View all database entries

ALL  PP  F0  F1  F2  F3  R0  R1  N1  N2  N3  N4  O1  O2  O3  O4  O5  O6  O7  O8  
O9  O10  O11  O12  O13  O14  O15  O16  O17  O18  O19  O20  O21  O22  O23  CHR  FF  

View MDO database (F3)

Showing entries 1 to 25 of 26.

Go directly to page: 1  2  

(X) F3 - REG:win.ini: load=,c:\windows\system\svchctrl.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\Program Files\help\zeh.exe
W32.Kelvir.AC is a worm that spreads through MSN Messenger
Fix / Info: HijackThis - Removal tool by Symantec.
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.ac.html
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\Program Files\KEVIN\kevin.exe
W32.Kelvir.R virus.
Fix / Info: HJT and Virus/trojan removal programs.
http://securityresponse.symantec.com/avcenter/venc/data/w32.kelvir.r.html
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
Added by a malware. The File operating svchost.exe is always found in C:\Windows\System32\ folder.
Fix / Info: HijackThis and delete the file
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\system32\camacttiv.exe
Backdoor Ciadoor
Fix / Info: Use Andy manchesta's SDFix tool
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\system32\drivers\etc\networks.exe
Worm.Win32.AutoRun.ctz
Fix / Info: HijackThis and delete the file
http://www.threatexpert.com/report.aspx?md5=267fc863bd0c57cc44b920e617ef3c91
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\system32\KHATRA.exe
W32/Autoit-CV - Spread via removable drives.
Fix / Info: HijackThis and delete the file
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autoitcv.html
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\system32\mswinvks.exe
Trojan.Dropper/Sys-NV.Process
Fix / Info: Hijackthis - Delete this file mswinvks.exe
http://www.fileresearchcenter.com/applicationdisplay.html?id=13491
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\System32\shchostv.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\System32\svcvhost.exe
Added by an unidentify TROJAN! of the Win32/Rbot family.
Fix / Info: HijackThis & SDfix
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=39437
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\themeui.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\themeupd.exe
Added by Trojan Ranky/Ranck familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINDOWS\WinIogon.exe
Added by Trojan Ranky/Ranck familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: load=C:\WINNT\system\tpkIM32.exe
Added by an parasite of Chinese origin.
Fix / Info: Use the sUBs' ComboFix with the /wow switch described in the topic/URL below.
http://spywareinfoforum.com/index.php?act=ST&f=6&t=87473
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\htmlsync.exe
Always seen with the Searchforfree.info browser hijacker
Fix / Info: HijackThis, delete file, AwAware tool
.
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\inet20000\services.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\System32\shchostv.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool.
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=c:\windows\system32\shellext\czvhost.exe
Backdoor.IRC.Zapchast / Bck/IRCFlood.F TROJAN
Fix / Info: Use Andy manchesta's SDFix tool
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\system32\vxgame6.exe
Trojan.vxgame
Fix / Info: HijackThis - Trojan/Virus removal tools
http://research.sunbelt-software.com/threat_display.cfm?name=Trojan.vxgame&threatid=39597
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\system32\wandrv.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\System32\wfxcom\csrss.exe
Added by the W32.Chod.D malware. The \wfxcom\ folder is a random filename.
Fix / Info: Use the tool/fix found at the link below.
http://spywareinfoforum.com/index.php?act=ST&f=6&t=67187
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\system32\winlog.exe
Added by a variant of the Rbot familly of trojan.
Fix / Info: Use Andy manchesta's SDFix tool
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=c:\windows\system\programas\svchost.exe
IRC/BackDoor.Flood / IRC/Zapchast.NAC
Fix / Info: Use Andy manchesta's SDFix tool
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq
(X) F3 - REG:win.ini: run=C:\WINDOWS\t\services.exe
Added by the Trojan-Downloader.Win32.CWS.ak.
Fix / Info: Use Andy manchesta's SDFix tool
http://spywareinfoforum.com/index.php?act=ST&f=37&t=81454
Windows ALL; discovered by nasdaq

This is a list of items that is designed to help with the analysis of HijackThis, DDS, OTL and FRST logs.
It is by no means exhaustive (in fact it is being added to all the time), and is intended to complement other legitimate online lists.