| Name | Status | Filename | Description |
|---|
| R2d2 Kernel Authority | L | KAuthS.exe | Related to R2D2 Software, a Windows service that manages desktops and programs. Without it, no desktops, no virtual screen, no remote access, no user impersonation, ... If you stop this service, all desktops (except the default one) are destroyed. Virtual Desktop Toolbox is no more than a client application of R2d2 Kernel Authority |
| RA Server | X | Slave.exe | Backdoor.RA virus http://www.avp.ch/avpve/trojan/backdoor/ra.stm
Better alternatives are PC Anywhere or VNC |
| RA Server (Slave) | L | Slave.exe | Related to RA_Server from TWD Industries. allows remote desktop administration over a TCP/IP network. Note: Located in C:\%WINDIR%\ |
| Rabo Comm Server | L | RaboCommSrv.exe | Related to the Rabobank, telebanking (Netherlands) |
| Radan Licence Server | L | radlicence2.exe | Radan Sheet Metal CADCAM Software |
| RadClock | L | RadClock.exe | ATI/Radeon Video Card Setting Tweaking Utility |
| Radia Management Agent (rma) | L | nvdkit.exe | Related to Radia_Management Agent from Hewlett-Packard Development Co. Note Novadigm is now owned by HP. Note: Located in \%ROOT%\Novadigm\ManagementAgent\ |
| Radialpoint Service (FWS) | L | fws.exe | Related to RadialPoint |
| RadioSvr | L | RadioSvr.exe | HP support for managing wireless devices |
| raid (raid) | X | raid.sys | Added by the Troj/NtRootK-O
TROJAN!
Read the link, rootkit type stealth involved.
|
| random | X | (5 random letters and two numbers).sys | Troj/RKAgen-Fam
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Ranger Log | L | Rangerlogservice.exe | Related to Silver_Bullet remotely monitors the health of check scanners, receipt printers and other devices. Note: Located in \%Program Files%\Silver Bullet Technology\Ranger\Tools\Log Service\ |
| RapApp | L | rapapp.exe | Black Ice Firewall related |
| RasAt (Remote Connection) | X | svchost.exe | Added by the Troj/Singu-AF TROJAN! |
| Rational ClearQuest Mail Service (MailService) | L | mailservice.exe | Related to IBM_Rational_ClearQuest |
| Rational Cred Manager (cccredmgr) | L | cccredmgr.exe | Related to IBM_Rational_ClearCase |
| Rational Lock Manager (LockMgr) | L | lockmgr.exe | Related to IBM_Rational_ClearCase |
| Rational Test Agent Service (RationalTestAgentService) | L | rtpsvc.exe | Related to IBM_Rational_Software Development Platform |
| RaySat85 Server (RaySat85Server) | L | raysat85server.exe | Related to mental_ray Standalone from Autodesk. A high-performance rendering engine for generating photorealistic images. Note: Located in \%Program Files%\Autodesk\mentalraysatellite8.5\bin\ |
| RaySatxsi4_2 Server (RaySatxsi4_2Server) | L | raysatxsi4_2server.exe | Related to SOFTIMAGE_XSI server from Softimage. Advanced 3D animation software for games, film and television. Note: Located in \%ROOT%\Softimage\XSI_4.2\Application\bin\ |
| RaySat_3dsmax8 Server (mi-raysat_3dsmax8) | L | raysat_3dsmax8server.exe | Related to Autodesk _3ds_Max |
| RdnaoFlSvc | L | naofsvc.exe | Related to Naomi an advanced internet filtering program. |
| rdriv (rdriv) | X | rdriv.sys | Added by the Troj/Rootkit-W
TROJAN!
Read the link, rootkit type stealth involved.
|
| ReaConverter scheduler service (rcp_service) | L | rcp_scheduler.exe | Related to ReaConverter image editing features make the Lite edition a perfect choice for home users. Note: Located in \%Program Files%\ReaConverter 5.0 Pro\ |
| Realplus (Realplus) | X | sserver.exe | Added by the Troj/Paltus-A
TROJAN!
Note: This trojan file is found in the System32 folder.
|
| Reflection Line Printer Daemon | L | lpdserv.exe | Related to http://www.wrq.com/ |
| Reflection Servers | L | rninetd.exe | Related to http://www.wrq.com/ |
| Reflection TimeSync | L | rtsserv.exe | Related to WRQ, Inc. http://www.wrq.com/products/reflection/ |
| regdefend | L | regdefend.sys | See Ghostsecurity
Location: C:\Program Files\RegDefend\regdefend.sys
|
| Regedits Helpers (Windows Regedits Help) | X | iesetup.exe | Troj/Hupigon-KX Note: Located in %windir%\help |
| Regedits Helps (Windows Regedit Helps) | X | iesetup.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\iis] (Win9x/Me), C:\%WINDIR%\System32\iis\ (XP/WinNT/2K) More here |
| Register DLL Driver | X | regdll.exe | Added by the W32/Sdbot-CXB WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| Register Manager | X | regent.exe | Added by the W32/Sdbot-DFJ WORM! Note: This worm is located in \%WINDIR%\ Read the link, allows remote access. |
| Registration Host (reghost) | X | reghost.exe | Added by the W32/Rbot-GKS WORM! Note: This worm is located in C:\Program Files\Common Files\System\ |
| Registro de sucesos (Eventlog) | L | services.exe | Spanish Windows 2000 event logger |
| Registros y alertas de rendimiento (SysmonLog) | L | smlogsvc.exe | Spanish Windows 2000 performance logs and alerts |
| Registry Editor (Regedit) | X | regedit.exe | Added by the W32/Codbot-U
TROJAN!
Note: This is not the regedit application that comes with Windows. (Which is located in the Windows folder) This trojan file is located in the System or System32 folder. |
| Registry Management Service (RegManServ) | L | RegManServ.exe | Related to Complete_PC_Care from WinCleaner. Note: Located in C:\Program Files\Advanced Registry Doctor\ |
| Registry Manager Service (MS Registry Service) | X | MSRMS32.exe | Added by the W32/Rbot-AKP
WORM!
|
| RegService | L | RegService.exe | Related to Intel Corp. http://www.intel.com/network/connectivity/trans/xircom.htm |
| RegSrvc | L | RegSrvc.exe | Intel PROset |
| regstrmon | X | regstrmon.exe | AddeD by the WORM_RBOT.ADA WORM! Note: This worm\trojan is located in C:\%WINDIR%\ folder. |
| RelevantKnowledge | X | rlservice.exe | Added by the Marketscore.RelevantKnowledge ADWARE! Note: Located in \%WINDIR%\System32\ |
| remon (remon) | X | remon.sys | Added by the Troj/RKFu-A
TROJAN!
Read the link, rootkit type stealth involved.
|
| Remote Acces (WindowsDown) | X | servet.exe | Troj/Dloadr-AYT |
| Remote Acces (WindowsFix) | X | servet.exe | W32/Sekap-A Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K)
Allows remote access |
| Remote Access Controller 4 (RAC) (racsvc) | L | racsvc.exe | Related to Dell Open Manage NT Utilities program that allows remote access and control of a computer. This is a common program for hackers to install on a computer, so if it is installed, and you did not install it, it should be removed.
|
| Remote Account Manager (ramtsvc) | X | rasmvc.exe | Added by an Unknown malware Note: Located in \%WINDIR%\System32\mui\ |
| Remote Administrator Service (r_server) | X | systemram.exe | Added by the Troj/Radnag-B
Trojan!
|
| Remote Administrator Service (r_server) | X | r_server.exe | Added by the Troj/Remadm-J
TROJAN!
Note: This trojan file is found in Program Files\real\RealOne Player\lang folder. |
| Remote Administrator Service (r_server) | O | r_server.exe | Related to r_server.exe part of a remote administrator application that allows a user to work on one or more remote computers. The application contains features such as File Transfer, NT security and Telnet. Note: Located in \%WINDIR%\System32\ If you did not installed this server it is suggested that your remove it |
| Remote Break Manager | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Remote Desktop Help Session Manager (RDSessMgr) | L | sessmgr.exe | Related to Microsoft's remote assistance windows plugin. This allows an end user to call for assistance when a remote assistance network service is in place. This process shouldn't be terminated if the fore-mentioned service is in place on your local area network. |
| Remote Displays Service | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Remote Help Session Manager (Rasautol) | X | ntsokele.exe | W32/Fujacks-AP Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Allows others to access the computer |
| Remote HID Service (LvHidSvc) | O | lvhidsvc.exe | Remote access service by Philips Inc. Legitimate, but remote access could be considered dangerous unless monitored carefully. |
| Remote Logon Manager | X | smcs.exe | Added by a variant of the IRCBOT Note: Located in \%WINDIR%\System32\ Note: Use SDFix under supervision. |
| Remote management (Novell WUser Agent) | L | wuser32.exe | Related to Novel, Inc. |
| Remote Map Manager | X | lssc.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Media Player | X | lsscs.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Neon Services | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Remote NetBIOS Manager | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\
|
| Remote NTstat Services | X | svshost.exe | Added A variant of the Backdoor.Sdbot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) | L | rpcapd.exe | Related to Winpcap (Windows Packet Capture Library) |
| Remote Print Spooler (RPSGV) | X | gcsvc.exe | Added by a variant of the Win32.SdBot.aad a TROJAN! identified by F-Secure. Note: This trojan is located in C:\%WINDIR%\ |
| Remote Procadure Call (RPC) (RpeSs) | X | svchost.exe | Troj/Hupigo-UN Read the link, steals information Note: Located in %windir% |
| Remote Procedure Call (RPC) Client (RpcClient) | X | rpcclient.exe | Added by the W32/Codbot-L
WORM!
|
| Remote Procedure Call (RPC) Helper | X | random | CoolWebSearch malware |
| Remote Procedure Call (RPC) Helper ( 6Q�'8) | X | ipjp32.exe | Added by the Trojan.Win32.Agent.bi TROJAN! Note: located in \%WINDIR%\ |
| Remote Procedure Call (RPC) Locator (Locator) | X | rpclocator.exe | Added by the W32/Codbot-Q
WORM!
|
| Remote Procedure Call (RPC) Monitoring (Rpcmon) | X | Rpcmon.exe | Added by the W32/Codbot-T
WORM!
|
| Remote Procedure Call (RPC) Net (Rpcnet) | L | Rpcnet.exe | Related to Laptop_Retriever |
| Remote Procedure Call (RPC) Relocator (RpcRelocator) | X | relocater.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| Remote Procedure Call (RPC) Remote (RpcRemotes) | X | remote.exe | Added by the W32/Mytob-EW
WORM! or Troj/Agent-FB
TROJAN! Note: This worm\trojan file is found in the System32 folder. |
| Remote Procedure Call (RPC) Service (RpcSssvc) | X | RpcSs.exe | Added by the W32/Cuebot-J WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) Note: The file RpcSs.exe is also a good Microsoft file. Before deleting check the propriatiry of the file. |
| Remote Procedure Call (RPC) Subsystem (RPCS) | X | rpcss.exe | W32/Tilebot-JF Read the link, allows remote access |
| Remote Procedure Call System (RPCS) | X | Win.exe | Troj/Dropper-PT
Note:Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Procedure Call System(RPCS) (RpcS) | X | Rpcs.exe | Added by the Troj/QQRob-ABS TROJAN!
Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Remote Procedure Call System(RPCS) (RpcSe) | X | Rpcse.exe | Added by the Troj/Mdrop-BMK TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Procedure Call System(RPCSss) (RpcSss) | X | RpcSss.exe | Added by the Troj/QQRob-ACI TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Procedure Call System(RPCSU) (RpcSu) | X | Rpcsu.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Remote Procedure Call System(RPCSx) (RpcSx) | X | Rpcsx.exe | Added by a variant of the W32/SDBOT WORM! Note: This worm\trojan is located in C:\%WINDIR%\System32\ (XP/WinNT/2K) |
| Remote Process Killer | O | RKillSrv.exe | The Windows NT Resource Kits, both NT4 and Windows 2000 Professional, include a remote kill process commandline utility rkill.exe . To be able to kill a process or processes running on a remote server, you must have admin privileges and the rkillsrv.exe service must be installed and running. If this service was not installed by you or an LAN Admin. remove it. Note: Located in \%WINDIR%\System32\ |
| Remote Reader Machine | X | ssmc.exe | Added by the Backdoor.SdBot.avk as detected by ewido. More here |
| Remote Record Service (RemoteRecord) | L | remoterecordclient.exe | Related to MSN_TV Note: Located in c:\program files\microsoft corporation\msn remote record service\ |
| Remote Republic Services | X | svshost.exe | Added by a varian of the Backdoor.Sdbot family of trojan. Note: Located in \%WINDIR%\System32\ |
| Remote Run Services | X | svshost.exe | Added by a varian of the Backdoor.Sdbot family of trojan. Note: Located in \%WINDIR%\System32\ |
| Remote Services Manager (RSMSS) | X | (Trojan file name) | Added by the Troj/Bckdr-BBK
TROJAN!
|
| Remote Solver for COSMOSFloWorks 2006 | L | StandAloneSlv.exe | Related to COSMOS_FloWorks From COSMOS. CAD program. Note: Located in C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\ |
| Remote Storage (Rmtstrg) | X | taskmgr.exe | Added by the Troj/Spy-UN TOJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) Read the link, monitors websites visited and report them to a remote site |
| Remote Storage (RS) (Rmtstrg2) | X | taskmgr.exe | Added by a varian the Troj/Spy-UN TOJAN! Note: This worm\trojan is located in C:\%WINDIR%\System32\drivers\ (XP/WinNT/2K) Read the link, monitors websites visited and report them to a remote site |
| Remote Task Manager service (RTM) | L | RTMService.exe | Related to Remote_Task_Manager remote control suite. Note: Located in C:\Program Files\Remote Task Manager\ |
| Remote TCP Services | X | vcmon.exe | Added by the W32/Tilebot-HX WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) disabling the automatic startup of other software. |
| Remote TCPI Services | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Remote Terminal (RemoteTerminal) | X | mscp.exe | Added by the Backdoor.Win32.SdBot.aad TROJAN! Note: Located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| Remote Time Pluger | X | svshost.exe | Added by a variant of the SdBot.awe family of worms and IRC backdoor Trojans. Note: Located in \%WINDIR%\System32\ |
| Remote Transfer Manager | X | svshost.exe | W32/Rbot-GQR Read the link, allows remote access |
| Remote Windows Services | X | vcmon.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| RemoteControlService.exe | L | RemoteControlService.exe | Related to ITE_Remote_Control Service from ITE Tech. Inc. Note: Located in \%WINDIR%\System32\ |
| Remotely Possible/32 (RP32Service) | L | rp32serv.exe | Related to Avalan now owned by Computer Associates International, Inc. http://ca.com/products/ |
| RemotelyAnywhere | L | RemotelyAnywhere.exe | Related to RemotelyAnywhere
Made by 3am Labs Inc. This file should be found in the Program Files\RemotelyAnywhere folder. |
| RemotelyAnywhere Maintenance Service (RAMaint) | L | RaMaint.exe | Related to RemotelyAnywhere
Made by 3am Labs Inc. This file should be found in the Program Files\RemotelyAnywhere folder. |
| RemoteRegBck | X | regsvc.exe | Added by Backdoor.Win32.SdBot.aad as identified by Kaspersky. TROJAN!
Note: located in C:\WINDOWS\. Not to be confused with the Original Microsoft file in C:\WINDOWS\system32\ |
| Removale Sorage (RemovaleSorage) | X | G_Server.exe | Added by the Troj/Feutel-AT
TROJAN!
Note: This trojan file is found in the System32 folder. |
| Required Service Drivers | X | micront.exe | Added by the W32/Rbot-ABD WORM! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) terminate threads and processes read the information |
| Reset 5 | O | srvany.exe | Unknown owner: Location C:\Windows\System32\srvany.exe
In this case srvany.exe is loading resetservice.exe as a service.
May be found in the company of
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
Windows XP Product Activation Bypass
So as to avoid the registration process on boot-up.
Typically used on a pirated Operating System.
|
| Resource Manager Mail (ResourceManagerMail) | L | MailService.exe | Related to Citrix Systems, Inc. |
| restore (restore) | X | restore.exe | Added by the SDBOT.CFD
WORM!
Read the link, rootkit type stealth involved.
|
| Retrospect Client | L | RemotSvc.exe | Related to Dantz Development Corporation |
| Retrospect Express HD Launcher (RetroExpLauncher) | L | retrorun.exe | Related to Dantz Development Corporation |
| Retrospect Express HD Restore Helper (RetroExp Helper) | L | rthlpsvc.exe | Related to Dantz Development Corporation |
| Retrospect Helper | L | rthlpsvc.exe | Related to Dantz Development Corporation |
| Retrospect Launcher (RetroLauncher) | L | retrorun.exe | Related to Dantz Development Corporation |
| Retrospect WD Service (RetroWDSvc) | L | wdsvc.exe | Related to Dantz Development Corporation |
| Reuters XMS Sync (RXMSSync) | L | rxmssync.exe | Related to Reuters_XMS_Sync routers. Note: Located in http://www.routers.com/ |
| RevUDFService | L | RevUDF.exe | Related to Iomega_Corp provider of a number of backup data solutions |
| Ridoc Server Information Service (RsiSvc) | L | RsiSvc.exe | Related to Ricoh Document System Server Information Service. Note: Located in \%Program Files%\RDS\ |
| Rio MSC Manager (RioMSC) | L | RioMSC.exe | Related to Digital Networks North America. |
| Rising Personal Firewall Service (RfwService) | L | rfwsrv.exe | Related to Rising_Personal_Firewall, Rising Personal Firewall from Beijing Rising Tech., Corp. service. Note: Located in \%Program Files%\rising\rfw\ |
| Rll enhanced drive (mfm) | X | msrll.exe | Added by the Troj/Jtram-E
TROJAN!
Note: This trojan file is found in the System32\mfm folder. |
| ro0 Service (ro0Srv) | X | ro0.exe | Added by the Backdoor.HackDefender Rootkit! Note: Located in \%WINDIR%\System32\ro0\ Note: Use SDFix under supervision. |
| RoamMgr | L | RoamMgr.exe | Intel PROset |
| Rockwell Application Services (RsvcHost) | L | RsvcHost.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Directory Multiplexer (RNADirMultiplexor) | L | RNADirMultiplexor.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Directory Server (RNADirectory) | L | RnaDirServer.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Event Multiplexer (EventClientMultiplexer) | L | EventClientMultiplexer.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell HMI Activity Logger | L | RsActivityLogServ.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell HMI Diagnostics | L | HMIDIAGNOSTICSLSTADAPT.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rockwell Tag Server | L | TagSrv.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| rofl (rofl) | X | rofl.sys | Added by the Troj/RKPort-Fam
TROJAN!
This is a rootkit! |
| Roger Wilco Base Station | L | rwbs.exe | Related to IGN_Entertainment Inc. Required to operate the Wilco Base Station. |
| Rogers Update Manager (RogersUpdateManager) | L | RogersUpdateManager.exe | Searches for updates for the Rogers Yahoo!_Browser Note: Located in \%Program Files%\Rogers\Update Manager\ |
| RollbackClientService | L | RollbackClnt.exe | Horizon DataSys Rollback Rx |
| RosettaStoneLtdController | L | RosettaStoneLtdController.exe | Language learning program Rosetta_Stone |
| Routing Service (Routing) | X | routing.exe | Added by an unknown Trojan/Backdoor Note: Located in \%WINDIR%\System32\ |
| Roxio Hard Drive Watcher (RoxWatch) | L | RoxWatch.exe | Related to Roxio_Inc |
| Roxio Hard Drive Watcher 10 (RoxWatch10) | L | RoxWatch10.exe | Related to Roxio_Inc Easy Media Creator 10. Note: Located in \%Program Files%\Common Files\Roxio Shared\10.0\SharedCOM\ |
| Roxio Hard Drive Watcher 9 (RoxWatch9) | L | RoxWatch9.exe | Related to Roxio_Inc |
| Roxio UPnP Renderer 10 | L | RoxioUPnPRenderer10.exe | Related to Roxio_Inc Easy Media Creator 10. Note: Located in \%Program Files%\Roxio\Digital Home 10\ |
| Roxio UPnP Renderer 9 | L | RoxioUPnPRenderer9.exe | Related to Roxio_Inc |
| Roxio Upnp Server 10 | L | RoxioUpnpService10.exe | Related to Roxio_Inc Easy Media Creator 10. Note: Located in \%Program Files%\Roxio\Digital Home 10\ |
| Roxio Upnp Server 9 | L | RoxioUpnpService9.exe | Related to Roxio_Inc |
| RoxMediaDB | L | RoxMediaDB.exe | Related to Roxio_Inc |
| RoxMediaDB10 | L | RoxMediaDB10.exe | Related to Roxio_Inc Easy Media Creator 10. Note: Located in \%Program Files%\Common Files\Roxio Shared\10.0\SharedCOM\ |
| RoxMediaDB9 | L | RoxMediaDB9.exe | Related to Roxio_Inc |
| RoxUpnpRenderer (RoxUPnPRenderer) | L | RoxUpnpRenderer.exe | Related to Roxio_Inc |
| RoxUpnpServer | L | RoxUpnpServer.exe | Related to Roxio_Inc |
| RPAService | L | RPAService.exe | Related to Gilat Satellite Networks Ltd. Note: Located in \%Program Files%\GILAT\Internet Page Accelerator\ |
| RPC Debug Control (RPCDB) | X | csts.exe | Added by the Backdoor.Win32.SdBot.aad as identified by Kaspersky TROJAN! Note: This worm\trojan is located in C:\Windows\System (Win9x/Me), C:\%WINDIR%\System32 (XP/WinNT/2K) |
| RPC+ Service Provider (RPCSS+) | X | rpcss_pl.exe | Trojan. - http://www.what-process.com/process-info.aspx?p=rpcss_pl.exe |
| RpcRemotes | X | remote.exe | Added by the W32/Fanbot-J
WORM!
Note: This worm file is found in the System32 folder. Be sure to check the link on this one. Copies it's self to various folders and file names.
|
| RSLinx | L | RSLINX.EXE | Related to Rockwell_Automation Inc. FactoryTalk suite |
| RSLinx Enterprise (RSLinxNG) | L | RSLinxNG.exe | Related to Rockwell_Automation Inc. FactoryTalk suite |
| Rtkit | X | Rtkit.exe | Added by the Backdoor.Rtkit
TROJAN!
Read the link, rootkit type stealth involved.
|
| rtvscan | X | rtvscan.exe | Added by a variant of the Backdoor.Sdbot family of worms and IRC backdoor Trojans. Note: located in \%WINDIR%\ This infection should not be confused with the legitimate Note: Note: Located in \%Program Files%\Symantec\SAV\Rtvscan.exe file. |
| rudll | X | rudll.exe | Troj/Hupigon-CF Note: Located in %windir% Read the link, allows remote access |
| RUMBA AS/400 Shared Folders (Wdworkstation) | L | wdnpsvc.exe | Related to RUMBA which provides connectivity from Microsoft Windows desktops to virtually any host system with mission critical reliability. From NetManage Inc. Note: Located in \%WINDIR%\System32\ |
| Run RunOnce | L | ShipUPS.EXE, RunOnce.exe | Related to UPS WorldShip shipping software |
| rundll.exe | X | msn93.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll.exe | X | msngrsm.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll.exe | X | rundll.exe | Added by an unknown variant of a backdoor TROJAN! Note: This worm\trojan is located in C:\%WINDIR%\ |
| rundll32 (rundll32) | X | rundll32.exe | Added by the Troj/Feutel-Q
TROJAN! |
| rundll32.exe | X | lsass.exe | Added by an unidentified TROJAN! of the Sdbot family. Note: This worm\trojan is located in C:\%WINDIR%\ |
| Runtime | X | runtime.sys | Troj/Agent-ECZ Note: Located in %windir%\system32 |
| Runtime | X | runtime.sys | Troj/Pushu-Gen
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K) May also have an additional services installed. Read link |
| runtime2 | X | runtim2.sys | Troj/DropRk-A
Note:Located in C:\Windows\System\Drivers (Win9x/Me), C:\%WINDIR%\System32\Drivers (XP/WinNT/2K) |
| Rupsd | L | Rupsd.exe | Related to Mega_System Technologies Inc. |
| Rupsmon | L | RupsMon.exe | Related to Mega System Technologies, Inc. |
| RVS CommCenter (RvsCC) | L | RVSCC.EXE | Legit Fax/Digital Answering Machine/Telephony service. Owner Unknown . Located in C:\Program Files\Teledat\WCOM\SYSTEM\ |
| RVS Installer (RVSINST) | L | RVSINST.EXE | Legit Fax/Digital Answering Machine/Telephony service. Owner: RVS Datentechnik GmbH, Mnchen. Located in: C:\Program Files\Teledat\WCOM\SYSTEM\ |
| Rwx (Rwx2005) | X | svhosts.exe | Added by the Troj/Subzero-B
Trojan!
|
| r_server | X | service.exe | Added by the Troj/Remadm-G
TROJAN!
Note: This is not the legitimate Windows process services.exe (Notice the difference in the spelling.) This trojan file (service.exe) is also found in the System32 folder.
|
