View all database entries

ALL  PP  F0  F1  F2  F3  R0  R1  N1  N2  N3  N4  O1  O2  O3  O4  O5  O6  O7  O8  
O9  O10  O11  O12  O13  O14  O15  O16  O17  O18  O19  O20  O21  O22  O23  CHR  FF  

View MDO database (F2)

Showing entries 1 to 24 of 24.


(U) F2 - REG:system.ini: Shell=C:\Aston\aston.exe ,svchost.exe
Shell for windows from Gladiators software
http://www.astonshell.com/
Windows ALL; discovered by nasdaq
(U) F2 - REG:system.ini: Shell=Explorer.exe
Set by user
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=explorer.exe "C:\WINDOWS\Fonts\wmsncs.exe"
Added by the TROJ_BBJC.A TROJAN!
Fix / Info: HJT - Use SDFix under supervision.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BBJC.A&VSect=T
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\Regv.exe
W32/Sdbot-DOR
Fix / Info: Delete the file regv.exe
http://www.sophos.com/security/analyses/viruses-and-spyware/w32sdbotdor.html
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SbCtri.exe
Cloaked Malware
Fix / Info: Hijackthis
http://www.prevx.com/filenames/2628306822949957253-X1/SBCTRI2EEXE.html
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SCtri.exe
SCtri.exe identified as TR/Dropper.Gen WORM/SdBot by Avira
Fix / Info: Hijackthis
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\system32\drivers\wuact.exe
Added by the Win32.Worm.Slenfbot.BT
Fix / Info: HJT - Use SDFix under supervision.
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe
Unidentified malware. The good csrss.exe file should be in C:\WINDOWS\System32\
Fix / Info: HijackThis
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Cursors\lsass.exe
Generic BackDoor!dkp!5E1C3C7CABDE
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=560531#none
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntdevice.exe
Troj/Agent-OUM
Fix / Info: HijackThis
http://www.sophos.com/security/analyses/viruses-and-spyware/trojagentoum.html
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntload.exe.
Advanced Security Tool 2010 rogue anti-spyware program.
Fix / Info: HijackThis
http://www.bleepingcomputer.com/startups/ntload.exe-26070.html
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe cpcp.cpo bef0regiiav
Unidentified TROJAN!
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe jyku.fjo hvttt
Unidentified malware.
Fix / Info: HijackThis
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe nnfj.tqo nhemkk
Bredolab.gen.o Trojan!
Fix / Info: HijackThis
http://vil.nai.com/vil/content/v_253732.htm
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tapi.nfo beforeglav
Trojan-Downloader.Win32.Small.alyl
Fix / Info: HijackThis and delete the file %System%\tapi.nfo
http://www.threatexpert.com/report.aspx?md5=7f67037b73c3acca4d5d415bb6e95d06
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe tftp.nfo beforegllav
Troj/Frink-Gen
Fix / Info: Delete te file tftp.nfo
http://www.threatexpert.com/report.aspx?md5=5a4658bd0b2f259c0fbb637b68fd5d6d
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe utbx.teo ehkjqx
Trojan.Dropper/Win-NV
Fix / Info: Hijackthis - Delete this file utbx.teo
http://www.superantispyware.com/malwarefiles/UTBX.TEO.html
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe yise.ero mpgyjp
TROJ_FAKEAV.CMB
Fix / Info: HijackThis
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_FAKEAV.CMB&VSect=T
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=explorer.exe Servicess.exe
Worm.IM.Sohanad
Fix / Info: Use SDFix under supervision
http://www.scanforfree.com/10/worm-im-sohanad-removal.htm
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe svchostw.exe
Trojan/Backdoor
Fix / Info: HijackThis
http://www.greatis.com/appdata/d/s/svchostw.exe.htm
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: Shell=Explorer.exe Win-boot.EXE
Worm.Autoit [Ikarus]
Fix / Info: Hijackthis
http://www.threatexpert.com/report.aspx?md5=0423f26fb871f0ab26e4ee180f0b464b
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
Trojan.FakeAV!gen18
Fix / Info: HJT - Clean the registry keys ZoneMap\Domains...
http://www.threatexpert.com/report.aspx?md5=096c1abdcb5faaef083fcb58d9d3aed7
Windows ALL; discovered by nasdaq
(X) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon86.exe
Identified by BitDefender as a variant of the Gen:Trojan.Heur.PT.cqW@bCL2Eje malware.
Fix / Info: HijackThis. Delete Winlogon86.exe
http://www.bleepingcomputer.com/startups/winlogon86.exe-25354.html
Windows ALL; discovered by nasdaq
(L) F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe,d:\program files\laplinknt\tsircusr.exe
Part of Travelling Software's LapLink
http://www.laplink.com/
Windows ALL; discovered by Angoid

This is a list of items that is designed to help with the analysis of HijackThis, DDS, OTL and FRST logs.
It is by no means exhaustive (in fact it is being added to all the time), and is intended to complement other legitimate online lists.