| Name | Status | Filename | Description |
|---|
| Microsoft Registry Viewer (Dumpreg) | X | DUMPREG.EXE | Added by the SDBOT.BXI
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft RPC API Helper (Random Letters) | X | (Random FileName).sys | Troj/Conhook-AG
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K)
Installs multiple services. Read Link |
| Microsoft Sata emulation (mside) | X | mside.exe | Added by the Worm.Opanki.BK WORM! Note: This worm\trojan is located in C:\%WINDIR%\SYSTEM\ Read the technical details |
| Microsoft SCC Host Protocol (POOLSVR) | X | poolsv.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft SCC Host Protocol (TaskMGM) | X | taskmg.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Microsoft sdk core (sdk) | X | lsass.exe | Added by the Troj/IRCBot-PF TROJAN! Note: Located in C:\%WINDIR%\ |
| Microsoft Security Center Extension (msscenter) | X | msscntr32.exe | Identified as Danmec/Asprox password-stealing trojan. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft Security Login Service | X | mssecure32.exe | Added by the W32/Vanebot-R WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) Attempts to terminate a number of processes related to security and anti-virus applications. |
| Microsoft security update service (msupdate) | X | msvcrtd.exe | Related to a variant of the Trojan.Win32.Agent.NCR family. TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| Microsoft security update service (msupdate) | X | mssrv32.exe | Troj/Agent-GCE
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (Vista/XP/WinNT/2K) |
| Microsoft Service Manager (winmdgr) | X | winsvcmgr.exe | Added by the W32/Rbot-AAD
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft SQL Server Debug (sql) | X | sqldebug.exe | Added by the W32/Tilebot-FF WORM! Note: Located in C:\%WINDIR%\ |
| Microsoft SSL (ssl) | X | ssl.exe | Added by the W32.Esbot.C
WORM! Note: This Worm\Trojan file is found in the System32 folder and has nothing to do with the (Secure Socket Layer) |
| Microsoft Star Window Service | X | starwin32.exe | Added by the W32/Rbot-FNT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ dllcache\ (XP/WinNT/2K) |
| Microsoft Star Window Service | X | svcshoter.exe | Added by the WORM_SDBOT.ANK WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache (Win9x/Me), C:\%WINDIR%\System32]dllcache (XP/WinNT/2K) provides the remote user virtual control over the affected system, thus compromising system security. |
| Microsoft Star Window Service | X | starwksvc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) |
| Microsoft Startup Manager. (Microsoft Startup Manager) | X | msput.exe | Added by the W32/Sdbot-BAY WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Svc Services Dispatcher | X | svcsrv.ldr | unknown malware |
| Microsoft Terminal Service | X | msterminal.exe | Added by the W32/Sdbot-CPZ WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\DllCache\ (XP/WinNT/2K) |
| Microsoft TG Mannager | X | mtgm.exe | Added by the WORM_SDBOT.EMT WORM! Note: This worm is located in C:\%WINDIR%\ Read the link, allows remote access |
| Microsoft Translation Service (MTServ) | X | mtserv.exe | Added by the W32/Rbot-GAL WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Updata ver2005 (Microsoft Updata ver2005) | X | tw725.exe | Added by the Troj/Feutel-P
TROJAN!
|
| Microsoft Update | X | SCVVC.exe | Added by a variant of the W32/Malware Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft update (msnupdate) | X | windupdate.exe | Added by the SDBOT.CGV
WORM!
Read the link, rootkit type stealth involved.
|
| Microsoft update Service | X | msiupdate32.exe | Added by the W32/Vanebot-S WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF). Attempts to terminate a number of processes related to security and anti-virus applications |
| Microsoft usnsvc Service | X | usnsvc.exe | Added by a variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ |
| Microsoft Validation Service | X | mvsr32.exe | Detected as Backdoor.SdBot.bem by AVG-antispyware |
| Microsoft Validation Service | X | wmiprsv.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ |
Microsoft Virtual Private Network (MS Virtual Private
Network) | X | MSVPN32.exe | Added by the W32/Rbot-AIO
WORM!
|
| Microsoft Vista Updater System | X | nvcsc23.exe | Added by a variant of the BACKDOOR.IRC.BOT Note: This worm\trojan is located in \%WINDIR%\ |
| Microsoft Visual Basic | X | MSVCRT.exe | Added by a variant of the RBOT family of IRC Backdoor trojan. Note: Located in \%WINDIR%\System\ Note: Use SDFix under supervision. |
| Microsoft Visual Studio (W32MVS) | X | w32mvs.exe | Identified by VBA32 as a variant of the Backdoor.Win32.Agent.cjo malware. Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Microsoft VPS Service | X | msvps.exe | Added by the W32/Rbot-FNI WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software |
| Microsoft Webserver (Microsoft Webserver) | X | Microsoft Webserver.exe | Added by the Troj/Hupigon-FU
TROJAN!
Note: This trojan file is found in the Windows or Winnt folder.
|
| Microsoft Windows (Microsoft Windows) | X | system.exe | Added by the W32/Rbot-AMQ
WORM! Note: This worm file is found in the Windows or Winnt folder.
Read the link, rootkit type stealth involved.
|
| Microsoft Windows Avantage Service (Windows Avantage) | X | avantage32.exe | Added by the W32/Tilebot-HE WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disables the automatic startup of other software. |
| Microsoft Windows BDA Service | X | svhba.exe | Added by the W32/Vanebot-P WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) disables the automatic startup of other software |
| Microsoft Windows DMR Service (Windows DMR Service) | X | dmrproc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ More here |
| Microsoft windows FTPd | X | updtftpini.exe | Added by the W32/Rbot-FUS WORM! Note: This worm\trojan is located in C:\Windows\dllcache\ (Win9x/Me), C:\%WINDIR%\dllcache\ (XP/WinNT/2K) More] here |
| Microsoft Windows HDA Service | X | svhda.exe | Added by the W32/IRCBot-SL WORM! Note: This worm\trojan is located in C:\Windows\System\dllcache\ (Win9x/Me), C:\%WINDIR%\System32\dllcache\ (XP/WinNT/2K) |
| Microsoft Windows HelpFile (Windows Helpfile) | X | services.exe | Added by the W32/Tilebot-FQ WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. disabling the automatic startup of other software |
| Microsoft Windows Internet Connections Manager (net32b) | X | net32b.exe | Added by the W32/Cuebot-N WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Deactivates the Microsoft Internet Connection Firewall (ICF).
|
| Microsoft Windows Man Service (Windows Man Service) | X | winmgr.exe | Added by the W32/Sdbot-DTL WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
Microsoft Windows Protection (Windows Protection
Service) | X | winlogon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Microsoft Windows Software Update Service (mswsus) | X | mswsus.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Microsoft Windows Spool Service (Windows Spool Service) | X | wdfmgr.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\
Not to be mistaken with wdfmgr.exe which is part of Microsoft Windows Media Player and located in, C:\WINDOWS\System32\. |
| Microsoft Windows Spool Service (Windows Spool Service) | X | services.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ folder.
Note: This is not the legitimate Windows Process. (Which is found in the System32 folder.) This worm\trojan file is found in the Windows or Winnt folder. |
Microsoft Windows Spooler Service (Windows Spooler
Service) | X | winlogon.exe | Added by the W32/Tilebot-FR
WORM!Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
|
Microsoft Windows Spooler Service (Windows Spooler
Service) | X | services.exe | Added by the W32/Tilebot-FW
WORM! Note: This is not the legitimate Windows process (Which is always found in the System32 folder). This worm file is found in the Windows or Winnt folder. Allows a remote intruder to gain access and control over the computer, read the link.
|
| Microsoft Windows SQL Service | X | winesql.exe | Win32/IRCBot.UG |
