| Name | Status | Filename | Description |
|---|
| W2K PCtel speaker phone | L | pctspk.exe | Related to PCtel services |
| W32 Sercure Service | X | wsecur3.exe | W32/Sdbot-DAR Note: Located in %windir% Read the link, allows remote access and uses rootkit stealth |
| W32Time | X | svchost.exe -k W32Time | Added by the Fuwudoor TROJAN! |
| wacomkey | L | wacomkey.exe | Driver for Wacom Tablet. Note: Located in system32 folder on XP machines http://www.wacom.com |
| WakeMeUp! Service (svcWMU) | L | WMUSvc.exe | Related to WakeMeUp! advanced alarm clock for computers. Note: Located in C:\Program Files\WakeMeUp\ |
| wampapache | L | httpd.exe | Related to Apache Software. An Open source database. Note: Located in \%ROOT%\wamp\apache2\bin\ |
| wampapache | L | Apache.exe | Related to Related to Oracle_Corp Note: Located in \%ROOT%\xampp\apache\ |
| wampmysqld | L | mysqld-nt.exe | Related to Apache Software. An Open source database. Note: Located in \%ROOT%\wamp\mysql\bin\ |
| WAN Miniport (ATW) Service (WANMiniportService) | L | wanmpsvc.exe | Related to America_Online Inc. The AOL suite's connectity relies upon this file heavily, so if AOL is used, this should not be touched. |
| Warehouse agent daemon (vwd) | L | VWD.EXE | Warehouse Manager components used with DB2 Databases from IBM
|
| Warehouse logger (vwlogger) | L | IWH2LOG.EXE | Warehouse Manager components used with DB2 Databases from IBM
|
| Warehouse server (vwkernel) | L | IWH2SERV.EXE | Warehouse Manager components used with DB2 Databases from IBM |
| Washer Security Access (wwSecSvc) | L | wwSecure.exe | Related to one of the Webroot_Internet_Security
programs. The file associated with this service is located in the System32 folder. |
| wdcs | X | wdcs.exe | Added by a variant of the W32/SDBot.AWGW family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\System32\ |
| WDelMgr20 | O | WDelMgr20.exe | Seems to be related to the RecoverLost Data or BackUp MyPC program by StompSoft
|
| WDNDrive (chgsprt) | X | chgsprt.sys | Added by the Troj/Haxspy-A
TROJAN!
|
| Web Live Information Messenger | X | webmsn.exe | Added by the W32/Sdbot-CWA WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Web Update Service by PowerProgrammer (WebUpdate) | L | WebUpdateSvc.exe | Related to POWERPROGRAMMER.CO.UK A user friendly way to look for and download updates via the web to a customer application |
| Web Update Wizard Service V4 (WebUpdate4) | L | WebUpdateSvc4.exe | Related to Web_Update_Wizard from PowerProgrammer Co. The Wizard lets you add 'update over the web' functionality to your applications with literally a single line of code. Note: Located in \%WINDIR%\System32\ |
| WebDrive Service (WebDriveService) | L | wdservice.exe | Related to WebDrive FTP service. Note: Located in C:\Program Files\NetDrive\ |
| WebPrint | X | webprint.exe | Troj/Bckdr-QHH |
| Webroot Admin Console (WebrootAdminConsole) | L | WebrootAdminConsole.exe | Related to Webroot_Software |
| Webroot Client Service (WebrootEnterpriseClientService) | L | WebrootClientService.exe | Related to Webroot_Software |
| Webroot CommAgent Service (WebrootCommAgentService) | L | CommAgent.exe | Related to Webroot Software, Inc.http://www.webroot.com/ |
| Webroot Desktop Firewall network service (WDFNet) | L | wdfsvc.exe | Webroot Desktop Firewall 5.5 Service |
| Webroot Spy Sweeper Engine (svcWRSSSDK) | L | WRSSSDK.exe | Related to Webroot Spy Sweeper Engine. Located in C:\Program Files\Webroot\Spy Sweeper\ |
| Webroot Spy Sweeper Engine (WebrootSpySweeperService) | L | SpySweeper.exe | Related to Webroot Software inc. Spyware protection software. Note: Located in C:\Program Files\Webroot\Spy Sweeper\ |
| Webroot SpySweeper Service (WebrootSpySweeperService) | L | SpySweeper.exe | Related to Webroot Software inc. Spyware protection software. Note: Located in C:\Program Files\Webroot\Spy Sweeper\ |
| Webroot Update Service (WebrootEnterpriseUpdateService) | L | WebrootUpdateService.exe | Related to Webroot_Software |
| WebSeach Toolbar support NT service | X | TBPSSvc.exe | Related to the Neo/Huntbar Toolbar |
Websense CPM Deployment Service
(WebsenseClientDeployService) | L | WsClientDeployService.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense CPM Report Scheduler (WebsenseCAMReportServer) | L | BatchQueue.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense CPM Server (WebsenseCAMServer) | L | CAMServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\
|
| Websense DBManager Scheduler (DBManagerScheduler) | L | DBManagerScheduler.exe | Related to Websense_Reporter has three primary components: the Reporter user interface, the Log Server and the Log Database. Note: located in C:\Program Files\Websense Reporter\... |
| Websense DC Agent (WebsenseDCAgent) | L | XidDcAgent.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
Websense Explorer Report Scheduler
(WebsenseWFReportServer) | L | ExplorerScheduler.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense Filtering Service (Websense EIM Server) | L | EIMServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
Websense Information Service for CPM Explorer
(WebsenseCPMCommunicationAgent) | L | CAMExplorerServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
Websense Information Service for Explorer
(WebsenseCommunicationAgent) | L | ExplorerServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense Log Server (WebsenseLogServer) | L | LogServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense Network Agent | L | NetworkAgent.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense Policy Server (WebsensePolicyServer) | L | PolicyServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense Real-Time Analyzer (WebsenseRealTimeAnalyzer) | L | RTMServer.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense Report Scheduler (Websense Reporter Scheduler) | L | WsScheduler.exe | Related to Websense_Reporter has three primary components: the Reporter user interface, the Log Server and the Log Database. Note: located in C:\Program Files\Websense Reporter\... |
| Websense Reporter Scheduler | L | WsScheduler.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\Reporter\ |
| Websense Usage Monitor (WebsenseUsageMonitor) | L | UsageMonitor.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| Websense User Service (WebsenseUserService) | L | UserService.exe | Related to Websence increase web security and employee productivity through internet policy enforcement. Note: Located in C:\Program Files\Websense\bin\ |
| WebTime | X | WebTime.exe | Troj/SleepSrv-A |
| wfsup(wfsup) (wfsup) | X | wfsup.exe | Added by the Bck/Sdbot.HPS as detected by Pandascan TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| WhatsUp Gold Syslog | L | WUGSyslog.exe | Related to CiscoWorks SNMS server. |
| Win Common module | X | servicemp.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Win PPPe | X | winser.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Win Tmp Service (Wstmp) | X | wstmp.exe | Added by the W32/Sdbot-YS
Worm! |
| Win Update | X | SYSUPDATE.EXE | Added by the SDBOT.CLA
WORM!
Note: This worm file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved.
|
| Win Updator Services | X | ctfnom.exe | Related to the WootBot Trojan. |
| WIN32 (image) | X | image.exe | Added by the W32/Sdbot-AAQ
WORM!
Read the link, rootkit type stealth involved.
|
| Win32 Driver (shit) | X | svchosts.exe | Added by the W32/Forbot-FD
WORM! |
Win32 FireWire Driver
(ds80-237-205-33.dedicated.hosteurope.de) | X | CTHELPER32.EXE | Related to WootBot TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Win32 Kernel Update (Win32Kernel) | X | win32host.exe | Added by the W32/Tilebot-FE
WORM! Note: This worm file is found in the Windows or Winnt folder.
Allows a remote intruder to gain access and control over the computer, read the link.
|
| Win32 Login Service (Win32 Login) | X | win32logon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Win32 LSA Driver (Windows Lsa Service) | X | lsa.exe | Added by the W32/Forbot-FJ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| win32 socket (win32socket) | X | win325b.exe | Added by the W32/Tilebot-GE WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Win32 SSL Driver (Win32 SSL Driver) | X | winssv.exe | Added by the W32/Forbot-BH
WORM!
|
| Win32 System Spool | X | spoolsvc.exe | Added by the W32/Sdbot-RY Spyware Worm! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Win32 Task Manager (Win32Task) | X | wintasks32.exe | Added by the W32/Rbot-FPD WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Win32 Update (shit) | X | svchosts.exe | Added by an unidentified TROJAN! of the Sdbot family. C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Win32 Update (Win32Update) | X | oswinupdate.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| win32 update service (defiled) | X | svchostt.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Win32 USB2 Driver | X | svchosting.exe | W32/Forbot.J or SDBOT.HU |
| Win32Export | X | winsysplg.exe | Added by the W32/Rbot-FMU WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Win32Sl | L | Win32sl.exe | Allows remote management application programs to access a client computer for maintainance purpose. (UNIBLUE) |
| WIN32SOUND | X | sounddv.exe | Added by the W32/Tilebot-Z
WORM!
Read the link, rootkit type stealth involved.
|
| Win32Sr | X | win32ssr.exe | Added by the W32/Sdbot-AMA WORM! |
| Win32Sr (Win32Sr) | X | win32ssr.exe | Added by the W32/Sdbot-AOT
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder. |
| WinACD Power Button Service (ACDPowerService) | L | acdpower.exe | Related to Compuflex's "TSR-like" product for the Windows environment that automatically reads the amount to dispense from the native Windows teller software |
| WinAgents TFTP Service 4 (WinAgentsTftpService4) | L | TftpService.exe | Related to WinAgents_TFTP services. Note: Located in \%Program Files%\Common Files\WinAgents\ |
| winauthm (spdauth) | X | SPDAUTH.EXE | Added by the SDBOT.CFH
WORM!
Read the link, rootkit type stealth involved.
|
| WinComSpk Service (SvcWinComSpk) | L | wincomspk.exe | Related to Sentry_At_Home Parental Controls software. Note: Located in \%WINDIR%\System32\ |
| winconfig.exe | X | smsss.exe | Added by the W32/Spybot-MP WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| winconfig.exe | X | SP2PATCH.EXE | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| winconfig.exe | X | svcss.exe | Added by the Troj/Agent-MD TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| winconfig.exe | X | ApiWin.exe | W32/Sdbot-DEZ |
| winconfig.exe (openssh.exe) | X | openssh.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\ Note: Use SDFix under supervision. |
| windbg48 | X | windbg48.sys | Troj/RKAgen-A
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| windbs | X | winxtc.exe | Added by the AGOBOT-WD WORM |
| Window (MPRS) | X | explore.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Window Boot Services | X | lsiss.exe | Added by the W32/Tilebot-HP WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) disabling the automatic startup of other software. |
| Window Dispaly System | X | lsays.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Window Domain Services (windowndns) | X | svchost.exe | Unknown malware. This infection should not be confused with the legitimate C:\Windows\System32\svchost.exe file. This malware is Note: located in \%Program Files%\Internet Explorer\ |
| Window Image Worker (windownetpker) | X | svchost.exe | Identified by Kaspersky Antivirus as a variant of the Trojan.Win32.Delf.amr malware. Note: Located in \%Program Files%\Internet Explorer\ This infection should not be confused with the legitimate \%WINDIR%\System32\svchost.exe file. |
| Window LFX Services | X | lxsys.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Window Lssas Services | X | lssys.exe | Added by the Trojan.Downloader-Gen/Win.Process TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Window Net Dns (MyDNS) | X | svchost.exe | Detected as Trojan.Win32.Delf.bhp by Kaspersky Note: Located in %programfiles%\Outlook Express or %programfiles%\Internet Explorer - not to be confused with the legitimate svchost.exe located in %windir%\system32 |
| Window Plugin Service | X | lsscs.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Window Washer Engine (wwEngineSvc) | L | WasherSvc.exe | Related to Window_Washer_Engine Wash away all traces of your PC and Internet activity. Note: Located in \%Program Files%\Webroot\Washer\ |
| windows | X | ssme.txt | Troj/Hupigon-SQ
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (Vista/XP/WinNT/2K) |
| Windows .NET Service | X | netserv.exe | W32/Tilebot-KB
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K)
Allows others to access the computer Read links |
| Windows 32 Bit (Windows 32 Bit Drivers) | X | WinVid32.exe | Added by the W32/Tilebot-BH
WORM!
Note: This worm file is found in the Windows or Winnt folder. Read the link, rootkit type stealth involved.
|
| Windows 32-bit PnP Driver (winpnp32) | X | winpnp32.exe | Added by the W32.Wallz WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Accounts Driver (WindowsAccounts) | X | SVCH0ST.EXE | Troj/Agent-NDR |
| Windows Active Directory Helper (MSSearchHelper) | X | (random name).exe | Troj/Agent-ELG |
| Windows Anti Virus (MSAV32) | X | MSAV32.EXE | Added by the SDBOT.CMH
WORM!
Read the link, rootkit type stealth involved.
|
| Windows Archiver (winarc) | X | devldr.exe | Added by the W32/Prex-J
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Windows Archiver (winarc) | X | windat.exe | Added by the W32/Tilebot-BA
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
| Windows ASP Service | X | aspsrv.exe | W32/SdBot-DGU Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K) Allows others to access the computer |
| Windows Auto Update Tool | X | wault.exe | Added by the W32/Tilebot-JQ WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access |
| Windows Automatic Updates | L | windowsautomaticupdates.exe | This Service belongs to the Folding@Home Client which uses your computer's resources on behalf of Stanford University. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems. |
| Windows Basis Cont (Windows Basis Cont) | X | WINFTP32.EXE | Added by the SDBOT.CIU
WORM!
Read the link, rootkit type stealth involved.
|
| Windows Bluetooth Tray Application | X | BTTray.exe | W32/Sdbot-DGN
Note located in \KaZaA\My Shared Folder\.
|
| Windows Bluetooth Tray Application | X | BTTray.exe | W32/Tilebot-KD
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K) |
| Windows CDROM Drivers (Microsoft Windows Atapi Drivers) | X | atapid.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Windows Client/Server Runtime Server Subsystem (WCSRSS) | X | wcsrss.exe | Added by the W32/Tilebot-DA WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Client/Server Runtime Service (csrss) | X | csrss.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\i386\ (Win9x/Me), C:\%WINDIR%\i386\ (XP/WinNT/2K) Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Windows Confg System | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| windows config service (config) | X | config.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Configuration Backup Service (CfgBackupSvc) | X | svchost.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\CONFIG\ This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
Windows Configuration Loader (Windows Configuration
Loader) | X | SVCHOST.EXE | Added by the RBOT.BZF
WORM!
Note: This is not the legitimate Windows process SVCHOST.EXE (Which is always found in the System32 folder.) This worm file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved.
|
| Windows Configuration Manager (ConfigMgr) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Connection Extension (WCEisvc) | X | wcmsvc.exe | Added by a variant of the SDBot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\Help\ |
| Windows Control Panel Debugger | X | explorer.exe | Detected as W32/Hupigon.gen76 by F-Secure Note: Located in %windir%\debug |
| Windows Control Service32 (SVHOST32) | X | svhost32.exe | Added by a variant of the SDBot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\System32\ |
| Windows Cron Service | X | crons.exe | Troj/Hupigon-SR
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (Vista/XP/WinNT/2K)
Allows remote access. Read the link |
| Windows CTF Loader | X | ctfmon.exe | W32/Sdbot-DFS
Copies itself to %Windows% directory |
| Windows DDE (servet wm) | X | servet.exe | W32/WoWMovs-A
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Debugger | X | SYSNT.EXE | Added by the RBOT.CEL
WORM!
Read the link, rootkit type stealth involved.
|
| Windows Decrypt manager (wincrypt32.exe) | X | wincrypt32.exe | Added by the W32/Tilebot-GC WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Windows Defender User Interface | X | MSASCu.exe | Added by the W32/Sdbot-DFW WORM! Note: This worm is located in \%WINDIR%\ Read the link, allows remote access |
| Windows Defender User Interface (Windows Defender) | X | MSASCu.exe | W32/Sdbot-DFW
Copies itself to %Windows% directory Allows remote access. Read link |
| Windows Desktop Security | O | svcagnt.exe | Check to see if it was installed by the by user. Keylogging and screenshot software see Here Location: C:\Programmer\RDS4\svcagnt.exe |
| Windows Desktop Security (dtsagntsvc) | O | svcagnt.exe | Check to see if it was installed by the by user.
Keylogging and screenshot software see Here
Location: C:\Program Files\RDS\svcagnt.exe
|
| Windows DHCP Client Service | X | dhcp.exe | W32/Tilebot-JU
Note: Located in %Windows%\dhcp.exe |
| Windows DHCP Service | X | system.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Windows DHCP Service (WinDHCPsvc) | X | rundll32.exe | Win32/Agent.ABF Note: rundll32.exe is legitimate but is being used to load the malware file %system%\windhcp.ocx Read the link, collects sensitive information |
| Windows DLL Loader (RunDll32) | X | rundll32.exe | Added by the Troj/Agent-MD TROJAN! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the C:\%WINDIR%\dll\ folder. |
| Windows DLL System | X | smsc.exe | Added by the W32/Tilebot-GG WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Disables the automatic startup of other software. |
| Windows DLLISP | X | dllisp.exe | W32/Tilebot-JN Read the link, allows remote access |
| Windows DNS (Windows DNS) | X | rundl32.exe | Added by the Troj/GrayBrd-AG
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder.
|
| Windows Dos Service | X | dsserv.exe | W32/Sdbot-DGT
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K) Allows others to access the computer |
| Windows Drivers Configs | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Windows Drivers Version | X | WinDV.exe | Added by a variant of the SDBot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ |
| windows drivers32 | X | WINDRVR32.EXE | Added by the SDBOT.CON
WORM!
Read the link, rootkit type stealth involved. |
| windows drivers32 (windows drivers32) | X | windrvrs32.exe | Added by the W32/Tilebot-AG
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved.
|
| Windows Event Viewer (EventViewer) | X | spoolsmc.exe | An unidentified SDbot variant |
| Windows explorer | X | explore.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| windows explorer32 | X | explorer32.exe | Added by the W32/Sdbot-CVQ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
Windows File Depictor and Rotator Service For Service
Pack 2 (Windows File Depictor and Rotator) | X | svchost.exe | Detected as Backdoor.Win32.SdBot.aad by Kaspersky Note: Located in %windir%\repair |
| windows file explorer (explorer) | X | ssms.exe | Added by the W32/Tilebot-EN WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Windows File Verification Service (wfvs) | X | wfvs.exe | Identified as a variant of the Backdoor.Ranky malware. Note: located in \%WINDIR%\System32\ |
| windows firewall (masry) | X | msgupdater.exe | Added by the W32/Sdbot-ADZ
WORM! Note: This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Windows Firewall Services | X | iexplore.exe | Added by a variant of the Sdbot-ABA worm! NOTE: this file is located in the Windows folder, while the legitimate iexplore.exe (the Internet Explorer executable) is found in Program Files\Internet Explorer. |
| Windows Genuine Advantage Registration Service (net32a) | X | net32a.exe | Added by the Backdoor.IRCBot.st Identified by ewido. WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Genuine Advantage Registration Service (wgareg) | X | wgareg.exe | Added by the Win32/Cuebot.J
WORM! Exploits the MS06-040 Windows vulnerability. Note: File located in the System or System32 folder. |
| Windows Genuine Advantage Validation (wgav) | X | wgav.exe | Added by a variant of Win32/IRCBot.OO as reported by NOD32 TROJAN! Note: located in C:\WINDOWS\system32\wgav.exe |
| Windows Genuine Advantage Validation Monitor (wgavm) | X | wgavm.exe | Added by the W32/Cuebot-M WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Disables the automatic startup of other software, deactivates the Microsoft Internet Connection Firewall (ICF). |
Windows Genuine Advantage Validation Notification
(wgavn) | X | wgavn.exe | Added by the W32/Cuebot-K
WORM! Located in the Windows or Winnt\System32 folder. |
| Windows Help | X | winhlep.exe | Troj/Hupigon-SM
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K)
|
| Windows Help (shit) | X | mailinfo.exe | Added by the W32/Forbot-FK
WORM!
|
| Windows Host Services (DLLHOST32) | X | dllhost.exe | Added by the W32/Tilebot-IH WORM! Note: This worm\trojan is located in C:\%WINDIR%\System\ folder. |
| Windows Host Services (ExplorerSvc) | X | explorer.exe | Identified as a variant of the Net-Worm.Win32.Kolabc.aeh worm. Note: located in \%WINDIR%\system\ Note This infection should not be confused with the legitimate C:\Windows\explorer.exe file. |
| Windows Host Services (WINHOST32) | X | services.exe | Appears to be an SDbot variant. Note: Located in %windir%\system |
| Windows Hosts Plugin | X | spoolcv.exe | Added by A variant of the SDBot.aad family of worms and IRC backdoor Trojans. |
| windows hostsrv (dllhstsrv) | X | dllhstsrv.exe | Added by a variant of the BACKDOOR.IRC.BOT Note: This worm\trojan is located in \%WINDIR%\ |
| Windows HWinfo Loader (Windows HWinfo Loader) | X | iexplre.exe | Added by the W32/Rbot-ALS
WORM!
|
| Windows IMAP Shell | X | imaped.exe | Added by the Backdoor.SDBot.F7B46034 TROJAN! Reported by BitDefender |
| Windows Input Service (wiisvc) | X | wibsvc.exe | Added by a variant of the Backdoor.Win32.SdBot.bzc family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\System\ |
| Windows Ins (WindowsDown) | X | servet.exe | W32/SillyFD-AB Read the link, steals information |
| Windows Installer | L | MsiExec.exe | executable program of the Windows Installer |
| Windows Installer Manager | X | winins.exe | W32/Sdbot-DHP
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (Vista/XP/WinNT/2K)
Read the link, Turns off anti-virus applications, Allows others to access the computer |
| Windows InstallService (WindowsDown) | X | servet.exe | W32/SillyFDC-AI
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Read the link, steals information |
| Windows Instrument Driver (WMID) | X | instdrv.exe | W32/SdBot-CZV Note: Located in %windir% Read the link, security settings are changed |
Windows Internet Connection Sharing Service (Windows
Internet Connection Sharing) | X | msfav32.exe | Added by a variant of the SDBot family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\dllcache\ |
| Windows Internet Control (Windows Internet) | X | internet.exe | Added by the WORM_SDBOT.ABT WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Internet Service | X | iexplore.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\ (Win9x/Me), C:\%WINDIR%\ (XP/WinNT/2K) Note: This is not the legitimate Windows Process which is normally found in C:\Program Files\Internet Explorer\ |
| Windows Internet/Server (Internet) | X | winlogo.exe | Added by the Troj/GrayBrd-AC
TROJAN!
Note: This trojan file is found in the System\RavExt (95/98/ME) or System32\RavExt (NT/2000/XP) folder. |
| Windows Kernel | X | svchost.exe | Added by the HackerDefender SDBot TROJAN! ROOTKIT INFECTION Note: This worm\trojan is located in C:\Windows\ Not to be mistaken with svchost.exe which is part of Microsoft an located in C:\WINDOWS\System32\. |
| Windows Kernel (Windows Kernel) | X | svchost.exe | Added by the W32/Rbot-ANO
WORM! Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved.
|
| Windows Kernel Server | X | wkserver.exe | Added by a variant of the SDBot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\System32\ |
| Windows Kernel Service | X | kasvc.exe | Added by a variant of the BACKDOOR.IRC.BOT Note: This worm\trojan is located in \%WINDIR%\ |
| Windows Kernel Services | X | winlogon.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ Do not remove the C:\WINDOWS\system32\winlogon.exe which is located in the \system32 folder. |
| Windows Kernel System Service | X | wkssvc.exe | Added by the W32.Spybot.YXX WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Windows LAN Service Manager | ? | svchost.exe | Unknow origin |
| Windows Live Setup Service (WLSetupSvc) | L | WLSetupSvc.exe | Related to Windows_Live_Writer a desktop application that makes it easier to compose compelling blog posts. Note: Located in C:\Program Files\Windows Live Writer\ |
| Windows Log | X | nvsvcd.exe | Added by the BackDoor-CXT TROJAN! Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows logic Service | X | logic.exe | W32/Tilebot-JV Read the link, allows remote access |
| Windows Login (len) | X | lmss.exe | Added by the W32/Agobot-JA WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| windows logon | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.)
|
| Windows Logon Process Service (MSWinLogonProcService) | X | winlogon.exe | Added by a variant of the Win32/Procin family of TROJAN! Note: Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This trojan file is found in C:\%WINDIR%\. |
| Windows lsass Service (lsass) | X | lsass.exe | Added by the W32/Rbot-AGD
WORM!
Located in C:\WINDOWS\lsass.exe (9X\XP) or C:\Winnt\lsass.exe (NT\2000) Note: C:\WINDOWS\System32\lsass.exe is a Windows system file.
Read the link, rootkit type stealth involved.
|
| windows mail service | X | mail.exe | Added by A variant of the SDBot.aad family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ |
| Windows Mail Services (WindowsMailSrv) | X | WinMailSrv.exe | Troj/Hupigo-VY |
| Windows Maintenance | X | WINMAINT.EXE | Mal/Heuri-D
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K) |
| Windows Management (Windows Management) | X | svchost.exe | Added by the Troj/Feutel-AN
WORM!
Note: This is not the legitimate Windows process(Which is always found in the System32 folder). This worm/trojan file is found in the Windows or Winnt folder.
|
| Windows Management Construct (winmgmc) | X | winmgc.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
Windows Management Instrument Driver Includes
(WMIDriverInc) | X | wmiprvse.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Note: This is not the legitimate Windows Process. (Which is found in the System32\wbem\ folder.) |
| Windows Management Instrumentation | L | WinMgmt.exe | used by system administrators to create Windows management scripts |
| Windows Management PrintSystem (spoo1sv) | X | spoo1sv.exe | Identified as a variant of the AdWare.Win32.Agent.aad malware. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Windows Management Service | X | dm***.exe | Related to wareout, detected by Antivir as TR/Dldr.DNSChanger.Gen |
| Windows Management Services (wmserv) | X | svcmain.exe | Troj/Agent-ECW Note: Located in %windir%\system32 |
| Windows Management Updater (WinManUpdater) | X | smss.exe | Added by the Troj/Kaos-E TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Windows Manager Service | X | Manager.exe | W32/Tilebot-KE Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K) |
| Windows Media Connect (WMC) (WmcCds) | L | mswmccds.exe | Part of windows media connect, allows universal plug and play devices to be used by windows media player |
| Windows Media Connect (WMC) Helper (WmcCdsLs) | L | mswmcls.exe | Part of windows media connect, allows universal plug and play devices to be used by windows media player |
| Windows Media Connect Service (WMConnectCDS) | L | wmccds.exe | Related to Windows_Media_Connect Service v2. Windows Media Connect is a Microsoft technology which enables Digital Media Receivers to play music, video, or photos that are stored on a Windows XP PC. Note: located in C:\Program Files\Windows Media Connect 2\ |
Windows Media Player Network Sharing Service
(WMPNetworkSvc) | L | wmpnetwk.exe | Related to Windows_Media_Player Network Sharing Service. Note: Located in %ProgramFiles%\Windows Media Player\ |
| Windows Media Sharing (WMSsvc) | X | wmsvc.exe | Added by a variant of the IRCBot family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Windows Messenger | X | msnmsgr.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This is not the legitimate Windows Process. (Which is found in the C:\Program Files\MSN Messenger\ folder.) This worm\trojan file is found in the Windows or Winnt folder. |
| Windows MS Update 32 (Win32) | X | sucker.exe | Added by the W32/Forbot-GJ WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| WINDOWS MSI Installer Application (LD-MSIEXEC_Inst) | X | msiexec.exe | Added A variant of the RBot.cgu family of worms and IRC backdoor Trojans. Note: Located in C:\Windows\AppPatch\ |
| Windows MSN | X | wmsnlivexp.exe | Added by the W32/Sdbot-CXR WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. Modifies some FTP files, read the link |
| windows mssql | X | mssql.exe | Added by the W32/Tilebot-HZ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Windows NetBalance Monitor | X | msnbm32.exe | Identified as Trojan.Win32.AntiAV.y TROJAN! Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Windows NetDDe (shit) | X | wrmana32.exe | Added by the W32.Mytob.IM
WORM!
|
| Windows Netlib Service (CSRS) | X | netlib32.exe | Added by the W32/Tilebot-IG WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| windows network (system) | X | system.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Network Controller | X | WinGmt.exe | W32/Sdbot-MG trojan |
| Windows Network Latency Controller (nlc) | X | sp2vc.exe ( or 1.tmp, nlc.exe) | Added by a Generic_Password_Stealers TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Network Log (Windows Network Log Manage) | X | Netlog.exe | Detected as Backdoor.Win32.Hupigon.el i by Kaspersky |
| Windows Network Mapping Service (NetMap) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. This worm\trojan is located in C:\%WINDIR%\system\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Windows Network Security Management Service (nsms) | X | nsms.exe | Added by the Troj/Ranck-ET TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Network Security Service (lsass) | X | lsass.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Windows Network Security Service (wnss) | X | wnss.exe | Identified as a variant of the Backdoor.Win32.Agent.dvq backdoor Trojan. Note: Located in \%WINDIR%\System32\ |
| Windows Network Serialize | X | mswns32.exe | Identified as the Win32:Small-BKI/Worm/Agent.40960 malware. Note: located in \%WINDIR%\System32\ |
| Windows Network Services (SvcHost32) | X | svchost32.exe | Added by a variant of the Backdoor.Win32.SdBot.bhk family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\System32\ |
| Windows Networking Agent (Windows Networking Agent) | X | msuls.exe | Added by the Troj/Kwoo-A
TROJAN!
Note: This worm\trojan file is found in the System32 folder.
|
| Windows Networks | X | inetsock.exe | Added by an unidentified malware Note: Located in \%Program Files%\NetMeeting\ |
| Windows NT | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Windows NT application | X | winlogon.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\ Note: Use SDFix under supervision. |
| Windows NT Logon Application (WINLOGON) | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Windows NT Session Manager | L | smss.exe | Microsoft Windows NT Session Manager
|
| Windows NT Session Manager (SMSS) | X | smss.exe | Added by the Backdoor.IRCBot.rh as identified by ewido. Note: This worm\trojan is located in C:\%WINDIR%\
Not to be confused by the legitimate smss.exe found in C:\%WINDIR%\System32\ |
| Windows NT Session Manager (WINNTSMSS) | X | smss.exe | TR/Crypt.ULPM.Gen
Note: Located in %Windir%\System |
| Windows NT Session Managers | X | smss.exe | Added by the W32/Sdbot-CPN WORM! Note: This worm\trojan is located in C:\%WINDIR%\ Note: not to be confused by the legit file smss.exe in the C:\%WINDIR%\System32 folder. |
| Windows NZDB Service | X | nzbd.exe | W32/Sdbot-DGJ
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR% (XP/WinNT/2K) |
| Windows Object Manager | X | smss.exe | W32.Banish.A@mm - Symantec Description: Randomly copied characteristics of an already existing service. Located in C:\WINDOWS\smss.exe (9X\XP) or C:\Winnt\smss.exe (NT\2000) Note C:\WINDOWS\System32\smss.exe is a Windows system file. |
| Windows Object Manager | X | lsass.exe | W32.Banish.A@mm - Symantec Description: Randomly copied characteristics of an already existing service. Located in C:\WINDOWS\lsass.exe (9X\XP) or C:\Winnt\lsass.exe (NT\2000) Note C:\WINDOWS\System32\lsass.exe is a Windows system file. |
| Windows Object Manager | X | csrss.exe | W32.Banish.A@mm - Symantec Description: Randomly copied characteristics of an already existing service. Located in C:\WINDOWS\csrss.exe (9X\XP) or C:\Winnt\csrss.exe (NT\2000) Note C:\WINDOWS\System32\csrss.exe is a Windows system file. |
| Windows Object Manager | X | services.exe | W32.Banish.A@mm - Symantec Description: Randomly copied characteristics of an already existing service. Located in C:\WINDOWS\services.exe (9X\XP) or C:\Winnt\services.exe (NT\2000) Note C:\WINDOWS\System32\services.exe is a Windows system file. |
| Windows Object Manager | X | winlogon.exe | W32.Banish.A@mm - Symantec Description: Randomly copied characteristics of an already existing service. Located in C:\WINDOWS\winlogon.exe (9X\XP) or C:\Winnt\winlogon.exe (NT\2000) Note C:\WINDOWS\System32\winlogon.exe is a Windows system file. |
| Windows OneCare Live (winss) | L | winss.exe | Part of Windows OneCare Live |
| Windows Overlay Components | X | (Random).exe | Reported as the Trojan-Dropper.Win32.Agent.tb TROJAN! by Kaspersky Anti-Virus. Note: This trojan file is located in the Windows or Winnt folder. For more information on Trojan Droppers Click_Here |
| Windows Packet Driver (packet) | X | packet.exe | Added by the Troj/Hwbot-C
TROJAN!
Note: This trojan file is found in the System32 folder. |
| Windows PE Debugger | X | lviss.exe | Added by the W32/Sdbot-COT WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Disables the automatic startup of other software. |
| Windows Plug and Play (WinPPn) | X | wpnsvc.exe | Added by a variant of the W32/SDBot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\Help\ |
| Windows Plugin Application | X | svshost.exe | Identified as Backdoor.Win32.SdBot.awe Note: This worm\trojan is located in C:\WINDOWS\system32\ More here Read the link, allows remote access |
Windows Presentation Foundation Font Cache 3.0.0.0
(FontCache3.0.0.0) | L | PresentationFontCache.exe | Related to Microsoft_Framwork Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. Note: located in \%WINDIR%\Microsoft.Net\Framework\v3.0\WPF\ |
| Windows Process Manager | X | spoolsc.exe | W32/Tilebot-JM |
| Windows Process Moniter (Windows Process Moniter) | X | winmon.exe | Added by the SDBOT.BYV
WORM! Also drops winmon.sys which is a root kit.
Note: This worm file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved. |
| Windows Process Sevices | X | prsc32.exe | W32/Spybot-NR Read the link, allows remote access |
| Windows Process Viewer (The Windows Process Viewer) | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) |
| Windows Product Activation (wpa) | X | wpa.exe | Added by the W32.Esbot.B
WORM!
|
| Windows Produre Call (MSRPC) | X | msrpc.exe | Added by the W32/Sdbot-AEI
WORM!
Note: This worm\trojan file is found in the Windows or Winnt folder.
|
Windows Protected Content Restoration Service
(ProtectedContentSvc) | X | services.exe | Added by Oscarbot.IV TROJAN! (backdoor ranky) Note: This worm\trojan is located in C:\%WINDIR%\ETC\ compromise user confidentiality This is not a legitimate Windows Process found in C:\%WINDIR%\SYSTEM32. |
| Windows Protocol Deployment Manager (PDM) | X | 1.tmp | Added by a variant of the Backdoor.Ranky family. TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) The filename (Random Name).tmp |
| Windows Recovery Monitor (wrepmon) | X | wrepmon.exe | Detected as W32/NewMalware-Rootkit-I-based!Maximus by F-Prot |
| Windows Reg Service | X | lsyss.exe | Added by the W32/Tilebot-HH WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Register Control | X | register.exe | Added by the W32/Tilebot-GO WORM! Note: This worm\trojan is located in C:\%WINDIR% |
| Windows Remote Manager | X | lsiss.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
Windows Remote Procedure Call Monitoring Service
(rpcsvc) | X | rpcsvc.exe | Added by the W32/Cuebot-I WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) disabling the automatic startup of other software and deactivates the Microsoft Internet Connection Firewall (ICF). |
| Windows Restore Service | X | spoolcs.exe | Added by the Downloader-SpoolCS/Symon.Process TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows RPC Services (winrpc) | X | winrpc.exe | Added by the W32.Spybot.ACDM
WORM!
Note: This worm file is found in the Windows or Winnt folder.
|
| Windows Secure Service | X | secsrv.exe | W32/Sdbot-DGP
Note: Located in C:\Windows |
| Windows Secure Update (WinSecUp) | X | WinSecUp.exe | Added by the W32/Rbot-GCD WORM! Note: Located in \%Program Files%\Common Files\System\ |
| Windows Security Center | X | winmgr.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32 Note: Use SDFix under supervision. |
| Windows Security Drivers (csrs) | X | csrss.exe | Added by an unknown TROJAN!, Note: This has nothing to do with Microsoft Windows Update and this is not the legitimate Windows Process csrss.exe. (Which is found in the System32 folder.) This trojan file (csrss.exe) is found in the Windows or Winnt folder |
| Windows Security Drivers (csrs) | X | svchost.exe | Added by an unknown TROJAN!, Note: This has nothing to do with Microsoft Windows Update and this is not the legitimate Windows Process svchost.exe. (Which is found in the System32 folder.) This trojan file (svchost.exe) is found in the Windows or Winnt folder |
| Windows Security Manager | X | vcmon.exe | Added by the W32/Tilebot-IC WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Windows Security Update | X | secupd.exe | http://www.sophos.com/virusinfo/analyses/trojsepucb.html |
| Windows Server Client Verification Service (wscvs) | X | wscvs.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: Located in \%WINDIR%\System32\ |
| Windows Server IP Verification Service (WSIVS) | X | wsivs.exe | Added by the Backdoor.Ranky backdoor Trojan. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Windows Server Management Service | X | netsvc.exe | Added by an unidentified TROJ |
