| Name | Status | Filename | Description |
|---|
| RoxMediaDB10 | L | RoxMediaDB10.exe | Related to Roxio_Inc Easy Media Creator 10. Note: Located in \%Program Files%\Common Files\Roxio Shared\10.0\SharedCOM\ |
| RoxMediaDB9 | L | RoxMediaDB9.exe | Related to Roxio_Inc |
| RoxUpnpRenderer (RoxUPnPRenderer) | L | RoxUpnpRenderer.exe | Related to Roxio_Inc |
| RoxUpnpServer | L | RoxUpnpServer.exe | Related to Roxio_Inc |
| RPAService | L | RPAService.exe | Related to Gilat Satellite Networks Ltd. Note: Located in \%Program Files%\GILAT\Internet Page Accelerator\ |
| RPC Debug Control (RPCDB) | X | csts.exe | Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| RPC+ Service Provider (RPCSS+) | X | rpcss_pl.exe | Trojan. - http://www.what-process.com/process-info.aspx?p=rpcss_pl.exe |
| RpcRemotes | X | remote.exe | Added by the W32/Fanbot-J
WORM!
Note: This worm file is found in the System32 folder. Be sure to check the link on this one. Copies it's self to various folders and file names.
|
| RSLinx | L | RSLINX.EXE | Related to Rockwell_Automation Inc. FactoryTalk suite |
| RSLinx Enterprise (RSLinxNG) | L | RSLinxNG.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rtkit | X | Rtkit.exe | Added by the Backdoor.Rtkit
TROJAN!
Read the link, rootkit type stealth involved.
|
| rtvscan | X | rtvscan.exe | Added by a variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ This infection should not be confused with the legitimate Note: Note: Located in \%Program Files%\Symantec\SAV\Rtvscan.exe file. |
| rudll | X | rudll.exe | Troj/Hupigon-CF Note: Located in %windir% Read the link, allows remote access |
| RUMBA AS/400 Shared Folders (Wdworkstation) | L | wdnpsvc.exe | Related to RUMBA which provides connectivity from Microsoft Windows desktops to virtually any host system with mission critical reliability. From NetManage Inc. Note: Located in \%WINDIR%\System32\ |
| Run RunOnce | L | ShipUPS.EXE, RunOnce.exe | Related to UPS WorldShip shipping software |
| rundll.exe | X | msn93.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll.exe | X | msngrsm.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll.exe | X | rundll.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll32 (rundll32) | X | rundll32.exe | Added by the Troj/Feutel-Q
TROJAN! |
| rundll32.exe | X | lsass.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Runtime | X | runtime.sys | Troj/Agent-ECZ Note: Located in %windir%\system32 |
| Runtime | X | runtime.sys | Troj/Pushu-Gen
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K) May also have an additional services installed. Read link |
| runtime2 | X | runtim2.sys | Troj/DropRk-A
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K) |
| Rupsd | L | Rupsd.exe | Related to Mega_System Technologies Inc. |
| Rupsmon | L | RupsMon.exe | Related to Mega System Technologies, Inc. |
| RVS CommCenter (RvsCC) | L | RVSCC.EXE | Legit Fax/Digital Answering Machine/Telephony service. Owner Unknown . Located in C:\Program Files\Teledat\WCOM\SYSTEM\ |
| RVS Installer (RVSINST) | L | RVSINST.EXE | Legit Fax/Digital Answering Machine/Telephony service. Owner: RVS Datentechnik GmbH, München. Located in: C:\Program Files\Teledat\WCOM\SYSTEM\ |
| Rwx (Rwx2005) | X | svhosts.exe | Added by the Troj/Subzero-B
Trojan!
|
| r_server | X | service.exe | Added by the Troj/Remadm-G
TROJAN!
Note: This is not the legitimate Windows process services.exe (Notice the difference in the spelling.) This trojan file (service.exe) is also found in the System32 folder.
|
| S3 Graphics Co., Ltd. | X | VTTrayp.exe | W32/Sdbot-DHA Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (Vista/XP/WinNT/2K) |
| s3contrl (32-bit) | X | VTTray.exe | Added by a variant of the Backdoor.Win32.SdBot.cep family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ |
SafeBoot Configuration Manager
(SafeBootConfigurationManager) | L | SBMGRNT.EXE | Related to SafeBoot_Configuration Manager. Encryption software. Note: Located in \%Program Files%\SafeBoot\ |
| SafeBootAgent | O | srvany.exe | Microsoft Windows application which allows an executable to be run as a service. If you have installed this service, fine, otherwise investigage. Can be used to load Malware. |
| SafeGuard Easy Client (SgeClient) | L | SgeClient.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\ |
| SafeGuard Easy Workstation Server (WksCfgSrv) | L | WksCfgSrv.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\Program Files\Utimaco\SafeGuard Easy\ |
| SafeGuard SGLOG Player (SgLogPlayer) | L | SgLogPlayer.exe | Related to SafeGuard_Easy Hard Disk Encryption from Utimaco. Note: Located in C:\WINDOWS\system32\ |
| SafeNet IKE Service (IREIKE) | L | IreIKE.exe | Related to Microsoft Virtual Private Network Client. |
| SafeNet Monitor Service (IPSECMON) | L | IPSecMon.exe | Related to Microsoft Corp. Feature of the Layer Two Tunneling Protocol (L2TP). |
| Samsung Update Plus | L | SLUBackgroundService.exe | Related to Samsung_AV_Station instant Playback of music photos, videos. |
| SAMSvc (Security Account Manager) | X | SAMSvc.exe | Added by the W32/Tilebot-DL, WORM! |
| Sandboxie Service (SandboxU) | L | SandboxieServer.exe | Related to SandBoxie Sand box application. Data may flow from the hard disk into the sandbox. But data never flows back from the sandbox into the hard disk. Note: Located in C:\Program Files\Sandboxie\ |
| Sandboxie Service (SbieSvc) | L | SbieSvc.exe | Related to Sandboxie Service. Intercepts changes to both your files and registry settings, making it virtually impossible for any software to reach outside the sandbox. Note: Located in \%Program Files%\Sandboxie\ |
| Sandra Data Service (SandraDataSrv) | L | RpcDataSrv.exe | SiSoftware Sandra Lite 2005 |
| Sandra Service (SandraTheSrv) | L | RpcSandraSrv.exe | SiSoftware Sandra Lite 2005 |
| Sansa Updater Service (SansaService) | L | SansaSvr.exe | Related to Sansa_Updater Service from Sandisk. Note: Located in C:\Program Files\SanDisk\Sansa Updater\ |
| SAP Business One BackUp Service (SBOBackUp) | L | B1backUp.exe | L
Related to SAP Business One gives you the information you need to select and implement business management software. Note: Located in \%Program Files%\SAP\SAP Business One ServerTools\BackUp\ |
| SAP Business One DI Server (SBODI_Server) | L | B1DI_Server.exe | Related to SAP_Business_One gives you the information you need to select and implement business management software. Note: Located in \%Program Files%\SAP\SAP Business One ServerTools\DI_Server\ |
| SAP Business One Early Watch Alert (B1EwaService) | L | EwaService.exe | Related to SAP Business One gives you the information you need to select and implement business management software. Note: Located in \%Program Files%\SAP\SAP Business One ServerTools\EWA\EwaService.exe |
| SAP Business One License Manager 2005 (B1Lic2005) | L | B1License.exe | L
Related to SAP Business One gives you the information you need to select and implement business management software. Note: Located in \%Program Files%\SAP\SAP Business One ServerTools\License\ |
| SAP DB WWW (SAPDBWWW) | L | wahttp.exe | Related to SAP_MaxDB The SAP Database System. Note: Located in \%Program Files%\SAPDB\indep_prog\web\pgm\ |
