Pacman's Portal Start-up Programs Database

Message Board

Latest updates for the Windows start-up programs database

25th September, 2003

New items - 59

X - {2CF0B992-5EEB-4143-99C0-5297EF71F444} (rundll32.exe stlbdist.dll,DllRunMain)
X - <random digits>.exe (<random digits>.exe)
X - 2020Downloader (mssvr.exe)
N - Avtray (Avtray.exe)
X - Bios (Bios32.exe)
U - Canary (canary-std.exe)
? - CEPA (wsot.exe)
X - Config (service.exe)
X - Configuration Loader (3) (service5.exe)
U - CPATR10 (CPATR10.EXE)
Y - cuagentExe (Cuagent.exe)
? - dkzzixm (dkzzixm.exe)
X - Download Plus (DownloadPlus.exe)
Y - DvpInitExe (Dvpinit.exe)
Y - dvprpt (Dvprpt.exe)
? - emsw.exe (emsw.exe)
X - ForceShow (rundll32.exe QaBar.dll,ForceShowBar)
U - Goldensoft_MndlSvr (MndlSvr.exe)
N - HalifaxHowardCluster (skinkers.exe)
X - Internal (<trojan filename>)
X - Internt (Internt.exe)
X - Intrenat (Intrenat.exe)
N - kdx (KHost.exe)
? - Launcg (launcg.exe)
X - Media Plug x.1.2 (msdm.exe)
X - MicrosoftServiceManager (3) (EXPLORERE.EXE)
X - MicrosoftServiceManager (4) (msupdat.exe)
N - MMTray (2) (MMTray.exe)
N - MMTray2K (MMTray2K.exe)
N - MMTrayLSI (MMTrayLSI.exe)
U - MSKExe (spamkiller.exe)
X - MS Security Hotfix (service5.exe)
N - MWSnap (MWSnap.exe)
X - Outwar (syslaunch.exe)
N - PICPRTR (PICPRTR.EXE)
X - PowerManagement (Rundlll.exe)
X - Program File (Progmon.exe)
U - pttrun (pttrun.exe)
U - RadBoot (RadBoot.exe)
U - RegTweak (RegTwk.exe)
? - Removecpl (RemoveCpl.exe)
X - RSS (rundll32 RSSToolbar.dll,DllRunMain)
X - Service Host (spoolos.exe)
X - Svc (svc.exe)
X - svchost (6) (<path to trojan>)
X - sws.exe (<random filename.exe>)
U - System Check (Rundll32.exe SysDll32.dll,SystemCheck)
X - System Initialization (2) (<path to backdoor>)
X - Systoan32 (systoan.exe)
Y - TabUserW (TabUserW.exe)
? - uc_start (ucstartup.exe)
X - Update (<original file path>)
U - VCDTower (VCDTower.exe)
X - Virtual Bouncer (VirtualBouncer.exe)
X - VnCplUpdate (msdm.exe)
X - Win32 Kernel core component (Kernel32.pif)
U - WinFast Schedule (Wfwiz.exe)
X - WinLibUpdate32 (libupdate32.exe)
U - WRDialer (WrDialer.exe)

Changed items - 19

CyDoor - "CydoorUpdate" added as an alternative name
Ibmpmsvc - status (U) and description changed
iedll - description updated
JobHisInit - status (U) and description changed
LIU - "Rubicon.exe" added as an alternate command
loader - description updated
MplSetUP - status (U) and description changed
NAV - command changed to "RuxDLL32.exe"
NvCplDaemon (2) - "NvCpl" added as an alternative name
NvXplDeamon - description updated
PrizeSurfer - status (X) changed and description updated
RCSync - status (X) changed and description updated
Services (2) - RANCK.B added as another VIRUS version
skinkers - description updated
SysService32 - "ln32k.dll" added as an alternative command
THOTKEY - status (U) and description changed
TPWRTRAY - status (Y) changed and description updated
VbouncerDL - description updated
Windows (3) - ALADINZ.D added as another VIRUS version

11th September, 2003

New items - 63

? - AHNUE (AHNUE.exe)
U - aiepk (aiepk2.exe)
X - <filename> (App.exe)
X - BADDATE (BADDATE.EXE)
X - blss (blss.exe)
X - Bsx3 (Rundll32.exe bs3.dll,DllRun)
Y - ccSetMgr (ccSetMgr.exe)
? - CleanEasyImg (cleanall.exe)
X - DevicePath (Proyecto1.exe or Root.exe)
X - explorer (5) (expl32.exe)
U - FG1_00 (frntgate.exe)
U - Fhtisxk (fhtisxk.exe)
X - helpmanager (spoler.exe)
? - ISDN Monitor (Linksts.exe)
X - Java Runtimes (iexplore.exe)
X - Kernel (bboy.exe)
X - LoginPassport (Lgnpsp32.exe)
X - Mail_Check (Mail_Check.exe)
N - Mania Win Restore (RESWIN.EXE)
? - mapisvc32 (mapisvc32.exe)
Y - McVsRte (mcusrt.exe)
X - MediaPath (Proyecto1.exe or Root.exe)
N - MessagerStarter Freeserve (StartMessager.exe)
X - MS Config Loader (svchos1.exe)
X - nAv AGENT (2)
X - NavAgent32 (2) (SCardSvr32.Exe)
X - Nero.ma (<digits>.exe)
X - nsdriver (nssys32.exe)
X - NSupdate (NSupdate.exe)
Y - PAV.EXE (2) (PAV.EXE)
Y - PER Email Protection (pavmail.exe)
X - print sharing (2) (hidden32.exe <path>\explorer.exe)
X - rIOphosIs (rIOPHosIs.vBS)
? - RjLyraInstaller (setup.exe)
? - rndll2 (rndll2.exe)
X - run= (15) (Mail_Check.exe)
X - Rundll32.exe (Proyecto1.exe or Root.exe)
N - SB Audigy 2 Startup Menu (/l:eng)
X - SCardSvr (2) (SCardSvr32.Exe)
X - Search-Exe (SE.exe)
X - SecureLogin (Mslg32.exe)
X - Sex Teris (st01b.exe)
? - SGTBox (SGTBox.exe)
X - Strng32 (strngbox.exe)
X - SYDNEY (<file path>)
Y - Symantec Core LC (symlcsvc.exe)
X - SystemMap32 (Netisp32.vbs)
X - System Soap Pro (soap.exe)
X - System Tray32 (SysTray32.exe)
X - Taba (stte.exe)
U - TiomanExe (Tioman.Exe)
X - win32 (3) (Setup_32.exe or WinSetup.exe)
X - Win32 (4) (Win32.exe)
X - win32 (5) (winsrv32.exe)
X - WindowsSetup (<path to trojan>)
X - Windows Task Manager (ACCOUNT_DETAILS.DOC.exe)
X - Winhlp32 (Wscript.exe ..Msexec32.vbs)
U - winmatrix.exe (WinMatrixXP.exe)
X - Winres32vis (<path to worm>)
X - WinSrv (1) (kn0x.exe)
X - WinSrv (2) (SHIZZLE.EXE)
X - winupdate.exe (winupdate.exe)
U - XStop95 (XStop95.exe)

Changed items - 11

/l:eng - status (N) changed
bldbubg - "BuildBU" added as a alternative name
Hid.exe - virus name corrected to "RATSOU.B"
Krnlmod - status (U) and descritpion updated
Microsoft Office Shortcut Bar - "Microsoft Office (2)" added as an alternative name
SWd - status (N) and description changed
Tivoli - description updated
VSOCheckTask - status (Y) and description changed
W32Tc - VOTE.K added as an alternative VIRUS name
Windows Auto Update (1) & (2) comments swapped
Windows Update - command changed to <filename> and description updated

4th September, 2003

New items - 58

N - /l:eng
Y - 1A:Stardock MCP (mcpserver.exe)
U - 1Win32Cfg (SpyBuddy.exe)
X - ATM Control (adpn.exe)
Y - AVG7_CC (AVGCC.exe)
Y - AVG_EMC (AVGEMC.exe)
Y - avgmsvr.exe (avgmsvr.exe)
Y - AVG_RegCleaner (AVGREGCL.exe)
Y - AVSCHED32 (AVSched32.exe)
? - BlueToothAuthentication Agent (RunDLL32.exe irprops.cpl,BluetoothAuthenticationAgent)
U - BMMGAG (Rundll32 PWRMONIT.DLL,StartPwrMonitor)
? - BMMLREF (BMMLREF.EXE)
X - Bndt32 (Bndt32.exe)
? - CallBumping (cbpopw.exe)
? - cFosInst_Check (cfosinst.exe)
X - DirectX (3) (DirectX.exe)
X - E-Card (ecard.exe)
N - EzEjMnAp (EzEjMnAp.exe)
X - f607 (f607.exe)
? - GLSetIT (MSIEXEC.EXE)
X - hellodolly (shost.exe)
X - helpctl.exe (helpctl.exe)
N - ibmmessages (ibmmessages.exe)
X - iedll (iedll.exe)
X - infus (infus.exe)
X - Internat Conf (bootconf.exe)
Y - KodakCCS (KodakCCS.exe)
N - Launch YahooPOPs! at Windows startup (YAHOOPOPS.EXE)
X - loader (loader.exe)
X - Lookup_Sys (lookupsys.exe)
X - Mantis (<filename>)
X - MicroLoad (<random filename>)
X - microsoft (svchost.exe)
X - Microsoft Windows Kernel Services (winkrnl386.exe)
X - NAVUpd (rundll32.exe navupd.dll,Startup)
X - Network Administration (NAS.exe)
X - ocx32 (ocx32.exe)
X - RegWrite (csrss.exe)
X - rundli32 (rundli32.exe)
X - Services (2) (<path to trojan>)
U - SfWinStartInfo (sfWinStartupInfo.exe)
? - ShowIcon_SmartDisk Corporation_USB Card Reader v1.14e051 (shwicon.exe)
X - slide (Iexplore.exe)
? - sr1exe (updtSup3.exe)
X - SysOps (SysOps)
X - System Efficiency Monitor (2) (mscommand.exe)
U - TMOUSE (tmouse.exe)
U - TpKmapMn (TpKmapMn.exe)
U - TuneUp MemOptimizer (memoptimizer.exe)
X - Video Manager (videomgr.exe)
X - windll (3) (windll32.exe)
X - windows automation (mslaugh.exe)
X - WindowsCriticalUpdate (windows_critical_update.exe)
X - WIndowsUpdate (2) (svchost.exe)
X - wininit (wininit.exe)
X - www.hidro.4t.com (enbiei.exe)
U - XTNDConnect PC - ErPhn2 (ErPhn2.exe)
? - zzzCamlnSuitelll (setup.exe 46***)

Changed items - 22

1A:Stardock TrayMonitor - status (Y) and description changed
ATIModeChange - status (U) and description changed
cftmon32 - "SOWSAT.J" added as an alternative VIRUS name
ConnectionManager - status (N) and description changed
DkService - description updated
Explorer (4) - "SHELDOR" added as an alternative VIRUS name
hpsysdrv - command changed to "hpsysdrv.exe"
LLMODCL* - changed from LLMODCL2
MS-Connect - "arr.exe" added as an alternative command
msmanager32 - "WOMANIZ.A" added as an alternative virus name
mssysint - "PSPIDER.310.B" added as an alternative VIRUS name
PsMFCard - status (U) and description changed
QCTRAY - status (U) and description changed
QCWLICON - status (U) and description changed
run32dll (1) - status (X) and description changed
Secret-Crush - status (X) and description changed
SRS Applet - status (Y) and description changed
Steam - status (Y) and description changed
SystemUpd - status (N) and description changed
TEscKey - status (U) and description changed
winactive - status (X) and description changed
Windows (3) - "BOBBINS" added as an alternative VIRUS name

Phime2002a and PHIME2002ASync combined

1st September, 2003

New items - 94

X - @tour_ww (@tour_ww[1].exe)
U - AHNSD (AhnSD.exe)
X - Aritima (aritima.exe)
Y - a-winpoet-service (winpppoverethernet.exe)
X - bingdian (Bingdian.vbs)
X - BookedSpace (bs2.dll,DllRun)
Y - BullGuard (mgui.exe)
Y - BullGuardInit (AVXINIT.EXE)
U - BullGuard Update (avxlive.exe)
Y - BullGuard XComm (XCOMMSVR.EXE)
X - Cekirge (<path to worm>)
X - COM Service (2) (msynvr.com)
X - COM Service (3) (msjclh.com)
X - Config Loadatiorin (I3Explorer.exe)
X - cpntmgc (wincomp.exe or winmgts.exe)
X - CPU Manager (cpumgr.exe)
X - CSRSS (CSRSS.EXE)
X - DarkDevil.Grasiele.BR (Grasiele.VBS)
N - Data LifeGuard LifeLine Lite installer (DLGLI.EXE)
X - directx (2) (Directx.exe or Sqlexploit.exe or NTCmd.exe or PipeCmd.exe)
X - DirectX For Microsoft Windows (dtxservice.exe)
X - drvrmanager (drvrquery32.exe)
X - Explore (2) (explore.exe)
U - FourthDay (FourthDay.exe)
U - FRISK FP-Scheduler (F-Sched.exe)
X - HideRun.exe (Hiderun.exe and svhost.exe and pro.gif)
U - HPGamesActiveMenu (ActiveMenu.exe)
X - Internet Explorer (iexplorer.exe)
U - ISDNwatch (IWatch.exe)
X - kernel32 (5) (kernel32.dlI)
N - khooker (khooker.exe)
X - load32 (2) (load32.exe)
X - LowVersionSupport (<filename>)
X - MicrosoftNetwork Daemon for Win32 (NETD32.EXE)
X - Microsoft System Restore Configuration (CBRSS.EXE)
X - Microsoft Spool Server for Win32 (spoolsrv.exe)
U - MMKeybd (MMKeybd.exe)
X - Msgmgr (<path to worm>)
X - MSKCES32 (<filename>)
X - msmanager32 (msmngr32.exe)
X - MS-RunKey (arr.exe)
X - MSSQL (Mssql.exe)
X - mssvc (<path to trojan>)
Y - MSSVC.EXE (MSSVC.EXE)
X - NetworkClient (NetworkClient.exe)
X - nikLaus (niklaus.exe)
Y - NOD32kernel (Nod32krn.exe)
X - NTDLM (csrss.exe)
X - od-matrxx (od-matrxx.exe)
X - PNtask Services (pntask.exe)
Y - Pwrmonit (Rundll32 PwrMonit.dll)
? - Quickbooks Update Agent (qbupdate.exe)
N - Remote Access (rnaapp.exe)
X - run= (10) (Virus_Cleaner.exe)
X - run= (11) (MagicRulez.exe)
X - run= (12) (dllreg.exe)
X - run= (13) (Sp00lsv.exe)
X - run= (14) (cekirge.scr)
X - Run32dll (3) (ocxdll.exe)
X - rundll### (die.exe and either ttg.exe or secure.exe or mdll.exe or secure.bat)
? - setuzp (setuzp.exe)
X - SetVrc (setvrc.exe)
X - SMSS (smss.exe)
X - Sock32 (sock32.exe)
X - SP00LSV (Sp00lsv.exe)
X - SVCHOST (4) (mrowyekdc.exe)
X - svcwinprocess32 (<path to worm>)
X - sysconfig (3) (iexplorer.exe)
X - System (5) (dcomx.exe)
X - System33 (FB_PNU.EXE)
X - System 64 Driver for Games (sys64dvr.exe)
X - SystemAdministration (Wincmp32.exe)
X - System Efficiency Monitor (mscedit32.exe)
X - systhread (winkernal.exe)
X - Systray (Systray_.Exe)
Y - Tech-In-A-Box (techbox.exe)
U - tinySpell (tinyspell.exe)
U - ToADiMon.exe (ToADiMon.exe)
X - TrayX (winppr32.exe)
X - VB_run (comctl_32.exe)
X - VideoDriver (2) (videodrv.exe)
X - Virus_Scanner (Virus_Cleaner.exe)
? - winactive (WINACTIVE.EXE)
X - WindowEnhancer (Winex.exe)
X - Windows Explorer (Explorer.exe)
X - Windows Media SP.2.37 (<filename>.exe)
X - Windows Service Host (scvhost.exe)
X - Windowz Update V2.0 (Explorer.exe)
X - WinMenssage (winmax.exe)
X - Winsock2 driver (SDJOIJE.EXE)
X - Winux Piriax Service (PH32.EXE)
X - wormexe (winstart.exe)
X - WUPD (iglmtray.exe)
X - Xecuter.bat (psexec.bat)

Changed items - 29

ActiveMenu - description updated
AlcxMonitor - description updated
asp4tray - status (N) and description changed
ATIPOLAB - "ATIPOLL" added as an alternative name
Avxlive - status (Y) and description changed, "avxlive.exe" added as the command
bg - status (Y) and description updated
BlackICE Utility - "BlackICE PC Protection" added as an alternative name
Cgtask Services - description updated
Config Loadation - status (X) and description changed
Configuration Loader (1) - "aim95.exe", "cmd32.exe", "IEXPL0RE.EXE", "iexplore.exe", "loadcfg32.exe" and "MSTasks.exe" replace "<filename>.exe" as the command
Configuration Manager - "Cnfgldr.exe" added as an alternative command
GazelDisplay - status (U) changed and description updated
hp psc 2000 Series - status (U) and description changed
ICSDCLT - status (U) and description changed
LTSMSG - description updated
Mcappins.exe - description updated
NTsocket - description updated
smsys (1) - description updated
System32 (2) - description updated
System Initialization - description updated
TFTP### - status (X) and description changed, name changed from TFTP3016
TosMem - status (Y) and description changed
Uninstall#### - name changed from Uninstall0001, description updated
VortexTray and Vortex Tray combined - "asp4tray.exe" added as an alternative command
Winde - description changed
WindowsMGM - description updated
WinPoet - status (Y) changed and description updated
WT Game Channel - "WT GameChannel" added as an alternative Name, "GameChannel.exe" as an alternative command
XiD - description changed

FreeScratchAndWin parasite related random entries removed: Beilorbc (beilorbc.exe), ecqdclm (ecqdclm.exe), pyzllygl (pyzllygl.exe), qyvnqlch (qyvnqlch.exe) and swyhbxts (swyhbxts.exe)

nCase parasite related random entries removed: GTGBL (gtgbl.exe), ICYF (ICYF.exe), JMWMG (JMWMG.exe) and BFILPSVY (BFILPSVY.EXE)

Lop.com parasite related random entries removed: pglprx (aruieeep.exe) and qushao (miviecqu.exe)

Removed mediadriver{*} as it's been identified as a MOSUCK virus entry

Back to Updates - 2003

Site Map

Home