Autorun List

Keys:

Y Normally harmless autorun.
N Not required, but may be started.
U User's choice. Start if necessary.
X Definitely not required. Usually Malware.
? Unknown

Filter:





View: All # A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Show all

Found 3127 autoruns. Autorun 701 to 800:

StatusAutorun nameCommandDescription
?setuzpsetuzp.exe??
XSetVrcsetvrc.exeAdded by the HUNTOCX WORM!
XSevenSowrdSysSevenSowrd.exeAdded by the AGENT-GIR TROJAN!
XSevicewinconfig.exeAdded by the GIP.113.B1 TROJAN!
XSex Terisst01b.exeAdded by the REPAD WORM!
XSexnowSexnow.exeAdded by the SENOW-B premium rate adult content dialler
XSexy_BlondesSexy_Blondes.exeAdded by the Sexy DIALER! Related also to Hot Tarts DIALER!
XSexy_sgSexy_sg.exePremium rate adult content dialler
Xsfsf.exeSurfEnhance adware
NSFIGUISFIGUI.EXESonic Focus - "enhances music, movie and game sound by analyzing compressed audio streams in realtime, then restoring and enriching audio back to its original performance qualities"
Xsfitasfita.exeAdded by the FAVADD-H TROJAN!
XSfKg6w[path to worm]Added by the AGENT.BUO WORM!
XSfKg6wIP[random filename]Identified as a variant of the TrojanDownloader.Matcash malware
XSfKg6wIPu[random filename]Identified as a variant of the TrojanDownloader.Matcash malware
NSFPvzSFPWin.EXEVerizon Online Support Center - prompts for online updates
Usfpcsfpc.exeSpy4PC surveillance software. Uninstall this software unless you put it there yourself
XSFtrb Servicecftrb32.exeAdded by the SOBIG.D WORM!
USfWinStartInfosfWinStartupInfo.exeSFIRM32 Online Banking software
Xsfwjbbjdmidiwemshdw.exeAdded by the AGENT-OII TROJAN!
USgecryptSgecrypt.exeSafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
USgeecviewEcview.exeSafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
Usginstsginst.exeeAcceleration Stop-Sign security software related - previously not recommended (see here). It has now been delisted, so make sure you have the latest version - hence the "U" recommendation
XSGPUpdatersgpUpdaters.exeFast Browser Search/Search Guard Plus parasite - installed with "Make the Web Better" applications such as My Web Tattoo, My Face LOL and Google Easy Money Kit. See here and here for more information
?SGTBoxSGTBox.exeCanon scanner driver. Is it required?
Usgtraysgtray.exeStorageGuard from Veritas. Free utility that integrates with Backup MyPC (formerly Backup Exec Desktop), Simple Backup and MS Backup. Provides system tray access and background monitoring - warning you of files that haven't recently been backed up. Required unless you backup manually on a regular basis or have scheduled backups
YShadowShadow.exe"NTI Shadow 3 is an award-winning easy-to-use backup application that automatically protects your photo, music, video, and various data files. It makes data restoration as easy as dragging and dropping files from one place to another"
UShadowUser Pro EditionShadowUser.exeStorageCraft ShadowUser™ "provides easy to use desktop security and protection for Windows operating systems. ShadowUser is the best way to prevent unwanted changes to PCs and laptops." No longer available - see here
Xshambl3rcnf.batAdded by the REMABL WORM!
Xshambl3r*shambl3r.exeAdded by the REMABL WORM! where * is 2 to 11
XSHAProcSHAProc.exeAdded by the WINKO.AO WORM!
NShare-to-Web Namespace Daemonhpgs2wnd.exeShare-to-Web - HP-created software and Internet-based application that enables easy uploading and sharing of photos via affiliated photo-sharing Web sites. Available via Start → Programs
NShareazaShareaza.exeShareaza P2P client
UShareazabindata.exeShareaza P2P client related
Xsharedpremsharedprem.exeAdded by the MAKECALL TROJAN!
XShareSearcher[path to trojan]Added by the AGENT-FPE TROJAN!
XShareSearcherwsusupd.exeAdded by the ENCLAG-A TROJAN!
YSharing and Mapping SoftwareDShmap.exeIntel AnyPoint internet sharing software. Now discontinued
NSharkEjectAEJCT32.exeAllows you to eject a disk from the Avatar Shark drive from the system tray. When loaded, there is a desktop icon so this isn't required
USharpTraySharpTray.exePart of the Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
Xshccdewinssled.exeAdded by the BUZUS.CQMU TROJAN!
NShcenterchcenter.exeIMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"
Xshdefshdef.exeAdded by the VB-DVS TROJAN!
XSheduIersvchst.exePremium rate adult content dialler
XSheduIershch.exeAdded by the BDOOR-EB BACKDOOR!
XSheduIerwinagent.exeAdded by the BDOOR-EB BACKDOOR!
XShedule Connectionarpo412.exeAdded by the PPDOOR-R WORM!
XShedulernerocheck.exeAdded by the TACTSLAY.B TROJAN! Note - this is not the legitmate file of the same name from the Nero CD/DVD burning software which is usually located in %System%
XShellShell32.exeAdded by the BADSECTOR TROJAN!
XShellray.exeHomepage hijacker re-directing browsers to adult content websites
XShellTray.exeHomepage hijacker re-directing browsers to adult content websites
XShellwmedia16.exeAdded by the GOLDUN TROJAN!
XShellOpen32.exeAdded by the SMALL-DL TROJAN!
XShellExplorer.exe sound_drive16.exeAdded by the GP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "sound_drive16.exe" file is located in %System%
XShellExplorer.exe, msmsgs.exeAdded by the ZLOB TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. This particular msmsgs.exe file is located in %System% and should not be mistaken for the MSN Messenger file of the same name which is located in %Program Files%\Messenger
XShellExplorer.exe svchost.exeAdded by the DOYORG BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate svchost.exe process is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%
Xshellexplorer.exeAdded by the KAKKEYS TROJAN! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%
XShellExplorer.exe iexplore.exeAdded by the KIPIS-U WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The legitimate Internet Explorer (iexplore.exe) is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%\Microsoft
XShellibm0000*.exe [* = digit]Added by the TORPIG-C and TORPIG-J TROJANS! Filenames spotted include ibm00001.exe, ibm00002.exe, ibm00005.exe and so on
XShelltaskmrg.exeAdded by the BANCBAN-FT TROJAN!
XShellExplorer.exe winupdate.exeAdded by the AGENT-FD TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "winupdate.exe" file is located in %System%
XShellExplorer.exe [path] ibm[RANDOM 5 DIGIT NUMBER].exeAdded by the ANSERIN TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files
XShellsvchost.exeAdded by the GOLDSPY-B TROJAN! Note - this is not the legitimate svchost.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%
XShellibm00001.dllAdded by the TORPIG-Q TROJAN!
XShellwmedia32.exeAdded by the AGENT-BR TROJAN!
XShellExplorer.exe winsys32.exeAdded by the DELF.CP BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "winsys32.exe" file is located in %Windir%
XShellWin32.dll.exeAdded by the VB.BTX TROJAN!
XShelltaskmam.exeAdded by the BANCBAN-OL TROJAN!
XShellexplorer.exe msbnc.exeAdded by the AGENT-PL BACKDOOR! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "msbnc.exe" file is located in %System%
XShellExplorer.exe kbdsys.exeAdded by the DAPROSY WORM! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "kbdsys.exe" file is located in %AppData%\Microsoft\Keyboard
XShellsmsc.exeAdded by the BANCBAN-OY TROJAN!
XShellExplorer.exe init32m.exeAdded by the DLSW-B TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "init32m.exe" file is located in %System%
XShellExplorer.exe smssnt.exeAdded by the AGOBOT.EE TROJAN! Note - do not delete the legitimate Windows Explorer (explorer.exe) which is located in %Windir% and can be used to launch other files. The "smssnt.exe" file is located in %System%
XShell API32svcnet.exeAdded by the TIBICK.C WORM!
XShell Extensionspollsv.exeAdded by the LOVGATE.Z WORM!
XShell Tray WindowShellTraywnd.exeAdded by the STULTDOR-A TROJAN!
Xshell updateshellexec.exeAdded by the RBOT-ANC WORM!
XShell.exeShell.exeAdded by the EMERLEOX.S WORM!
XShell32Shell32.vbsAdded by the SCAFENE WORM!
Xshell32ntldrt.exeAdded by the JLOK-A WORM!
XShell32iexplore.exeAdded by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%
XShell32explorer.exeAdded by the SDBOT-NF WORM! Note - the legitimate Windows Explorer (same filename) is located in %Windir% and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in %System%
XShellApiSHELLMSN.EXEAdded by the NETDEV.B BACKDOOR!
XShellapi32Shellapi32.exeAdded by the NETDEVIL (or NERTE) TROJAN!
XShellapi32mcvsrte.exeAdded by an unidentified WORM! Note - do not confuse with the McAfee SecurityCenter file of the same name
Xshellbn[random].dllSoftStop rogue security software - not recommended
Xshellbnshlext32.exeMalware installed by different rogue security software including SpyKillerPro and the XP AntiVirus series
XShellCommand[path to file]Added by the REMCON-A TROJAN!
XShelldaemonShelldaemon.exeAdded by a variant of the AGENT.ALN TROJAN!
XShellExShellEx.exeAdded by the ANAKHA TROJAN!
XShellNisca.exeAdded by the IBILL.Z TROJAN!
XShellOSA+++.exeAdded by the AV TROJAN!
XShellRunlexplore_.exeAdded by the MSNOPT-A TROJAN!
XShellRun32iexplore.exeAdded by the IRCBOT-AY BACKDOOR! Note - this is not the legitimate Internet Explorer (iexplore.exe) which is always located in %ProgramFiles%\Internet Explorer and should not normally figure in Msconfig/Startup! This one is located in %System%
XShellspllsas.exeAdded by the YALER-A TROJAN!
XShellsplspools.exeAdded by the PROXAGE-A TROJAN!
Xshellsystemshellsystem.exeAdded by the UPCHAN TROJAN!
Xshhostshhost.exeAdded by the AGENT.CE BACKDOOR!
Nshicoxpshicoxp.exeInstalled with the drivers for multi card readers of various brands. To differentiate between the various card slots on multi slot readers the shicoxp.exe file assigns and loads unique drive icons for the various card slots that are displayed in Windows Explorer
XShield Securityshield.exeAdded by the RIZO.A TROJAN!
XShield32 Securityshield32.exeAdded by the RIZO.A TROJAN!
Page: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32

The autorun list is presented in association with Sysinfo.org

Our Tip: Emsisoft Anti-Malware - Best In Test!

Emsisoft Anti-Malware is the best of 19 tested antivirus programs - Test by MRG - Malware Research Group - June 2009
Read more about the test winner