Autorun List

Keys:

Y Normally harmless autorun.
N Not required, but may be started.
U User's choice. Start if necessary.
X Definitely not required. Usually Malware.
? Unknown

Filter:





View: All # A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Show all

Found 24133 autoruns. Autorun 101 to 200:

StatusAutorun nameCommandDescription
X*windows updatewurauclt.exeAdded by the RBOT-SY WORM!
X*windows updatewsctl.exeAdded by the SPYBOT.PR WORM!
X*windows updatewkmst.exeAdded by the SDBOT.AVD WORM!
X*windows updatewscxt.exeAdded by the RBOT.AOS WORM!
X*windows updatewaurclt.exeAdded by a variant of the RBOT WORM!
X*windows updatewuaruclt.exeAdded by the RBOT-TF WORM!
X*windows updatewruaclt.exeAdded by the RBOT-QP BACKDOOR!
X*windows updatewruauclt.exeAdded by the RBOT-SF WORM!
X*windows updatewuacrlt.exeAdded by the RBOT-QI WORM!
X*windows updatewuruclt.exeAdded by the RBOT-TA WORM!
X*WindowsAudiosystemupd.exeAdded by the AGENT-TH WORM!
X*WinLogon[trojan path] ren time:[random number]Added by the VUNDO TROJAN!
X*winsocksmsnmess.exeAdded by the PWS-ABU TROJAN!
X*winstatswinstats.exeAdded by the GARGAFX TROJAN!
X*wmstuwmstu.exeAdded by the RBOT-TV WORM!
X*wuauclt.exew****.exe [* = random char]Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
X*zggjmydzggjmyd.exeAdded by the AFCORE.O BACKDOOR!
X,main drive Loaderwininfo.exeSuspected malware as it appears in 3 different registry locations - see here
X-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+ISASS.exeAdded by the ASSIRAL.B WORM!
Y-FreedomNeedsRebootZkRunOnceR.exePart of internet security suites sourced by Radialpoint for ISP customers such as Virgin Media, AT&T, Bell Canada, TELUS Corporation and Verizon Online. The exact purpose is unknown at this time and it shows no ill effects if disabled, but as the purpose is unknown and it's security related it should be left enabled
X..ABC2007.exeAdded by the DLOADR-ASH TROJAN!
X.mscdrlassa.exeAdded by the WEBUS.C TROJAN!
X.mscdrlsvchost.exeAdded by the WEBUS.D TROJAN!
X.mscdsrlsvchost.exeAdded by the BDOOR-CR BACKDOOR!
X.mscsblsvhost.exeAdded by the CMQ TROJAN!
X.mscsblSVCHOST.EXEAdded by the BOROBOT-A TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
X.msfupdatemsveup.exeAdded by the ALLOCUP.A WORM!
X.mssecuremssecure.exeAdded by the DDOS_BOXED.X TROJAN!
?.NET configsysmon32.exe??
X.Net Recoveryrundll32.exe dotnetfx.dll,repairAdded by the DELEZIUM VIRUS! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "winsys16_070813.dll" file is found in %System%
X.NET.msnmgnr.exeAdded by the DELF.AYF WORM!
X.nortonrchost.exeAdded by the BOXED-H TROJAN!
X.nvsvcsmss.exeAdded by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
X.nvsvcbsmssb.exeAdded by the BOXED.CG TROJAN!
X.Progservices.exeAdded by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X.Progwinlogon.exeAdded by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X.protectedN/ASmitfraud variant
X.servicewinlgon.exeAdded by the BDOOR-BX BACKDOOR!
X.svchostCSRSS.EXEAdded by the WEBUS.F TROJAN! Note - this worm replaces the legitimate csrss.exe process which is always located in %System% and should not normally figure in Msconfig/Startup!
X.TEXTCONVcsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!
X.TEXTCONVlsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!
X.WMAudiocsrss.exeAdded by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!
X.WMAudiolsass.exeAdded by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!
N/l:engN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
N/sN/ARelated to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
X;Rundll[filename]Added by the PWSLEGMIR.E TROJAN!
X?ekio Startups?nksvc32.exeAdded by the AGOBOT-OV WORM where ? is a random character
X@regedit -s win.dllAdded by the SEEKER.K TROJAN! Note that regedit is the legitimate Windows Registry Editor and shouldn't be deleted. The "win.dll" file is located in %Windir%
X@RUNDLL.EXEAdded by the SPYBOT-DN WORM! Note - this is NOT the Win9x/Me system file of the same name as described here
X@sysload.exeAdded by the DELF-EL TROJAN!
X@iexpl0res.exeAdded by the RBOT.AEX WORM!
X@wincms.exeAdded by the RBOT.CBR WORM!
X@winsys32.exeAdded by the DELF.CP BACKDOOR! Note that the entry under the Startup Item/Name field my be blank
U@BackupSchedulerOnlineBackup.exeWeb-based file sharing and file storage for backup protection from SwapDrive, Inc - now acquired by Symantec and rebranded and released as Norton Online Backup
N@Hoc ToolbarAtHoc.exeOne-click activated browsing toolbar used by various web-sites. See here for more info
N@lohareminder.exeRegistration reminder for @loha@home E-mail utility
Y@OnlineArmor GUIoaui.exeSystem Tray access to and main user interface for the Online Armor range of security tools from Tall Emu Pty Ltd. The free version incorporates a firewall, limited startup manager, tamper protection and keylogger detection whilst paid versions add features such as a mail/web shield, phishing filter and anti-malware
X@tour_ww@tour_ww[1].exeAdult content dialler
X[12 random characters]avifile5.exeIeDriver adware variant
X[12 random characters]bootvid4.exeIeDriver adware variant
X[12 random characters]browser8.exeIeDriver adware variant
X[12 random characters]atitvo32.exeIeDriver adware variant
X[12 random characters]autodisc.exeIeDriver adware variant
X[12 random characters]cabview1.exeIeDriver adware variant
X[12 random characters]advpack1.exeIeDriver adware variant
X[12 random characters]batmeter.exeIeDriver adware variant
X[12 random characters]bidispl2.exeIeDriver adware variant
X[12 random characters]asferror.exeIeDriver adware variant
X[12 random characters]catsrvps.exeIeDriver adware variant
X[12 random characters]admparse.exeIeDriver adware variant
X[12 random characters]audiosrv.exeIeDriver adware variant
X[12 random characters]bootvid2.exeIeDriver adware variant
X[12 random characters]cmpbk321.exeIeDriver adware variant
X[12 random characters]ADPTIF67.exeIeDriver adware variant
X[12 random characters]asycfilt.exeIeDriver adware variant
X[12 random characters]ati2dvag.exeIeDriver adware variant
X[12 random characters]atl91036.exeIeDriver adware variant
X[12 random characters]blackbox.exeIeDriver adware variant
X[12 random characters]browser5.exeIeDriver adware variant
X[12 random characters]bthserv1.exeIeDriver adware variant
X[12 random characters]camocx28.exeIeDriver adware variant
X[12 random characters]CAMOCX74.exeIeDriver adware variant
X[12 random characters]capesnpn.exeIeDriver adware variant
X[14 random numbers]mradll.exeGreen AV rogue security software - not recommended, removal instructions here. The most common entry has the number 37465982736455
X[14 random numbers]rwg.exeGreen AV rogue security software - not recommended, removal instructions here. The most common entry has the number 03874569874596
X[3 random char]srv32[3 random char]srv.exeAdded by the BANCOS.N TROJAN!
X[3-4 random letters]nslookup.exePurityScan adware. Not to be confused with the legitimate nslookup.exe which is found in the System32 folder
X[3-4 random letters]Srv32[path to file]Added by the BANCSADE-A TROJAN!
X[32 random hex numbers]tsc.exeTotal Security rogue security software - not recommended, removal instructions here
X[32 random hex numbers]badware-protector.exeBadware Protector rogue security software - not recommended, removal instructions here
X[32 random numbers]av2009.exeAntiVirus 2009 rogue security software - not recommended, removal instructions here
X[32 random numbers]av360.exeAntivirus 360 rogue security software - not recommended, removal instructions here
X[32 random numbers]AVS.exeAntivirus Sentry rogue security software - not recommended, removal instructions here
X[32 random numbers]xpa.exeXP Antivirus rogue security software - not recommended
X[32 random numbers]total.exeTotal Antivirus rogue security software - not recommended, removal instructions here
X[decimal number][path to worm]Added by the OPOSSUM-A WORM! The decimal number can be anything, eg, 0.12345678
X[default]DrWatson32.exeAdded by the DREMN TROJAN!
X[empty]system32.exeAdded by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field
X[empty]pathex.exeAdded by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field
X[empty]svchost.exeAdded by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%. Note - has a blank entry under the Startup Item/Name field

The autorun list is presented in association with Sysinfo.org

Our Tip: Emsisoft Anti-Malware - Best In Test!

Emsisoft Anti-Malware is the best of 19 tested antivirus programs - Test by MRG - Malware Research Group - June 2009
Read more about the test winner