SONY![/red]

$sys$crash

$sys$drv

Added by the Backdoor.Ryknos, http://securityresponse.symantec.com/avcenter/venc/data/backdoor.ryknos.html TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer. [red]Read the link, rootkit type stealth involved.[/red]

$Volumouse$

Related to Volumouse, http://www.nirsoft.net/utils/volumouse.html from Nirsoft. Provides you a quick and easy way to control the sound volume on your system. [red]Note:[/red] Located in C:\Program Files\Volumouse\

$WindowsRegKey%update

Added as result of a W32/Rbot-EZ, http://www.sophos.com/virusinfo/analyses/w32rbotez.html WORM! Note - this is not the legitimate Internet Explorer iexplorer.exe, http://www.liutilities.com/products/wintaskspro/processlibrary/iexplore process, it should not appear in Msconfig/Startup unless you add it manually!

%cmpmixtitle%

Possibly related to C-Media Mixer Control panel?

%FP%012-L2TP fts.exe

012.Net ISP software - [red]what does it do and is it required?[/red]

%FP%012-L2TP FWPortal.exe

012.Net ISP software - [red]what does it do and is it required?[/red]

%FP%1776 Internet fts.exe

1776 Internet ISP software - [red]what does it do and is it required?[/red]

%FP%1776 Internet FWPortal.exe

1776 Internet ISP software - [red]what does it do and is it required?[/red]

%FP%AIRTEL fts.exe

Related to AIRTEL-Broadband, http://www.airtel.in/level2_t12.aspx?path=1/9 Part of the Friendly technologies PPPOE DSL Driver. This is customized for use with the AIRTEL-Broadband ISP. [red]Note:[/red] Located in \%Program Files%\AIRTEL\AIRTEL-Broadband\

%FP%Barak013 fts.exe

Barak013 ISP software - [red]what does it do and is it required?[/red]

%FP%Barak013 FWPortal.exe

Barak013 ISP software - [red]what does it do and is it required?[/red]

%FP%Friendly fts.exe

Friendly ISP software - [red]what does it do and is it required?[/red]

(*)API Machine

Homepage hijacker, see here (* = any digit)

(*)Run

Homepage hijacker, see here (* = any digit)

(default)

Added as a result of the BLACKMAL VIRUS!

(Default)

Added by the Trojan.Cdtray, http://securityresponse.symantec.com/avcenter/venc/data/trojan.cdtray.html TROJAN! [red]Note:[/red] This trojan file is found in the Internet Explorer folder.

(default)

Added by the TROJ/PROXY-GG, http://www.sophos.com/virusinfo/analyses/trojproxygg.html TROJAN!

(Default)

Added by the Troj/Monad-A, http://www.sophos.com/virusinfo/analyses/trojmonada.html TROJAN! [red] Note:[/red] This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder.

(Default)

Added by the Dremm.b, http://www.symantec.com/avcenter/venc/data/trojan.dremn.b.html TROJAN!

(default)

Added by the Backdoor.Hesive.B, http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hesive.b.html TROJAN! [red]Read the link, rootkit type stealth involved.[/red]

(Default)

Troj/DownLd-ABF, http://www.sophos.com/security/analyses/trojdownldabf.html

(Entry name)

Added by the Troj/Nethief-N, http://www.sophos.com/virusinfo/analyses/trojnethiefn.html Trojan!

(Global Startup)

Added by the W32/Sunk-A, http://www.sophos.com/virusinfo/analyses/w32sunka.html WORM! [red] Note:[/red] This worm\trojan file is found in the Root folder. (C:\), (D:\), (E:\) etc, etc.

(L4r1$$4) (4nt1) (V1ruz)

Added by the ASSIRAL.B, http://securityresponse.symantec.com/avcenter/venc/data/w32.assiral.b@mm.html WORM!

(original file name)

Added by Troj/Bancban-CX, http://www.sophos.com/virusinfo/analyses/trojbancbancx.html and Troj/Bancban-DA, http://www.sophos.com/virusinfo/analyses/trojbancbanda.html TROJANS! [red]Read the link, keylogger/password stealing TROJAN(S) involved.[/red]

(original filename)

Added by the Troj/Bancban-HM, http://www.sophos.com/virusinfo/analyses/trojbancbanhm.html TROJAN! [red]Note:[/red] This trojan file is found in the System (95/98/ME) or System32 (NT/2000/XP) folder. [red]Read the link, keylogger/password stealing TROJAN(S) involved.[/red]

(Original Trojan Filename)

Added by the Troj/Bancban-FS, http://www.sophos.com/virusinfo/analyses/trojbancbanfs.html TROJAN! [red]Note:[/red] This trojan file is found in the Windows or Winnt folder. [red]Read the link, keylogger/password stealing TROJAN(S) involved.[/red]

(random 12 digit number)