| Name | Status | Filename | Description |
|---|
| NTCHARGE | L | winlogon.exe | Related to Microsoft Internet Information Services (IIS). |
| NTFS Crypto Technology (NTFSCrypt) | X | ntfscrypt.exe | Added by the W32/Spybot-NC WORM! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| NTFS File Location Service (NTFSFLS) | X | ntfsloc.exe | Added by the W32/Sdbot-CSG WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| NTFSprotect (ntfsdiscman) | X | ntfsprotect.exe | Added by the SDBOT.CCF
WORM!
Read the link, rootkit type stealth involved.
|
| ntldr.sys | X | ntldr.sys | Troj/SpamToo-AQ
Creates the file %Root% |
| Ntlm_Drive_Connect (Ntlm_Drive_Connect) | X | TimerU.sys | Added by the Tuimer TROJAN! |
| NTLOAD | X | ntsrv.exe | Identified as Win32.Iroffer.b by Kasperksy. Note: Located in \%WINDIR%\System32\dllcache\win32\ |
| NTLOAD | X | winlogon.exe | Other files in the same directory identified as Win32.Iroffer.b by Kaspersky |
| ntmssvc | X | svchost.exe -k ntmssvc | Added by the Fuwudoor TROJAN! |
| ntmssvc | X | SysPkOs.dll | Troj/BkDoor-A
Troj/BkDoor-A may overwrite registry entries, to enable it to run as a service.
Read link |
| NTP (Network Time Protocol) | X | winlogon.exe | Added by the Troj/Jtram-D
TROJAN!
Note: This trojan file is found in the System32\Client folder.
|
| NTRU Hybrid TSS v1.05 TCSD (tcsd_win32.exe) | L | tcsd_win32.exe | Related to NTRU_Cryptosystems Inc. Provider a public key cryptography system (PKCS) |
| NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) | L | tcsd_win32.exe | Related to NTRU_Cryptosystems Inc. Provider a public key cryptography system (PKCS) Note: Located in \%Program Files%\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\ |
| NTSec(ntsec) (NTSec) | X | ntsec.exe | Identified as Trojan-Dropper.VB.22 by VBA32 Note: located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) This should not be confused with Keylog_Ardamax A program may have legitimate uses in contexts where an authorized administrator has knowingly installed this application. Located in %Documents and Settings% \Start Menu\Programs\Ardamax Keylogger. If you did not install this program remove it. |
| NTSecure | O | srvany1234.exe | Unknown owner: Location C:\WINDOWS\system32\srvany1234.exe |
| NTSVCMGR | X | winlogon.exe | Identified as Win32.Iroffer.b by Kasperksy. Note: Located in \%WINDIR%\System32\dllcache\win32\ Note: This is not the legitimate Windows Process which is found in \%WINDIR%\System32\ folder. |
| NTSVCMGR | X | ntsrv.exe | Identified as Win32.Iroffer.b by Kasperksy. Note: Located in \%WINDIR%\System32\dllcache\win32\ |
| NTsyslog | L | ntsyslog.exe | Related to Open_Source_Technology Group. An application logging functionality. |
| nTune Service (nTuneService) | L | nTuneService.exe | Related to NVIDIA Access Manager. Note: Located in C:\Program Files\NVIDIA Corporation\nTune\ |
| NTVDM | X | ntvdm.exe | W32/Tilebot-JZ
Note:Located in C:\Windows (Win9x/Me), C:\%WINDIR%(XP/WinNT/2K) Used in DOS attacks, Allows others to access the computer Please read information on link |
| NuTCRACKER Kernel | L | nutkserv.exe | Related to openUTM from Fujitsu Siemens Computers |
| NuTCRACKER Service | L | nutsrv4.exe | Related to Rational Rose, MKS Toolkit for Enterprise Developers |
| NuTCRACKERService | L | nutsrv4.exe | Related to MKS from DataFocus Inc. Toolkit for Enterprise Developers. |
| NvCplScan | X | msc32.exe | Related to the W32/FORBOT-DD |
| NvCplScan | X | nvsc32.exe | another example, added by Forbot_ET. |
| Nvedavt | L | ousbehci.sys | Related to OrangeWare Corp. |
| nvidGUIv (nvidGUIv2) | X | NVIDGUIV.EXE | Added by the SDBOT.CTQ
WORM!
Read the link, rootkit type stealth involved. |
| NVIDIA Display Driver Service (NVSvc) | L | nvsvc32.exe | Related to NVIDIA drivers. |
NVIDIA Display Driver Service (Omega 1.6693) (P)
(NVSvc) | L | nvsvc32.exe | Related to NVIDIA, http://www.nvidia.com/ drivers. |
| NVIDIA Display Service (NVIDIA Display Driver Service) | X | Nvds.exe | Added by an unidentified TROJAN! Note: of the Win32/Rbot Family. Note: This worm\trojan is located in C:\%WINDIR%\ folder |
| NVIDIA Driver Helper Service (NVSvc) | L | nvsvc32.exe | Related to NVIDIA drivers. Note: Located in \%WINDIR%\System32\ |
| NVIDIA Driver Serviceˇˇ (NVSv ) | X | svchost.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Nvidia Graphic Displacement (nvideoGUI) | X | nvideogui.exe | Added by the SDBOT.CQD
WORM!
Read the link, rootkit type stealth involved.
|
| NVIDIA PVR Schedule Monitor (nvpvrmon) | L | nvpvrmon.exe | Related to NVIDIA ForceWare driver. Note: Located in C:\Program Files\NVIDIA Corporation\ForceWare\Multimedia\NVPVR\ |
| nvsec(nvsec) (NvSec) | X | nvsec.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) More here |
| nvsvc32.exe | X | wmisp.exe | Added by the Backdoor_Win32_SdBot_aad WORM! - Reported by KASPERSKY ON-LINE SCANNER |
| O&O CleverCache Agent (OOCleverCacheAgent) | L | ooccag.exe | Related to O&O_Software Products. Located in folder: \OO Software\CleverCache\ |
| O&O ComponentInstaller Agent | L | oocinst.exe | Related to O&O software Protection Software |
| O&O Defrag | L | oodag.exe | www.oo-software.com |
| O&O Defrag 2000 (OOD2000) | L | OOD2000.exe | Part of O&O Defrag |
O23 - Service: AOL Anti-Spyware Service
(AOL_SpywareServ) | X | aolspy.exe | Added by a variant of the Backdoor.Win32.Rbot.cgu TROJAN! Note: This worm\trojan is located in C:\WINDOWS\web\ |
O23 - Service: OradevReports [localrepserver]
(OracleReportServer-localrepserver) | L | rwserver.exe | Related to Oracle products |
| O2Micro Flash Memory (O2Flash) | L | o2flash.exe | Related to O2Micro_Flash Memory Card. Note: Located in C:\WINDOWS\system32\ |
Odyssey Client for Fujitsu Siemens Computers
(odClientService) | L | odClientService.exe | Related to Odyssey_Client for Fujitsu Siemens Computers. Note: Located in C:\Program\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\ |
| OESH (Office Source Engine Help) | X | Program.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C: folder. |
Office Server Extensions Notification Service
(OWSTimer) | L | OWSTIMER.EXE | Related to Microsoft_SharePoint Note: Located in C:\Program Files\icrosoft Office\Office\ Files\ |
| Office Source Engine (ose) | L | OSE.EXE | Microsoft Office Source Engine |
| OfficeScan NT Listener (tmlisten) | L | tmlisten.exe | Related to Trend_Micro RealTime Scan Antivirus application. Note: Located in \%Program Files%\Trend Micro\OfficeScan Client\ |
| OfficeScan NT Proxy Service (TmProxy) | L | tmproxy.exe | Related to Trend Micro Inc. |
| OfficeScanNT Listener (tmlisten) | L | tmlisten.exe | Related to Trend_Micro RealTime Scan Antivirus application. Note: Located in \%Program Files%\Trend Micro\OfficeScan Client\ |
