http://www.castlecops.com/StartupList.html CastleCops - Paul Collins StartupList en-us Paul Laudanski (mailto:paul@computercops.biz) Copyright © 2002-2005 CastleCops® 2008-12-05T14:12:49-05:00 daily 24 2003-01-01T12:00-05:00 ISPSERVICE X wintmp.exe Added by a variant of the IRCBOT, http://www.symantec.com/security_response/writeup.jsp?docid=2002-070818-0630-99 [red]Note:[/red] Located in \%Program Files%\Common Files\System\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17537.html http://www.castlecops.com/startuplist-17537.html WinXPService X taksmgr.exe Identified as a variant of the IRC/Flood.tool, http://www.bleepingcomputer.com/startups/taksmgr.exe-23732.html malware. [red]Note:[/red] Located in \%WINDIR%\fonts\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17536.html http://www.castlecops.com/startuplist-17536.html WinDLL (tmp.exe) X tmp.exe Identified as a variant of the Net-Worm.Win32.Kolab.l malware. [red]Note:[/red] Located in \%WINDIR%\System32\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17535.html http://www.castlecops.com/startuplist-17535.html Power-Antivirus-2009 X Power-Antivirus-2009.exe Added by the Power_Antivirus_2009, http://www.bleepingcomputer.com/malware-removal/remove-power-antivirus-2009 rogue antivirus program. [red]Note:[/red] Located in \%Program Files%\Power-Antivirus-2009\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17534.html http://www.castlecops.com/startuplist-17534.html Help X lshost.exe Identified as a variant of the Trojan-Clicker.Win32.Delf.aro, http://www.bleepingcomputer.com/startups/lshost.exe-23730.html malware. [red]Note:[/red] Located in \%WINDIR%\System32\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17533.html http://www.castlecops.com/startuplist-17533.html Antivir64 X Antivir64.exe Added by the Antivir64, http://www.bleepingcomputer.com/malware-removal/remove-antivir64 rogue anti-spyware program. [red]Note:[/red] Located in \%Program Files%\Antivir64\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17532.html http://www.castlecops.com/startuplist-17532.html Nod32 Service X nod6.exe Added by a variant of the RBOT, http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=39437 family of IRC Backdoor trojan. [red]Note:[/red] Located in \%WINDIR%\System32\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17531.html http://www.castlecops.com/startuplist-17531.html Windows Update X McAfee.exe Added by a variant of the IRCBOT, http://www.symantec.com/security_response/writeup.jsp?docid=2002-070818-0630-99 [red]Note:[/red] Located in \%Program Files%\Common Files\System\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17530.html http://www.castlecops.com/startuplist-17530.html Windows Update X winsc.exe Added by a variant of the IRCBOT, http://www.symantec.com/security_response/writeup.jsp?docid=2002-070818-0630-99 [red]Note:[/red] Located in \%Program Files%\Common Files\System\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17529.html http://www.castlecops.com/startuplist-17529.html System Presets X systempre.exe Added by a variant of the IRCBOT, http://www.symantec.com/security_response/writeup.jsp?docid=2002-070818-0630-99 [red]Note:[/red] Located in \%WINDIR%\System32\ [red]Note:[/red] Use SDFix under supervision. http://www.castlecops.com/startuplist-17528.html http://www.castlecops.com/startuplist-17528.html