Necessary At your option Useless Dangerous Application database
Startupapps.com recommends you:

Detect and remove hidden rootkits using UnHackMe UnHackMe - Rootkit Killer Free fully functional 30-days trial.


RegRun Security Suite = 24 system utilities for protecting your computer. Try now!

Buy Now!

I would like to say that RegRun has helped me on more than 1 occasion when it comes to spyware/adware by letting me know automatically that a piece of it got added to Windows startup. There is so much spyware/addware out there today it's hard to imagine being without RegRun. I like many other features too including the daily registry backups and file protection.

Chris Wagers

c:\bootinfo\smss.exe
c:\bsw.exe
c:\csrss.exe
c:\ddesvr.exe
c:\documents and settings\all users\start menu\programs\startup\svchost.exe
c:\explorer.exe
c:\links.exe
c:\netlog.exe
c:\recycled\svch0st.exe
c:\stub_113_4_0_4_0.exe
c:\sysrun.exe
c:\wallpaper.exe
c:\wi
c:\winrun\msconfig.exe
c:\wmiprvse.exe
c:\wp.exe
c0mmand.exe
c2b.dll
c8.exe.exe
cab.exe
cabchk32.exe
cable.exe
caclseng.exe
caeioodn.exe
cafe08pl.exe
cafeclnt.exe
cafeini.exe
cafeiniclient.exe
cafeiniconfig.exe
cafeiniserver.exe
calcal32.dll
californ.exe
card.exe
cari.scr
cartaovirtual.exe
carun.dll
casclient.exe
casino_server14.dll
casper.exe
cassandra.exe
cassl.exe
cats.exe
catsrv71.exe
catsrvut.exe
catswebv.exe
cavapsvc.exe
caxchg.exe
caznovas.exe
cazz_001.exe
cback.exe
cbkdkiw.exe
cbko08.dll
cbxvwuv.dll
cc invader.exe
cc invader2.exe
ccapp32.exe
ccappms.exe
ccapps.exe
ccc.exe
ccevtmngr.exe
ccprxy.exe
ccremover.exe
ccrptmr6.dll
ccsevrt.exe
ccsrs.exe
ccsrsc.exe
ccsserv.exe
ccwoserve.exe
cczoop05.exe
cd_load.exe
cd1.exe
cda4h.dll
cdeztks.exe
cdkkfdso.exe
cdm.exe
cdndrag.dll
cdnforie.dll
cdnprot.sys
cdr.exe
cdromdrv32.dll
cdrun.exe
cdtbar.dll
cdvruhwl.exe
cel90xbe.sys
celindriver.sys
cenik.exe
ceres.dll
cetdxsas.dll
cfg32.exe
cfg95.exe
cfghtm.dll
cfginst.exe
cfgpwnz.exe
cfgwiz32.exe
cfmon.exe
cfnot32.exe
cftnom.exe
cgtask.exe
chainsaw.exe
chart.vbs
chatblocker.exe
chcp.exe
cheatle.exe
check.exe
checkin.dll
checks02.exe
chenzi.exe
chestburst.exe
chickie.exe
chictwo.exe
chii.exe
chkdsk.dll
chksum.exe
chost~1.exe
chpstart.exe
chunse28.exe
chupacabra.exe
ciccode.exe
cicowreg.dll
cih.exe
cihost.exe
cips.exe
ciscv.exe
cisopipc.exe
cisrv.exe
cisvc32.exe
cixvu.exe
cjczuf.exe
ck3.exe.exe
ckfse.exe
claruxeb.exe
clcl7.exe
cleaner_opera.dll
clhost.exe
click_me!.exe
clicsaml.dll
clie.exe
client _1_3.exe
client(beta).exe
client_12_pw.exe
clientax.dll
cliente.exe
clienttrinno.exe
clipbook.exe
clipsvr.dll
clsemixer.dll
cm.dll
cmagesta.exe
cmappsetup.exe
cmc_vis.exe
cmctl.dll
cmctl32.exe
cmd32.exe
cmdbcis.exe
cmdbcs.exe
cmdbcsg.exe
cmdbcsl.exe
cmdbs.exe
cmdcon.exe
cmddbcs.exe
cmdial.exe
cmdinst.exe
cmdline.exe
cmfibula.exe
cmman.exe
cmos.com
cmpl32.exe
cmsystem.exe
cmut449c14b7.dll
cn911.exe
cnen.exe
cnetcfg1.exe
cnfgldr.exe
cnftips.exe
cnprov.sys
cnscheck001.dll
cnwin.dll
cnxxqoa.exe
codbot.exe
colorids4.exe
colwindos.exe
com4.exe
com7.exe
com9.exe
comaclient.exe
combyte.dll
comclg32.dll
comdlg77.dll
comdlj32.dll
comet.exe
comine.exe
comita.dll
comlm.dll
command.exe
command32.exe.vbs
commando.exe
commands.exe
commdlg.vbs
commert.dll
commgr.dll
common.dll
commserv.exe
commutil.dll
comonbaby.exe
compiled.exe
compiler.exe
comploader.dll
compq32.exe
compstuia.dll
compstuic.dll
compx32.exe
comserv.exe
comuld.dll
comunicazioni.vb.dll
comutil.dll
comxt
confag.exe
confbrw.dll
confgldr.exe
confi.exe
configuration.exe
configurator.exe
conftroj.exe
confusearch.dll
conime.exe
connection.exe
connectionservices.dll
connmie.exe
conscorr.exe
consmsls.dll
conspawn.exe
consulta_universo_local.exe.exe
contexapp.exe
contextplus.exe
contravirus.exe
control64.exe
contrware.exe
conveur2.exe
cooler1.exe
cooler3.exe
copier.exe
copy.exe
copypad32.exe
corelnetwork.exe
corrida.exe
cowclient.exe
cowserver.exe
cpanel.exe
cpmrotate.dll
cprwsnt.exe
cpu.dll
cpush.dll
cpycontrol.exe
crad.exe
crar.exe
crazzynet375.exe
crazzynet50.exe
crbizf.dll
crbn32.exe
crbp32.exe
crce.exe
crcg32.exe
crcss.exe
creader.exe
creadisk.exe
crfmon.exe
crgy32.exe
crhwn20.dll
critical volume.exe
criticalupdate.exe
crja32.exe
crni32.exe
croy32.exe
crp386.exe
crsreco.exe
crsrs.exe
crsrss.exe
crss.exe
crsss.exe
crsss32.exe
crue32.exe
cruu.exe
crvs.exe
crvss.exe
cryp32.dll
crypph.dll
crypt32.exe
crypt32chain.dll
crypt32net.dll
cryptfg.exe
cryptimg.dll
crypts.dll
cryptuue.exe
cs1sa1.dll
csapputil.dll
csass.exe
csband.dll
csbho.dll
csble.exe
csbrange.dll
cscore.dll
cscss.exe
csctx.dll
csddriver.sys
cseng.dll
cserv32.exe
cserver.exe
csietb.dll
csinst.dll
csinstall.exe
csipx.exe
csmctrl32.exe
csrns.exe
csrrs.exe
csrs.exe
csrsd.exe
csrsrss.exe
csrsrv86.exe
csrss.exe
csrss.ink
csrss.scr
csrssa.exe
csrssp.exe
csrwrnmw.exe
csscv.exe
cssrs.exe
cssrss.exe
csss.exe
cstray.exe
csutil.dll
csvhost.exe
csystime.exe
ct600_06.dll
ctels.exe
ctflsv.exe
ctfman.exe
ctfmom.exe
ctfmon32.dll
ctfnom.exe
ctfnon.exe
ctfrmon.exe
cthelp.exe
cthkpcv.dll
cthonic.vbs
ctl3d32.dll
ctmon.exe
ctpmon.exe
ctrlpan.dll
ctswin.exe.exe
ctxad.exe
cuapp.exe
cupid2.exe
cure.exe
curepcsolution.exe
cust.exe
cvchost.exe
cvdialog.exe
cvhost.exe
cvn0.exe
cw.exe
cxmdxcs.exe
cxtpls.exe
cxtpls_loader.exe
cycx2ey.exe
cypreg.dll
cysyycqp.sys
cyxid98.exe
czsrv.exe

Dangerous  DANGEROUS - C
Updated weekly. Last update: April 9 2018

Improve boot up time Run a free scan to diagnose your PC and identify the system boottle necks slowing you down. Start Test

Fix Windows PC's Fast! Automated Software Repairs damaged & slow windows systems in 1 click.


c:\bootinfo\smss.exe
C:\BOOTINFO\SMSS.EXE is Trojan/Backdoor.
Kill the process c:\BOOTINFO\SMSS.EXE and remove c:\BOOTINFO\SMSS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

c:\bsw.exe
C:\bsw.exe is Trojan/Backdoor.
Kill the process C:\bsw.exe and remove C:\bsw.exe from Windows startup.

c:\csrss.exe
W32.Buchon worm.
Adds to startup the value:
"Key Logger" = c:\csrss.exe"
Acts as a proxy server and can carry out commands from an attacker to download files from the Internet.
Sends e-mails.
Remove it from startup using RegRun Startup Optimizer.

c:\ddesvr.exe
ddesvr.exe is rootkit Trojan.Comxt.B.
ddesvr.exe is used to hide files, processes and registry.
ddesvr.exe is a user mode rootkit.
Rootkit contacts remote hacker server using HTTP session.
Related files:
C:\ddesvr.exe
C:\2.bin
%Windir%\temp\2.tmp
Added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\comxt
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMXT
More info:
http://www.sarc.com/avcenter/venc/data/t...

c:\documents and settings\all users\start menu\programs\startup\svchost.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\SVCHOST.EXE is Trojan/Backdoor.
Kill the process C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\SVCHOST.EXE and remove C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\SVCHOST.EXE from Windows startup using RegRun.
www.regrun.com

c:\explorer.exe
C:\explorer.exe is W32.Ridnu.B.
Related files:
c:\explorer.exe
c:\explorer.scr
%System%\Mr_CoolFace.exe
%System%\ameajeve.exe
%Windir%\pchealth\helpctr\binaries\msconfig.exe
%Windir%\Negeri Serumpun Sebalai .pif .bat .com .scr .exe
%UserProfile%\Application Data\Mr_CoolFace.exe
%UserProfile%\Application Data\SMA Negeri 1 Pangkalpinang.exe
%UserProfile%\Application Data\explorer.exe
%UserProfile%\Desktop\Babel\psapi.dll
%UserProfile%\Local Settings\DNALSI_AKGNAB.exe
%UserProfile%\Start Menu\Programs\Startup\winlogon.exe
%UserProfile%\All Users\Documents\Nitip dulu jangan dihapus.scr
%UserProfile%\All Users\Documents\Smansa_Pkp.scr
%UserProfile%\All Users\Documents\\Cantik.scr
%UserProfile%\All Users\Documents\\Cantik.jpg
%UserProfile%\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process c:\explorer.exe and remove c:\explorer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

c:\links.exe
C:\Links.exe is Trojan/Backdoor.
Kill the process c:\Links.exe and remove c:\Links.exe from Windows startup.
http://securityresponse.symantec.com/avc...

c:\netlog.exe
netlog.exe is a Backdoor Trojan.Webus.G .
netlog.exe spreads by e-mail and via open network shares.
netlog.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%System%\scpr32b.exe
%Windir%\System\CSRSS.EXE
C:\netlog.exe
Adds the value:
".svchost" = "%Windir%\System\CSRSS.EXE"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill netlog.exe process and remove netlog.exe from Windows startup using RegRun Startup Optimizer.

c:\recycled\svch0st.exe
C:\Recycled\SVCH0ST.exe is Trojan/Backdoor Detnat.
Kill the process C:\Recycled\SVCH0ST.exe and remove C:\Recycled\SVCH0ST.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com
Read more:
http://securityresponse.symantec.com/avc...

c:\stub_113_4_0_4_0.exe
C:\stub_113_4_0_4_0.exe is Trojan/Backdoor.
Kill the process c:\stub_113_4_0_4_0.exe and remove c:\stub_113_4_0_4_0.exe from Windows startup.

c:\sysrun.exe
Sysrun.exe is mass-mailing worm W32.Mytob.AJ@mm.
Sysrun.exe tries to terminate antiviral programs installed on a user computer.
Sysrun.exe opens a back door on TCP port 10087.
Sysrun.exe spreads by exploiting the DCOM RPC vulnerability (Microsoft Security Bulletin MS03-026) and the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (Microsoft Security Bulletin MS04-011).
Related files:
%System%\bpool.exe
%System%\bps.exe
C:\sysrun.exe
C:\funny_pic.scr
C:\see_this!!.scr
C:\my_photo2005.scr
Adds the value:
"Major Microsoft Windows Driver Boot loader" = "bpool.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill sysrun.exe process and remove sysrun.exe from Windows startup using RegRun Startup Optimizer.

c:\wallpaper.exe
Wallpaper.exe is W32.Iteb.A.
Related files:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ACDSee.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office.exe
C:\WINDOWS\All Users\Start Menu\Programs\StartUp\ACDSee.exe
C:\WINDOWS\All Users\Start Menu\Programs\StartUp\Office.exe
C:\Wallpaper.exe
D:\Walpaper.exe
D:\Dia.exe
D:\Natural.exe
D:\Cantik.exe
E:\Denah.exe
F:\Lokasi.exe
G:\Peta.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process Wallpaper.exe and remove Wallpaper.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

c:\wi
Rundll32.exe c:\wi is Trojan/Backdoor.
Kill the file c:\wi and remove 'rundll32.exe c:\wi' from Windows startup using RegRun Reanimator.
http://www.regrun.com

c:\winrun\msconfig.exe
msconfig.exe is a worm W32.HLLW.Winur.
msconfig.exe spreads via open network shares.
msconfig.exe tries to terminate antiviral programs installed on a user computer.
Related files:
C:\winrun\msconfig.exe
klez_removal.exe
Adds the value:
msconfig C:\winrun\msconfig.exe
winrun c:\winrun\msconfig.exe
to the Windows startup registry keys.
More info:
http://www.symantec.com/avcenter/venc/da...
Removal:
Kill the process msconfig.exe and remove msconfig.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

c:\wmiprvse.exe
Wmiprvse.exe is Backdoor.Fonamebot.
Backdoor.Fonamebot is a proof-of-concept Trojan horse that uses DNS query packets to receive back door commands from a compromised DNS server.
Related files:
C:\wmiprvse.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process wmiprvse.exe and remove wmiprvse.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

c:\wp.exe
Wp.exe is a Trojan Trojan.Desktophijack.
Wp.exe modifies the home page and desktop settings.
Related files:
%SystemDrive%\wp.exe
%SystemDrive%\wp.bmp
%System%\gunist.exe
%System%\param32.dll
%System%\pop_up.dll
%System%\searchdll.dll
%System%\wldr.dll
%System%\Air Tickets.ico
%System%\Big Tits.ico
%System%\Blackjack.ico
%System%\Britney Spears.ico
%System%\Car Insurance.ico
%System%\Cheap Cigarettes.ico
%System%\Credit Card.ico
%System%\Cruises.ico
%System%\Currency Trading.ico
%System%\Lesbian Sex.ico
%System%\MP3.ico
%System%\Online Betting.ico
%System%\Online Gambling.ico
%System%\Oral Sex.ico
%System%\Party Poker.ico
%System%\Pharmacy.ico
%System%\Phentermine.ico
%System%\Pornstars.ico
%System%\Remove Spyware.ico
%System%\viagra.ico
%UserProfile%\Desktop\Air Tickets.url
%UserProfile%\Desktop\Big Tits.url
%UserProfile%\Desktop\Blackjack.url
%UserProfile%\Desktop\Britney Spears.url
%UserProfile%\Desktop\Car Insurance.url
%UserProfile%\Desktop\Cheap Cigarettes.url
%UserProfile%\Desktop\Credit Card.url
%UserProfile%\Desktop\Cruises.url
%UserProfile%\Desktop\Currency Trading.url
%UserProfile%\Desktop\Lesbian Sex.url
%UserProfile%\Desktop\MP3.url
%UserProfile%\Desktop\Online Betting.url
%UserProfile%\Desktop\Online Gambling.url
%UserProfile%\Desktop\Oral Sex.url
%UserProfile%\Desktop\Party Poker.url
%UserProfile%\Desktop\Pharmacy.url
%UserProfile%\Desktop\Phentermine.url
%UserProfile%\Desktop\Pornstars.url
%UserProfile%\Desktop\Remove Spyware.url
%UserProfile%\Desktop\viagra.url
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill wp.exe process and remove wp.exe from Windows startup using RegRun Startup Optimizer.

c0mmand.exe
C0MMAND.EXE is a Trojan.Dloadr-ABL.
C0MMAND.EXE downloads code from the internet.
More info:
http://www.sophos.com/virusinfo/analyses...
Removal:
Kill C0MMAND.EXE process and remove C0MMAND.EXE from Windows startup using RegRun Startup Optimizer.

c2b.dll
C2B.DLL is Trojan DELF.
Read more:
http://www.spywaredata.com/spyware/threa...
Kill the file C2B.DLL and remove C2B.DLL from Windows startup using RegRun.
www.regrun.com

c8.exe.exe
C8.exe.exe is Backdoor.Hupigon.bxs.
Kill the process c8.exe.exe and remove c8.exe.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cab.exe
Cab.exe is an adware program Adware.Affilred.
Cab.exe monitors user Internet activity.
Related files:
usbwin32.exe
C:\CriticalUpdate.exe
C:\cab.exe
C:\winsecure.exe
%Windir%\twain_32.exe
%Windir%\mshotfix.exe
%Windir%\msupdate.exe
%System%\security32.exe
%System%\iProtect.exe
%System%\axe.exe
%System%\inetconnect.dll
%System%\comnt32.dll.
Adds the value:
"MSUpdate" = "c:\criticalUpdate.exe"
"Microsoft Security Hot Fix Update" = "%SystemRoot%\mshotfix.exe"
"Microsoft Cab Manager" = "c:\exec.exe"
"Windows Security Manager" = "c:\winsecure.exe"
"Windows Security Update" = "%Windir%\security32.exe"
"Userinit" = "%System%\userinit.exe, %Windir%\iProtect.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cab.exe process and remove cab.exe from Windows startup using RegRun Startup Optimizer.

cabchk32.exe
This is Trojan program Trojan.Gema.
Read more:
http://securityresponse.symantec.com/avc...
Remove it from startup by RegRun Startup Optimizer.

cable.exe
Cable.exe is a mass-mailing worm W32.Cabreck.
Cable.exe spreads via shared network drives.
Related files:
%SystemDrive%\Cable.exe
%Windows%\Cable.exe
%Currentfolder%\Cable.exe
Adds the value:
"run" = "Cable.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill Cable.exe process and remove Cable.exe from Windows startup using RegRun Startup Optimizer.

caclseng.exe
caclsENG.exe is a Trojan.Bdoor-JO.
caclsENG.exe opens a back door.
Related files:
caclsENG.exe
carun.dll
carun.ocx
install.cmd
settimedate.exe
tskman.exe
More info:
http://www.sophos.com/virusinfo/analyses...
Removal:
Kill caclsENG.exe process and remove caclsENG.exe from Windows startup using RegRun Startup Optimizer.

caeioodn.exe
caeioodn.exe is a Trojan/Backdoor.
Removal:
Kill caeioodn.exe process and remove caeioodn.exe from Windows startup using RegRun Startup Optimizer.

cafe08pl.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programs place in the Registry. The server will automatically be updated using HTTP.

cafeclnt.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programs place in the Registry. The server will automatically be updated using HTTP.

cafeini.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programs place in the Registry. The server will automatically be updated using HTTP.

cafeiniclient.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programs place in the Registry. The server will automatically be updated using HTTP.

cafeiniconfig.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programs place in the Registry. The server will automatically be updated using HTTP.

cafeiniserver.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programs place in the Registry. The server will automatically be updated using HTTP.

calcal32.dll
CALCAL32.DLL is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqd91e7...
Kill the file CALCAL32.DLL and remove CALCAL32.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

californ.exe
Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

card.exe
Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)

cari.scr
I-Worm.MyLife.b
It is a worm virus being spread via the Internet as an e-mail attachment.
When the worm is launched for the first time it shows a window with a picture.
While installing the worm copies itself to the Windows system directory with the name "cari.scr" and registers this file in the system registry auto-run key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run win=%SYSTEM%\cari.scr
To send infected messages the worm uses Microsoft Outlook, it sends messages to all addresses found in the Microsoft Outlook Address Book.
The worm also gets victim e-mail addresses from MSN Messenger e-mail base.
Also, the worm checks the current date, if the current hour value is 8, the worm executes its payload routine, deleting the following files: c:\*.*; d:\*.*; e:\*.*; f:\*.*
Also deleted are: *.sys files in the Windows directory and *.vxd, *.sys, *.ocx, and *.nls files in the Windows system directory

Remove it from startup by RegRun Startup Optimizer.

cartaovirtual.exe
CartaoVirtual.exe is Trojan/Backdoor.
Kill the process CartaoVirtual.exe and remove CartaoVirtual.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

carun.dll
carun.dll is a Trojan.Bdoor-JO.
carun.dll opens a back door.
Related files:
caclsENG.exe
carun.dll
carun.ocx
install.cmd
settimedate.exe
tskman.exe
More info:
http://www.sophos.com/virusinfo/analyses...
Removal:
Remove carun.dll from Windows startup using RegRun Startup Optimizer.

casclient.exe
Casclient.exe is CasinoClient Adware.
Kill the process casclient.exe and remove casclient.exe from Windows startup.

casino_server14.dll
CASINO_SERVER14.DLL is Polymorphic.File.Exploit.
Read more:
http://fileinfo.prevx.com/adware/qq8afa6...
Kill the file CASINO_SERVER14.DLL and remove CASINO_SERVER14.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

casper.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

cassandra.exe
Cassandra.exe is Trojan/Backdoor.
Kill the process Cassandra.exe and remove Cassandra.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cassl.exe
Cassl.exe is Trojan/Backdoor Rbot.
Kill the process cassl.exe and remove cassl.exe from Windows startup.

cats.exe
CATS.EXE is Parved Worm.
Kill the process CATS.EXE and remove CATS.EXE from Windows startup.
http://securityresponse.symantec.com/avc...

catsrv71.exe
CATSRV71.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqd2c35...
Kill the process CATSRV71.EXE and remove CATSRV71.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

catsrvut.exe
Catsrvut.exe is Trojan/Backdoor.
Kill the process catsrvut.exe and remove catsrvut.exe from Windows startup.

catswebv.exe
CATSWEBV.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq54103...
Kill the process CATSWEBV.EXE and remove CATSWEBV.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cavapsvc.exe
Gaobot Trojan.
Spreads in local network via open shares.
Also it uses DCOM RPC vulnerability (135,445 ports) and WebDav vulnerability (port 80).
Allows to control the victim computer by IRC.
Terminates well known antiviral software.
Removal:
install the patches from Microsoft:
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
Set the strong passwords for network shares.
Use RegRun "Terminate" feature to erase the virus body files.
They are located in Windows\System32 folder.
Cavapsvc.exe
Csrrs.exe
Cvhost.exe
DIIhost.exe (with capital letter 'i')
Dosrun32.exe
Dos32.exe
Lsas.exe
Regloadr.exe
Schost.exe
Scvhost.exe
Service.exe
Servicess.exe
Sochost.exe
Swchost.exe
System.exe
Update.exe
Wdrun32.exe
Winhlpp32.exe
Winreg.exe
Winupdsdgm.exe

Free removal tool:
http://securityresponse.symantec.com/avc...

caxchg.exe
Caxchg.exe is Trojan/Backdoor.
Kill the process caxchg.exe and remove caxchg.exe from Windows startup.

caznovas.exe
Backdoor.Cazno is a Trojan horse that allows an attacker to control a compromised system.

Copies itself as %System%\CAZNOVAS.exe.

Listens on a configurable port, waiting for the commands from an attacker.
Uses ICQ or IRC to send the attacker information on a compromised system.
The ICQ contact and IRC server are configurable.

Allows the attacker to control the computer and do any of the following:
- Obtain system information
- List/start/stop processes
- Control window functions (show/hide windows)
- Log keystrokes, steal passwords
- Shut down and restart the computer
- Control the Web camera
- Control file system (list, delete, rename, and create files)

Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.

For manual removal, please delete any value that looks like:
"CAZNOVAS" = %system%\CAZNOVAS.exe"
in the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

cazz_001.exe
CAZZ_001.EXE is Trojan/Backdoor.
Kill the process CAZZ_001.EXE and remove CAZZ_001.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cback.exe
CBACK.EXE is a worm W32.Licum.
CBACK.EXE spreads by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability (Microsoft Security Bulletin MS03-026).
Related files:
dl.exe
CBACK.EXE
GAELICUM.EXE
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill CBACK.EXE process and remove CBACK.EXE from Windows startup using RegRun Startup Optimizer.

cbkdkiw.exe
Cbkdkiw.exe is W32/Fanbot-F.
Related files:
%System%\cbkdkiw.exe
%System%\dnierjk.exe
%System%\meex.com
Read more:
http://www.sophos.com/security/analyses/...
Kill the process cbkdkiw.exe and remove cbkdkiw.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cbko08.dll
Cbko08.dll is Trojan/Backdoor.
Kill the file cbko08.dll and remove cbko08.dll from Windows startup.

cbxvwuv.dll
Cbxvwuv.dll is Trojan/Backdoor.
Kill the file cbxvwuv.dll and remove cbxvwuv.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cc invader.exe
Remote Access / FTP server

cc invader2.exe
Remote Access / FTP server

ccapp32.exe
W32.HLLW.Gaobot.gen is a family of worms that infects computers through various exploits.
It also opens backdoors to infected computers through IRC.

The worm does the following:
Copies itself to the %System% folder.
The file names vary, and are often chosen to resemble the names of legitimate Windows system files.
Some examples include Csrrs.exe, Scvhost.exe, and System.exe.

Adds a value in the form
"" = ""
for example:
"Configuration Loader" = "Service.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

May create a registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
and add a value in the form:
= "%System%\" -service
For example:
"Configuration Loader" = "%System%\Service.exe" -service

Connects to an IRC server, using its own IRC client, and then listens for commands to do any of the following:
Download and execute files
Steal system information
Send the worm to other IRC users
Add new accounts
Perform Denial of Service (DoS) attacks

Terminates antivirus and firewall software, as well as the process names associated with other worms.

Remove it with RegRun Startup Optimizer.

ccappms.exe
Ccappms.exe is Trojan/Backdoor.
Kill the process ccappms.exe and remove ccappms.exe from Windows startup.

ccapps.exe
Ccapps.exe is Trojan/Backdoor Troj/Banker-AK.
Kill the process ccapps.exe and remove ccapps.exe from Windows startup.
http://www.sophos.com/virusinfo/analyses...

ccc.exe
FakeVirii trojan

ccevtmngr.exe
CcEvtMngr.exe is Trojan/Backdoor.
Kill the process ccEvtMngr.exe and remove ccEvtMngr.exe from Windows startup.
http://www.sophos.com/virusinfo/analyses...

ccprxy.exe
CcPrxy.exe is Trojan.Shipli.
Related files:
%System%\ccPrxy.exe
C:\WINDOWS\infrom.dat
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process ccPrxy.exe and remove ccPrxy.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

ccremover.exe
CCREMOVER.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqb00c8...
Kill the process CCREMOVER.EXE and remove CCREMOVER.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

ccrptmr6.dll
CcrpTmr6.dll is a Spyware.ChatWatch.
CcrpTmr6.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
cw.exe
ccrpTmr6.dll
PolarZIPLight.dll
Richtx32.ocx
Adds the value:
"cwatch" = "\cw.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove ccrpTmr6.dll from Windows startup using RegRun Startup Optimizer.

ccsevrt.exe
Ccsevrt.exe is Trojan/Backdoor.
Kill the process ccsevrt.exe and remove ccsevrt.exe from Windows startup.

ccsrs.exe
Ccsrs.exe is a mass-mailing worm W32.Mytob.AF@mm.
Ccsrs.exe tries to terminate antiviral programs installed on a user computer.
Ccsrs.exe spreads by e-mail and via open network shares.
Related files:
%System%\ccsrs.exe
%SystemDrive%\funny_pic.scr
%SystemDrive%\my_photo2005.scr
%SystemDrive%\see_this!!.scr
Adds the value:
"WINTASKMGR" = "ccsrs.exe"
to the Windows startup registry keys

More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill ccsrs.exe process and remove ccsrs.exe from Windows startup using RegRun Startup Optimizer.

ccsrsc.exe
CCSRSC.EXE is Worm Warezov.
Read more:
http://fileinfo.prevx.com/adware/qqcb5f8...
Kill the process CCSRSC.EXE and remove CCSRSC.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

ccsserv.exe
CCSSERV.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq6de35...
Kill the process CCSSERV.EXE and remove CCSSERV.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

ccwoserve.exe
Ccwoserve.exe is Trojan.Samo.
Trojan.Samo is a Trojan horse that sends out links via MSN Messenger to a copy of Downloader.
Related files:
msn.exe
orkut.exe
ccwoserve.exe
ie.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process ccwoserve.exe and remove ccwoserve.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cczoop05.exe
Cczoop05.exe is YourEnhancement downloader.
Read more:
http://www3.ca.com/securityadvisor/pest/...
Kill the process cczoop05.exe and remove cczoop05.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cd_load.exe
Adware.
Manufacturer:Cydoor Techonologies ad-system.
Related files in the System folder:
CD_CLINT.DLL
CD_GIF.DLL
CD_HTM.DLL
CD_SWF.DLL
CD_LOAD.EXE
ADCACHE folder
Remove it.
Read more:
http://www.cexx.org/cydoor.htm

cd1.exe
CD1.EXE is a Internet worm executed with Windows startup. Uses varying filenames.
Read more:
http://www.superadblocker.com/definition...
Kill the process CD1.EXE and remove CD1.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cda4h.dll
We suggest you to remove cda4h.dll from your computer as soon as possible.
Cda4h.dll is W32/SillyFDC-BA.
Related files:
%Temp%\cda4h.dll
%System%\avpo0.dll
%System%\avpo1.dll
Read more:
http://www.sophos.com/security/analyses/...
Kill the file cda4h.dll and remove cda4h.dll from Windows startup.

cdeztks.exe
Remote Access / Keylogger / Steals passwords / ICQ trojan / AOL trojan / DoS tool
It alters Wininit.ini and replaces explorer.exe with explorer.e. It may also infect Awadrp32.exe, Mkcompat.exe and Rnaap.exe. You usually notice your infected because you no longer can reboot or shutdown the computer as the trojan will not shutdown. BioNet also makes it impossible to reboot to DOS mode to delete the trojan. It evaids antivirus and firewall programs. Every server sent out is possible to be unique with combinations of more than 50 different features using the server builder. Using CGI scripts the trojan can do almost anything. Because of this may manual removal instruction not be totally reliable. The server is distributed in an uncompressed version, to allow anyone to use a compressor is his choice. Using a scheduler, the hacker can activate the server to make contact on a certain a specific day. BioNet is able to attack other servers using a large numbers IGMP packets using all available bandwidth. From v3.09 it supports plug-ins from other coders.

cdkkfdso.exe
CDKKFDSO.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq864b5...
Kill the process CDKKFDSO.EXE and remove CDKKFDSO.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdm.exe
Cdm.exe is DownloadWare Adware.
Read more:
http://research.sunbelt-software.com/thr...
Kill the process cdm.exe and remove cdm.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdndrag.dll
CDNDRAG.DLL is CNNIC Update downloader.
Read more:
http://www3.ca.com/securityadvisor/pest/...
Kill the file CDNDRAG.DLL and remove CDNDRAG.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdnforie.dll
Cdnforie.dll is CNNIC Update downloader.
Read more:
http://www.pestpatrol.com/spywarecenter/...
Kill the file cdnforie.dll and remove cdnforie.dll from Windows startup using RegRun.
www.regrun.com

cdnprot.sys
Cdnprot.sys is Trojan/Backdoor.
Kill the file cdnprot.sys and remove cdnprot.sys from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdr.exe
Cdr.exe is a part of CryptDrive software.
CryptDrive is a misleading application that may give exaggerated reports about potential risks on the compute
Related files:
C:\Documents and Settings\Administrator\Application Data\CryptDrive\CryptDrive\Schedule\schedule.sav
C:\Documents and Settings\Administrator\Application Data\CryptDrive\settings.config
C:\Documents and Settings\Administrator\Application Data\CryptDrive\Update.sav
C:\Documents and Settings\Administrator\Cookies\administrator@cryptdrive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Desktop\CryptDrive Free.lnk
C:\Documents and Settings\Administrator\My Crypted Drives\DPMM.dks
C:\Documents and Settings\Administrator\My Crypted Drives\drive.log
C:\Documents and Settings\All Users\Start Menu\Programs\CryptDrive Free\CryptDrive Free on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CryptDrive Free\CryptDrive Free.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CryptDrive Free\Uninstall CryptDrive Free.lnk
C:\WINDOWS\system32\drivers\drvprt.sys
C:\WINDOWS\system32\drivers\FIBL.sys
Related directory:
C:\Program Files\CryptDrive\
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process cdr.exe and remove cdr.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdromdrv32.dll
Cdromdrv32.dll is Trojan Downloader.
Kill the file cdromdrv32.dll and remove cdromdrv32.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdrun.exe
Cdrun.exe is Trojan/Backdoor.
Kill the process cdrun.exe and remove cdrun.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdtbar.dll
CDTbar.dll is a part of CryptDrive software.
CryptDrive is a misleading application that may give exaggerated reports about potential risks on the compute
Related files:
C:\Documents and Settings\Administrator\Application Data\CryptDrive\CryptDrive\Schedule\schedule.sav
C:\Documents and Settings\Administrator\Application Data\CryptDrive\settings.config
C:\Documents and Settings\Administrator\Application Data\CryptDrive\Update.sav
C:\Documents and Settings\Administrator\Cookies\administrator@cryptdrive[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Desktop\CryptDrive Free.lnk
C:\Documents and Settings\Administrator\My Crypted Drives\DPMM.dks
C:\Documents and Settings\Administrator\My Crypted Drives\drive.log
C:\Documents and Settings\All Users\Start Menu\Programs\CryptDrive Free\CryptDrive Free on the Web.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CryptDrive Free\CryptDrive Free.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CryptDrive Free\Uninstall CryptDrive Free.lnk
C:\WINDOWS\system32\drivers\drvprt.sys
C:\WINDOWS\system32\drivers\FIBL.sys
Related directory:
C:\Program Files\CryptDrive\
Read more:
http://www.symantec.com/enterprise/secur...
Kill the file CDTbar.dll and remove CDTbar.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cdvruhwl.exe
CDVRUHWL.EXE is Adware.VSToolbar.
Read more:
http://fileinfo.prevx.com/adware/qq864b8...
Kill the process CDVRUHWL.EXE and remove CDVRUHWL.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cel90xbe.sys
Cel90xbe.sys is Trojan/Backdoor.
Kill the file cel90xbe.sys and remove cel90xbe.sys from Windows startup using RegRun Reanimator.
http://www.regrun.com

celindriver.sys
CELINDRIVER.SYS is Trojan/Backdoor.
Read more:
http://spywaredlls.prevx.com/RRHJGD28735...
Kill the file CELINDRIVER.SYS and remove CELINDRIVER.SYS from Windows startup using RegRun Reanimator.
http://www.regrun.com

cenik.exe
Worm / Mail trojan
The worms .exe file is distributed in a compressed format and is using one of twenty names randomly. Hermes contacts "
http://www.seznam.cz", but there is nothing there. It also tris to register, but fails to do so beacause of a bug. It propagates twice to all addresses in Outlook. In several versions th code is packed using UPX.

ceres.dll
Ceres.dll and Buddy.exe are Adware/Spyware components related to Transponder family.
Source: offeroptimizer.com.
File Info:
Company name: Ceres
Internal name: Ceres
Comments: www.abetterinternet.com
Legal copyright: Copyright 2004
Legal trademarks:
Original filename: Ceres.dll
Product name: Ceres
CLSID = '{00000049-8F91-4D9C-9573-F016E7626484}
Ceres.dll is installed as Browser Helper Object.
Ceres.dll monitors Internet activity and displays ads.
Also, related file is buddy.exe.
http://www.webhelper4u.com/tnewswritigs/...
Removal:
Kill the buddy.exe process. Remove Ceres.dll from BHO list.

cetdxsas.dll
CETDXSAS.DLL is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq4c867...
Kill the file CETDXSAS.DLL and remove CETDXSAS.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

cfg32.exe
Cfg32.exe is PowerStrip Adware.
Read more:
http://www.ca.com/us/securityadvisor/pes...
Kill the process cfg32.exe and remove cfg32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cfg95.exe
Remote Access / Steals passwords
Alters Win.ini (v 2.0).

cfghtm.dll
CFGHTM.DLL is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq0dd25...
Kill the file CFGHTM.DLL and remove CFGHTM.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

cfginst.exe
Cfginst.exe is Trojan-Downloader.Win32.Tiny.is.
Read more:
http://www.viruslist.com/en/viruses/ency...
Kill the process cfginst.exe and remove cfginst.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cfgpwnz.exe
Cfgpwnz.exe is W32.Bropia.R.
W32.Bropia.R is a worm that spreads via MSN Messenger and drops a variant of W32.Spybot.Worm.
Related files:
%System%\cfgpwnz.exe
%System%\actboost.exe
Read more:
http://www.symantec.com/security_respons...
Kill the process cfgpwnz.exe and remove cfgpwnz.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cfgwiz32.exe
Remote Access / Hidden IP-Scanner
The trojan is able to decrypt cached passwords.

cfmon.exe
Cfmon.exe is Randex Trojan.
Kill the process cfmon.exe and remove cfmon.exe from Windows startup.

cfnot32.exe
Cfnot32.exe is Trojan/Backdoor.
Kill the process cfnot32.exe and remove cfnot32.exe from Windows startup.

cftnom.exe
Cftnom.exe is Trojan/Backdoor.
Read more:
http://virusinfo.prevx.com/pxparall.asp?...
Kill the process cftnom.exe and remove cftnom.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cgtask.exe
This is SOBIG worm.
Read full information at:
http://www.lurhq.com/sobig-e.html
Remove it from startup by RegRun Startup Optimizer.

chainsaw.exe
Worm / Network trojan / DoS tool / Destructive trojan
Alters Win.ini. The worm propagates using shared drives. After completing an installation it sends a message to the newsgroup ""alt.horror"". Also tries to connect to computers with SubSeven or NetBus installed. Kills ZoneAlarm firewall.

chart.vbs
I-Worm.Gigger
JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread.
It infects .html files.
Attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.

JS.Gigger.A@mm arrives as an email message that has the following characteristics:

Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm

If the worm is executed, it does the following:
It drops the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Help\Mmsn_offline.htm

Next, it drops a Script.ini file to spread itself by mIRC. Norton AntiVirus (NAV) detects the infected Script.ini as IRC.Worm.gen.

The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
and adds the value:
NAV DefAlert %Windows%\SAMPLES\WSH\Chart.vbs.
to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Next, the worm searches network drives and copies itself as \Windows\Start Menu\Programs\StartUp\Msoe.hta

Manual removal:
In a file c:\autoexec.bat look for the formatting line.
If it exists, delete the entire line.

Then navigate to the following key in the system registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the following value:
NAV DefAlert
Navigate to and delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0

Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.

chatblocker.exe
ChatBlocker.exe is a Spyware.ChatBlocker.
ChatBlocker.exe blocks applications.
Related files:
ChatBlocker.exe
Windir%\cbphook.dll
%Windir%\cbsys32.dll
%Windir%\cbtril32.dll
%Windir%\unvise32.exe
%Windir%\vmlmod.dll
%Windir%\winsscap.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill ChatBlocker.exe process and remove ChatBlocker.exe from Windows startup using RegRun Startup Optimizer.

chcp.exe
Chcp.exe is Trojan/Backdoor.
Kill the process chcp.exe and remove chcp.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cheatle.exe
W32.HLLP.Shodi.B is a virus that prepends itself to the files that have a .exe extension.
The backdoor is configured to listen on TCP ports 6351 and 6352.
Searches for the files that have the .exe extensions on all the hard drives, starting with drive C.
The worm searches all the folders on the hard drive, except those with the following names: Windows; System; System32
It does not infect the files that have the following names: IEXPLORE.EXE; ccApp.exe; ccRegVfy.exe
Prepends itself to some of the files that it finds.

See also GigaByte.exe in RegRun database.
Please, remove this worm with RegRun Startuip Optimizer.

check.exe
Check.exe is W32.Renadoc.A.
Related files:
%System%\Direct.com
%Windir%\Desktop.com
%System%\Check.exe
%UserProfile%\Start Menu\Programs\Startup\Scan.pif
[PATH TO THE THREAT FILE]\.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process Check.exe and remove Check.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

checkin.dll
Checkin.dll is Trojan/Backdoor.
Kill the file checkin.dll and remove checkin.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

checks02.exe
CheckS02.exe is Trojan/Backdoor.
Kill the process CheckS02.exe and remove CheckS02.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

chenzi.exe
Chenzi.exe is Infostealer.Lingling.
Related files:
%System%\~.exe
%Temp%\svchost.exe
%Temp%\g0ld.com
C:\WINDOWS\chenzi.exe
%System%\bdscheca001.dll
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process chenzi.exe and remove chenzi.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

chestburst.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

chickie.exe
ChiCkie.exe is W32.Chiko.
W32.Chiko is a worm that spreads to removable drives.
Related files:
C:\Documents and Settings\Administrator\Local Settings\Application Data\svchost.exe
C:\WINDOWS\inf\chiCkie.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process chiCkie.exe and remove chiCkie.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

chictwo.exe
ChicTwo.exe is Trojan/Backdoor.
Kill the process ChicTwo.exe and remove ChicTwo.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

chii.exe
Chii.exe is Trojan.Coldung.
Related files:
%Windir%\chii.exe
%Windir%\zupacha.exe
%Windir%\1.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process chii.exe and remove chii.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

chkdsk.dll
Chkdsk.dll is ClickSpring.PuritySCAN Adware.
Read more:
http://research.sunbelt-software.com/thr...
Kill the file chkdsk.dll and remove chkdsk.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

chksum.exe
Chksum.exe is Trojan/Backdoor.
Kill the process chksum.exe and remove chksum.exe from Windows startup.

chost~1.exe
chost~1.exe is Adware.ClickSpring.
Manufacturer: Clickspring, LLC
www.clickspring.net
Read more:
http://www.fileresearchcenter.com/C/CHOS...
Kill the process chost~1.exeand remove chost~1.exe from Windows startup using RegRun.
www.regrun.com

chpstart.exe
CHPSTART.EXE is Trojan/Backdoor.
Kill the process CHPSTART.EXE and remove CHPSTART.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

chunse28.exe
CHUNSE28.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq712a6...
Kill the process CHUNSE28.EXE and remove CHUNSE28.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

chupacabra.exe
Remote Access / Destructive trojan
Alters Win.ini.

ciccode.exe
CICCODE.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq56f36...
Kill the process CICCODE.EXE and remove CICCODE.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cicowreg.dll
CICOWREG.DLL is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqd70e6...
Kill the file CICOWREG.DLL and remove CICOWREG.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

cih.exe
Worm / Mail trojan
The worms .exe file is distributed in a compressed format and is using one of twenty names randomly. Hermes contacts "
http://www.seznam.cz", but there is nothing there. It also tris to register, but fails to do so beacause of a bug. It propagates twice to all addresses in Outlook. In several versions th code is packed using UPX.

cihost.exe
Trojan.Linst attaches itself to Internet Explorer and sends information to a Web server.

When Trojan.Linst is executed, it does the following:
Creates the following files in the current folder, %Windir% and %System32%:
Zlib.dll: A legitimate library file
Groups.txt: A configuration file
Links.txt: A configuration file
HttpReq.dll: A legitimate library file
Dlinsth.dll: Detected as Trojan.Linst
Dlinst0.dll: Detected as Trojan.Linst
Bho.dll: An adware detected as Adware.IEHelperPage

Adds the value:
"cihost.exe"="%windir%\cihost.exe"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.

Loads the adware - Bho.dll.
Loads Dlinsth.dll that passes information back to http:/ /x-fuck.net, including:
- Software installed
- Environment variables
- System settings
Depending on the results returned by the Web server, advertisements may be displayed.

Use RegRun Startup Optimizer to remove it from startup.

cips.exe
Cips.exe is Trojan/Backdoor.
Kill the process cips.exe and remove cips.exe from Windows startup.

ciscv.exe
Ciscv.exe is variant of Rbot Family.
Read more:
http://www3.ca.com/securityadvisor/virus...
Kill the process ciscv.exe and remove ciscv.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cisopipc.exe
CISOPIPC.EXE is Adware.VSToolbar.
Read more:
http://fileinfo.prevx.com/adware/qq864b5...
Kill the process CISOPIPC.EXE and remove CISOPIPC.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cisrv.exe
Cisrv.exe is Trojan/Backdoor.
Kill the process cisrv.exe and remove cisrv.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cisvc32.exe
This is browser spyware: Confusearch.
After running the CISVC32.exe it creates ConfuSearch.dll and
STRAd32.dll in the %SysDir% folder (where %SysDir% is the the Widnows
System(for Windows 95/98/Me) or System32 folder(for Windows
NT4/2000/XP).
CISVC32.exe registers both DLLs in th registry.
STRAd32.dll is the Browser Helper Object. It's used for logging
visited pages.
Adds the sub-key {1433F750-E53F-11D8-9669-0800200C9A66} to:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

ConfuSearch.dll - URL search hook object.
Adds the sub-key {D7CD08F0-D691-11D8-9669-0800200C9A66} to the :
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
It sends the user search requests to the:
http://www.dnscaching.net/search/?q=

Creates the keys:
HKCR\TypeLib\{D7CD08E1-D691-11D8-9669-0800200C9A66}
HKCR\TypeLib\{1433F742-E53F-11D8-9669-0800200C9A66}
HKCR\CLSID\{1433F750-E53F-11D8-9669-0800200C9A66}
HKCR\Interface\{1433F74F-E53F-11D8-9669-0800200C9A66}

To remove it you need to unregister both DLL's.
Run the command:
regsvr32 /u STRAd32.dll
regsvr32 /u ConfuSearch.dll

Delete other registry keys using regedit (it's not necessary).

cixvu.exe
Cixvu.exe is Trojan/Backdoor.
Kill the process cixvu.exe and remove cixvu.exe from Windows startup.

cjczuf.exe
Salm.exe is a Trojan Trojan.LowZones.
Salm.exe lowers Internet Explorer security settings.
Related files:
%Temp%\auto_update_install.exe
%Temp%\setup.inf
%Temp%\auf0.exe
%Temp%\cxtpls_loader.exe
%Temp%\iinstall.exe
%Temp%\sidefind.exe
%Temp%\WToolsA.exe
%Temp%\WToolsB.dll
%Temp%\AutoUpdaterInstaller[1].exe
%Temp%\nem220[1].dll
%Temp%\salm.exe
%Temp%\istbar.dll
%System%\auto_update_uninstall.exe
%Windir%\lohmvql.exe
%Windir%\nem220.dll
%Windir%\qoqek.exe
%Windir%\zeta.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill salm.exe process and remove salm.exe from Windows startup using RegRun Startup Optimizer.

ck3.exe.exe
Ck3.exe.exe is Adware Dollarrevenue.
Directory: %TEMP%\
Read more:
http://fileinfo.prevx.com/fileinfo.asp?P...
Kill the process ck3.exe.exe and remove ck3.exe.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

ckfse.exe
CKFSe.exe is Trojan.Cakefes.
Trojan.Cakefes is a Trojan horse that downloads and executes a potentially malicious file on the compromised computer. It may then steal sensitive information from the compromised computer
Related files:
[JAPANESE CHARACTERS].exe
[JAPANESE CHARACTERS].doc
%UserProfile%\Local Settings\Temp\CKFSe.exe
%UserProfile%\Local Settings\Temp\mmm.exe
%UserProfile%\Local Settings\Temp\[JAPANESE CHARACTERS].doc
%System%\svchoster
%System%\svchoster.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process CKFSe.exe and remove CKFSe.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

claruxeb.exe
We suggest you to remove claruxeb.exe from your computer as soon as possible.
Claruxeb.exe is Trojan/Backdoor.
Kill the process claruxeb.exe and remove claruxeb.exe from Windows startup.

clcl7.exe
Clcl7.exe is Trojan/Backdoor.
Kill the process clcl7.exe and remove clcl7.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cleaner_opera.dll
Cleaner_Opera.dll is a part of PrivacyGuarantor.
PrivacyGuarantor is a misleading application that provides false warnings about privacy violations.
Related files:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Privacy Guarantor v2.0.lnk
%UserProfile%\Desktop\Privacy Guarantor v2.0.lnk %USERPROGRAMS%\Privacy Guarantor
%UserProfile%\Start Menu\Programs\Privacy Guarantor\Privacy Guarantor v2.0 Uninstaller.lnk
%UserProfile%\Start Menu\Programs\Privacy Guarantor\Privacy Guarantor v2.0 Website.lnk
%UserProfile%\Start Menu\Programs\Privacy Guarantor\Privacy Guarantor v2.0.lnk
%UserProfile%\Start Menu\Privacy Guarantor v2.0.lnk
%ProgramFiles%\Privacy Guarantor
%ProgramFiles%\Privacy Guarantor\clean.log
%ProgramFiles%\Privacy Guarantor\dlls\cleaner_dlls.dll
%ProgramFiles%\Privacy Guarantor\dlls\Cleaner_Opera.dll
%ProgramFiles%\Privacy Guarantor\dlls\miranda_dll.dll
%ProgramFiles%\Privacy Guarantor\options.xml
%ProgramFiles%\Privacy Guarantor\Privacy Guarantor.url
%ProgramFiles%\Privacy Guarantor\privacyguarantor.chm
%ProgramFiles%\Privacy Guarantor\PrivacyGuarantor.exe
%ProgramFiles%\Privacy Guarantor\uninst.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the file Cleaner_Opera.dll and remove Cleaner_Opera.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

clhost.exe
Asylium.0.1.3 Trojan

click_me!.exe
Worm / Mail trojan
The worms .exe file is distributed in a compressed format and is using one of twenty names randomly. Hermes contacts "
http://www.seznam.cz", but there is nothing there. It also tris to register, but fails to do so beacause of a bug. It propagates twice to all addresses in Outlook. In several versions th code is packed using UPX.

clicsaml.dll
Clicsaml.dll is WORM_STRAT.DX.
Read more:
http://www.trendmicro.com/vinfo/virusenc...
Kill the file clicsaml.dll and remove clicsaml.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

clie.exe
Distributed DoS tool
Is able to connect to three computers and send 65000 bytes ICMP floods.

client _1_3.exe
Remote Access / FTP server / CQ trojan
InCommand can bind (join or wrap) its server to any other .exe file, and can also add extra legth to it to avoid searches on specific file length. It uses selfinstalling plug-ins to add features to the trojan and can thousands of icons stored inside the EditServer file.

client(beta).exe
Remote Access / Steals passwords
Also has a function called ""Burn Monitor"". This option constantly resets the Screenresolution.

client_12_pw.exe
Remote Access / FTP server / CQ trojan
InCommand can bind (join or wrap) its server to any other .exe file, and can also add extra legth to it to avoid searches on specific file length. It uses selfinstalling plug-ins to add features to the trojan and can thousands of icons stored inside the EditServer file.

clientax.dll
ClientAX.dll is an adware program Adware.180Search (180Solutions).
ClientAX.dll monitors the contents of Web browser windows.
ClientAX.dll opens the Web pages of partner sites when it sees certain keywords in search or shopping site windows.
Related files:
Msbb.exe
Boomerang.exe
ClientAX.dll
180SAInstaller.dll
setup4156.exe
sac.exe
sau.exe
%Program Files%\180search Assistant\sain.exe
%Program Files%\180search Assistant\hsr.dll
%Program Files%\180search Assistant\sau.exe
%Program Files%\180search Assistant\sau.log
%Program Files%\180search Assistant\sau.dll
%Program Files%\180search Assistant\sau_[three random letters].dat
%Program Files%\180search Assistant\sauau.dat
%Program Files%\180search Assistant\sac.exe
%Program Files%\180search Assistant\sauhook.dll
%Program Files%\180search Assistant\sachook.dll
%Program Files%\180searchassistant\salm.exe
%Program Files%\180searchassistant\salmau_update.dat
%Program Files%\180searchassistant\salmhook.dll
%Program Files%\180searchassistant\salm.dat
%Program Files%\180searchassistant\salm_[three random letters].dat
%Program Files%\180searchassistant\salm_[three random letters]_update.dat
%Windir%\Downloaded Program Files\ClientAx.dll
%Windir%\Downloaded Program Files\ClientAx.inf
%Temp%\180sainstallernusalm.exe
Adds the value:
"MSBB" = "[Path to adware file]"
"sau" = "%ProgramFiles%\180search assistant\sau.exe"
"sac" = "%ProgramFiles%\180searchassistant\sac.exe"
"sain" = "%ProgramFiles%\180search assistant\sain.exe"
"salm" = "%ProgramFiles%\180searchassistant\salm.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove ClientAX.dll from Windows startup using RegRun Startup Optimizer.

cliente.exe
Remote Access

clienttrinno.exe
Distributed DoS tool
Is able to connect to three computers and send 65000 bytes ICMP floods.

clipbook.exe
Clipbook.exe is Trojan.Mdropper.Q.
Related files:
clipbook.exe (detected as Backdoor.Femo)
clipbook.dll (detected as Backdoor.Femo)
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process clipbook.exe and remove clipbook.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

clipsvr.dll
Clipsvr.dll is Win32.Mofei.F.
Related files:
%Windows%\SYSTEM32\CLIPSVR.DLL - backdoor trojan, 19,968 bytes, UPX compressed.
%Windows%\SYSTEM32\CLIPSVR32.EXE - copy of the trojan
%Windows%\SYSTEM32\CLIPSVR.CFG - configuration file used by the trojan
Read more:
http://www3.ca.com/securityadvisor/virus...
Kill the file clipsvr.dll and remove clipsvr.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

clsemixer.dll
Clsemixer.dll is Trojan/Backdoor.
Kill the file clsemixer.dll and remove clsemixer.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cm.dll
cm.dll is a Crystalsys Media adware browser helper object.
Manufacturer: Crystalsys Media
www.crystalsysmedia.com
Remove cm.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmagesta.exe
CMagesta.exe is a Trojan Backdoor.Sdbot.
CMagesta.exe spreads via Internet Relay Chat (IRC).
CMagesta.exe tries to terminate antiviral programs installed on a user computer.
CMagesta.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\Cnfgldr.exe
%System%\cthelp.exe
%System%\Sysmon16.exe
%System%\Sys3f2.exe
%System%\Syscfg32.exe
%System%\Mssql.exe
%System%\Aim95.exe
%System%\Svchosts.exe
%System%\FB_PNU.EXE
%System%\Cmd32.exe
%System%\Sys32.exe
%System%\Explorer.exe
%System%\IEXPL0RE.EXE
%System%\iexplore.exe
%System%\sock32.exe
%System%\MSTasks.exe
%System%\service.exe
%System%\Regrun.exe
%System%\ipcl32.exe
%System%\syswin32.exe
%System%\CMagesta.exe
%System%\YahooMsgr.exe
%System%\vcvw.exe
%System%\spooler.exe
%System%\MSsrvs32.exe
%System%\svhost.exe
%System%\winupdate32.exe
%System%\quicktimeprom.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill CMagesta.exe process and remove CMagesta.exe from Windows startup using RegRun Startup Optimizer.

cmappsetup.exe
Cmappsetup.exe is a Trojan.Cmapp.
Cmappsetup.exe downloads and display advertisements.
Cmappsetup.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%ProgramFiles%\CMAPP\cmappstub.exe
%ProgramFiles%\CMAPP\Client\cmappclient.exe
%ProgramFiles%\CMAPP\Client\cmappmf.dll
%ProgramFiles%\asys\Stb.exe
%ProgramFiles%\asys\VFX8.0-1.exe
%Windir%\sysnet.exe
%Windir%\snuninst.exe
%Windir%\svc.exe
%Windir%\visfxun.exe
%UserProfile%\Local Settings\Temp\cmappsetup.exe
Adds the value:
"CMAPP" = ""%ProgramFiles%\CMAPP\Client\cmappclient.exe""
"Sysnet" = "%Windir%\sysnet.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cmappstub.exe process and remove cmappstub.exe from Windows startup using RegRun Startup Optimizer.

cmc_vis.exe
CMC_VIS.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/fileinfo.asp?P...
Kill the process CMC_VIS.EXE and remove CMC_VIS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmctl.dll
Cmctl.dll is an adware program Adware.Istbar.
Cmctl.dll downloads and displays pornographic.
Cmctl.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
ISTsvc.exe
IstBar_DH.dll
ysbactivex.dll
sfbho.dll
sidefind.dll
istrecover[1].exe
istbar.dll
ysb.dll
istbarcm.dll
ISTactivex.dll
istdownload.exe
sidefind.exe
sfsetup.exe
ysb(2).dll
cmctl.dll
juhpad.exe
ysbactivex(3).dll
ysb_regular[1].cab
gjefpet.exe
Adds the value:
"[5 random ASCII characters]" = "[path to adware]"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove cmctl.dll from Windows startup using RegRun Startup Optimizer.

cmctl32.exe
Remote Access / FTP server

cmd32.exe
Cmd32.exe is a Trojan Backdoor.Sdbot.
Cmd32.exe spreads via Internet Relay Chat (IRC).
Cmd32.exe tries to terminate antiviral programs installed on a user computer.
Cmd32.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\Cnfgldr.exe
%System%\cthelp.exe
%System%\Sysmon16.exe
%System%\Sys3f2.exe
%System%\Syscfg32.exe
%System%\Mssql.exe
%System%\Aim95.exe
%System%\Svchosts.exe
%System%\FB_PNU.EXE
%System%\Cmd32.exe
%System%\Sys32.exe
%System%\Explorer.exe
%System%\IEXPL0RE.EXE
%System%\iexplore.exe
%System%\sock32.exe
%System%\MSTasks.exe
%System%\service.exe
%System%\Regrun.exe
%System%\ipcl32.exe
%System%\syswin32.exe
%System%\CMagesta.exe
%System%\YahooMsgr.exe
%System%\vcvw.exe
%System%\spooler.exe
%System%\MSsrvs32.exe
%System%\svhost.exe
%System%\winupdate32.exe
%System%\quicktimeprom.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill Cmd32.exe process and remove Cmd32.exe from Windows startup using RegRun Startup Optimizer.

cmdbcis.exe
CMDBCIS.EXE is Worm.Looked.
Read more:
http://fileinfo.prevx.com/adware/qqda178...
Kill the process CMDBCIS.EXE and remove CMDBCIS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdbcs.exe
Cmdbcs.exe is Troj/PWS-AFC.
Read more:
http://www.sophos.com/security/analyses/...
Kill the process cmdbcs.exe and remove cmdbcs.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdbcsg.exe
Cmdbcsg.exe is Trojan/Backdoor.
Kill the process cmdbcsg.exe and remove cmdbcsg.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdbcsl.exe
CMDBCSL.EXE is Worm.Looked.
Read more:
http://fileinfo.prevx.com/adware/qqda178...
Kill the process CMDBCSL.EXE and remove CMDBCSL.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdbs.exe
CMDBS.EXE is Trojan.ModalDigits.
Read more:
http://fileinfo.prevx.com/adware/qqd7499...
Kill the process CMDBS.EXE and remove CMDBS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdcon.exe
We suggest you to remove cmdcon.exe from your computer as soon as possible.
Cmdcon.exe is Troj/Crypter-C.
Related files:
audiodrv.exe
audioinf.exe
bluecol.exe
cmdcon.exe
diskinf.exe
dllreg.exe
enhance32.exe
infdisk.exe
kbddrv32.exe
kbdrvinf.exe
main16.exe
main32.exe
mousedrv.exe
mswavedll.exe
msurl32.exe
netdll32.exe
netdllex.exe
p4mx4.exe
m32info.exe
pwr32ctr.exe
pwr32crtl.exe
sd32info.exe
vid32cntl.exe
vidcntl.exe
Read more:
http://www.sophos.com/virusinfo/analyses...
Kill the process cmdcon.exe and remove cmdcon.exe from Windows startup.

cmddbcs.exe
Cmddbcs.exe is Trojan/Backdoor.
Kill the process cmddbcs.exe and remove cmddbcs.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdial.exe
Cmdial.exe is W32.Lecivio.
W32.Lecivio is a worm that spreads by copying itself to all mapped drives on the compromised computer. It also downloads potentially malicious files on to the compromised computer.
Related files:
%System%\cmdial.exe
%System%\viollice.exe
%System%\userinit.exe
%System%\inf.exe,
C:\GOKU.exe
%System%\of.ico
%System%\dnandlk.exe
%System%\dpnmodempl.dll
%System%\rpcss.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process cmdial.exe and remove cmdial.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdinst.exe
Cmdinst.exe is ISearch Toolbar.
Read more:
http://www.securemost.com/articles/rm_is...
Kill the process cmdinst.exe and remove cmdinst.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmdline.exe
cmdLine.exe is a Trojan W32.Drivus.A.
cmdLine.exe spreads via open network shares.
Related files:
%System%\ cmdLine.exe
%Windir%windowsupdate.exe
%Windir%winlogon.exe
%Windir%netservice.exe
%Windir%rundlll32.exe
%Windir%scvhost.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cmdLine.exe process and remove cmdLine.exe from Windows startup using RegRun Startup Optimizer.

Type: Dangerous
Part of operation system: No
Microsoft product: No
File Name: windowsupdate.exe
Short Description: W32.Drivus.A
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP.
Actions:
windowsupdate.exe is a Trojan W32.Drivus.A.
windowsupdate.exe spreads via open network shares.
Related files:
%System%\ cmdLine.exe
%Windir%windowsupdate.exe
%Windir%winlogon.exe
%Windir%netservice.exe
%Windir%rundlll32.exe
%Windir%scvhost.exe
More info: http://securityresponse.symantec.com/avc...
Removal:
Kill windowsupdate.exe process and remove windowsupdate.exe from Windows startup using RegRun Startup Optimizer.

cmfibula.exe
Cmfibula.exe is Cmapp adware.
Read more:
http://www.pestpatrol.com/spywarecenter/...
Kill the process cmfibula.exe and remove cmfibula.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cmman.exe
Cmman.exe is Trojan/Backdoor.
Kill the process cmman.exe and remove cmman.exe from Windows startup.
http://www3.ca.com/securityadvisor/pest/...

cmos.com
I-Worm.Timofonica
This Internet worm spreads via e-mail by sending infected messages from affected computers.
While spreading, the worm uses MS Outlook and sends itself to all addresses that are stored in the MS Outlook Address Book.
To spread itself, the worm accesses MS Outlook and uses its functions and address lists.
This is available in Outlook 98/2000 only, so the worm is able to spread only in the case that one of these MS Outlook versions is installed.
Tries to spam people with SMS messages.
During the next Windows startup, the Trojan takes control, erases the CMOS information, and corrupts the information on the local disks.

Automatic removal: Use RegRun Startup Optimizer to remove it from startup.

cmpl32.exe
Cmpl32.exe is Trojan/Backdoor.
Also known as Backdoor.Ranky.L.
Kill the process Cmpl32.exe and other suspicious processes.
Remove Cmpl32.exe from Windows startup using RegRun Startup Optimizer.
Also check the files:
%SysDir%\cmpl32.exe
favad.exe
http://securityresponse.symantec.com/avc...

cmsystem.exe
CMSystem.exe is Adware CASClient.
Kill the process CMSystem.exe and remove CMSystem.exe from Windows startup.

cmut449c14b7.dll
Cmut449c14b7.dll is W32.Stration.B@mm.
Related files:
%Windir%\svchost32.exe
%System%\cmut449c14b7.dll
%System%\hpz1449c14b7.exe
%System%\msji449c14b7.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the file cmut449c14b7.dll and remove cmut449c14b7.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cn911.exe
CN911.EXE is Backdoor.Bifrose.E.
Backdoor.Bifrose.E is a Trojan horse with back door capabilities. It also logs keystrokes and steals sensitive information, which can be sent to a remote server.
Related files:
C:\pligde.exe
%UserProfile%\Local Settings\pligde.exe
%UserProfile%\Local Settings\pligde.dat
%UserProfile%\Local Settings%\SysPr.prx
%System%\wmedia
%System%\wmedia.exe
%Windir%\explorer..exe
%Windir%\plugin1.dat
Read more:
http://www.symantec.com/security_respons...
Kill the process CN911.EXE and remove CN911.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cnen.exe
Cnen.exe is W32.Rinbot.BF.
W32.Rinbot.BF is a worm that spreads by exploiting vulnerabilities and opens a back door on the compromised computer.
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process cnen.exe and remove cnen.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cnetcfg1.exe
Cnetcfg1.exe is Adware.
Kill the process cnetcfg1.exe and remove cnetcfg1.exe from Windows startup.

cnfgldr.exe
Cnfgldr.exe is a Trojan Backdoor.Sdbot.
Cnfgldr.exe spreads via Internet Relay Chat (IRC).
Cnfgldr.exe tries to terminate antiviral programs installed on a user computer.
Cnfgldr.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\Cnfgldr.exe
%System%\cthelp.exe
%System%\Sysmon16.exe
%System%\Sys3f2.exe
%System%\Syscfg32.exe
%System%\Mssql.exe
%System%\Aim95.exe
%System%\Svchosts.exe
%System%\FB_PNU.EXE
%System%\Cmd32.exe
%System%\Sys32.exe
%System%\Explorer.exe
%System%\IEXPL0RE.EXE
%System%\iexplore.exe
%System%\sock32.exe
%System%\MSTasks.exe
%System%\service.exe
%System%\Regrun.exe
%System%\ipcl32.exe
%System%\syswin32.exe
%System%\CMagesta.exe
%System%\YahooMsgr.exe
%System%\vcvw.exe
%System%\spooler.exe
%System%\MSsrvs32.exe
%System%\svhost.exe
%System%\winupdate32.exe
%System%\quicktimeprom.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill Cnfgldr.exe process and remove Cnfgldr.exe from Windows startup using RegRun Startup Optimizer.

cnftips.exe
Cnftips.exe is Trojan/Backdoor.
Kill the process cnftips.exe and remove cnftips.exe from Windows startup.

cnprov.sys
Cnprov.sys is a part of Baidu rootkit toolbar.
Kill the file cnprov.sys and remove cnprov.sys from Windows startup using RegRun Reanimator.
http://www.regrun.com

cnscheck001.dll
Cnscheck001.dll is Troj/LegMir-AHT.
Read more:
http://www.sophos.co.uk/security/analyse...
Kill the file Cnscheck001.dll and remove Cnscheck001.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cnwin.dll
Cnwin.dll is Trojan/Backdoor.
Kill the file cnwin.dll and remove cnwin.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cnxxqoa.exe
Cnxxqoa.exe is Trojan/Backdoor.
Kill the process cnxxqoa.exe and remove cnxxqoa.exe from Windows startup.

codbot.exe
Codbot.exe is Trojan/Backdoor.
Read more:
http://www.castlecops.com/p990663-codbot...
Kill the process codbot.exe and remove codbot.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

colorids4.exe
COLORIDS4.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqadbb7...
Kill the process COLORIDS4.EXE and remove COLORIDS4.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

colwindos.exe
COLWINDOS.EXE is W32/Rbot-GQO.
Read more:
http://www.sophos.com/security/analyses/...
Kill the process COLWINDOS.EXE and remove COLWINDOS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

com4.exe
Com4.exe is Adware.Linkoptimizer.
Read more:
http://virusinfo.prevx.com/pxparall.asp?...
Kill the process com4.exe and remove com4.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

com7.exe
Com7.exe is Trojan Rolca.
Read more:
http://virusinfo.prevx.com/pxparall.asp?...
Kill the process com7.exe and remove com7.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

com9.exe
Com9.exe is Trojan.Win32.Agent.vp.
Kill the process com9.exe and remove com9.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

comaclient.exe
Remote Access

combyte.dll
Combyte.dll is Backdoor.ServU-based.
Read more:
http://www3.ca.com/securityadvisor/pest/...
Kill the file combyte.dll and remove combyte.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

comclg32.dll
Comclg32.dll is RBCalc rootkit.
Kill the file comclg32.dll and remove comclg32.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com
Read more about RBCalc rootkit:
http://www.checkraised.com/site/apps/rbc...

comdlg77.dll
Comdlg77.dll is Troj/AsdfBot-A.
Read more:
http://www.sophos.com/security/analyses/...
Kill the file comdlg77.dll and remove comdlg77.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

comdlj32.dll
Comdlj32.dll is Troj/Agent-CBB.
Read more:
http://www.sophos.com/security/analyses/...
Kill the file comdlj32.dll and remove comdlj32.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

comet.exe
Comet.exe is a Spyware.CometCursor.
Comet.exe is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill comet.exe process and remove svthx.exe from Windows startup using RegRun Startup Optimizer.

comine.exe
We suggest you to remove comine.exe from your computer as soon as possible.
Comine.exe is Trojan.Mdropper.T.
Trojan.Mdropper.T is a Trojan horse that drops another threat on to the compromised computer by exploiting the unpatched Microsoft Word Unspecified Remote Code Execution Vulnerability (BID 21451).
Read more:
http://www.symantec.com/security_respons...
Kill the process comine.exe and remove comine.exe from Windows startup.

comita.dll
Comita.dll is Trojan/Backdoor.
Kill the file comita.dll and remove comita.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

comlm.dll
COMLM.DLL is a Trojan Backdoor.Lingosky.
COMLM.DLL steals confidential system information.
Related files:
VGX16.DLL
COMLM.DLL
%ProgramFiles%\Common Files\Microsoft\VGX\VGX32.dll
%Windir%\Temp\~ifpw.dat
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove COMLM.DLL from Windows startup using RegRun Startup Optimizer.

command.exe
Steals passwords / AOL trojan
Alters Win.ini and System.ini. Steals passwords from AOL accounts and sends them one of several hotmail addresses.

command32.exe.vbs
VBS.Nevesc virus
It spreads via IRC channels.
Executes
C:windows\shell32.vbs
or
C:\Program Files\Internet Explorer\Plugins\command32.exe.vbs
Kill it.

commando.exe
Commando.exe is a worm W32.Incef.
Commando.exe spreads via open network shares and mIRC.
Related files:
%Windir%\WinExec.exe
%Windir%\shared\aim_hack.exe
%Windir%\shared\msn_crack.exe
%Windir%\shared\icq_hack.exe
%Windir%\shared\ftp_crack.exe
%Windir%\shared\XP_keygen.exe
%Windir%\commad.pif
%Windir%\srvwin.scr
%System%\WinUpdate.exe
%System%\Winsys.exe
C:\commando.exe
C:\comand.scr
Adds the value:
"WinExec" = "%Windir%\WinExec.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill commando.exe process and remove commando.exe from Windows startup using RegRun Startup Optimizer.

commands.exe
Commands.exe is Trojan/Backdoor.
Kill the process commands.exe and remove commands.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

commdlg.vbs
Moridin
This is a multi-platform virus infecting Win32 systems.
The virus infects Win32 executable files, MS Word documents, and spreads via e-mail through IRC channels as well as infecting the local network.
The virus also has Backdoor ability:
- opens and closes CD door
- downloads and spawns a file
- terminates itself (backdoor routine)
- displays a message, the message box headline contains some text

The virus can be found in several forms:
- infected PE EXE file
- EXE helper
- infected Word documents
- VBS script
- IRC sctiprs
While spreading via e-mail through the network and IRC channels, the worm names its copies as: CRACK.EXE, PACKED.EXE, SETUP.EXE, NETX.EXE, and INIT.EXE.

The COMMDLG.VBS file contains VBScript that spreads the virus on the Internet via e-mail messages by connecting to MS Outlook, obtains all addresses from the Address Book and sends its copy (the PACKED.EXE file) here attached to the message.
The virus then modifies the system registry keys.
The virus deletes the following anti-virus data files:
CHKLIST.MS CHKLIST.DAT CHKLIST.CPS CHKLIST.TAV AGUARD.DAT AVGQT.DAT ANTI-VIR.DAT SMARTCHK.MS SMARTCHK.CPS IVP.NTZ AVP.CRC
The virus also disables the macro-virus protection in the system registry, as well as looks for anti-virus memory resident programs and terminates them:
AVP Monitor
Amon Antivirus Monitor
Norton AntiVirus Auto-Protect Trial Version
Norton AntiVirus Auto-Protect

Use RegRun Startup Optimizer to remove it from startup.

commert.dll
Commert.dll is Trojan/Backdoor.
Kill the file commert.dll and remove commert.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

commgr.dll
Commgr.dll is Trojan/Backdoor.
Kill the file commgr.dll and remove commgr.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

common.dll
Common.dll is an adware program Adware.Websearch.
Common.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
common.dll
IExploreSkins.exe
PIB.exe
QDow_AS2.dll
setupex.exe
TBPS.exe
toolbar.dll
WSG.exe
WSup.exe
WToolsA.exe
WToolsB.dll
WToolsS.exe
btiein.dll
websearch.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove common.dll from Windows startup using RegRun Startup Optimizer.

commserv.exe
Commserv.exe is Trojan/Backdoor.
Kill the process commserv.exe and remove commserv.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

commutil.dll
Commutil.dll is Backdoor.Olourk.
This threat may arrive as a Microsoft Word document that exploits a known vulnerability in Microsoft Office to execute code that drops an embedded executable windws.exe.
When windws.exe is executed, it copies itself as %Windir%\csrss.exe.
Read more:
http://www.symantec.com/enterprise/secur...
Kill the file commutil.dll and remove commutil.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

comonbaby.exe
Comonbaby.exe is Trojan/Backdoor.
Kill the process comonbaby.exe and remove comonbaby.exe from Windows startup.

compiled.exe
Remote Access

compiler.exe
Remote Access

comploader.dll
Comploader.dll is Trojan/Backdoor.
Kill the file comploader.dll and remove comploader.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

compq32.exe
Compq32.exe is Trojan/Backdoor.
Kill the process compq32.exe and remove compq32.exe from Windows startup.

compstuia.dll
COMPSTUIA.DLL is Trojan-Downloader.Win32.Delf variant - a member of the CoolWebSearch family.
Kill the file COMPSTUIA.DLL and remove COMPSTUIA.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

compstuic.dll
Compstuic.dll is Trojan-Downloader.Win32.Delf.
Kill the file compstuic.dll and remove compstuic.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

compx32.exe
Compx32.exe is Trojan/Backdoor.
Kill the process compx32.exe and remove compx32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

comserv.exe
Remote Access

comuld.dll
COMULD.DLL is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqaf9d6...
Kill the file COMULD.DLL and remove COMULD.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

comunicazioni.vb.dll
COMUNICAZIONI.VB.DLL is Trojan/Backdoor.
Read moe:
http://fileinfo.prevx.com/adware/qqdaf25...
Kill the file COMUNICAZIONI.VB.DLL and remove COMUNICAZIONI.VB.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

comutil.dll
Comutil.dll is a Spyware.CometCursor.
Comutil.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove comutil.dll from Windows startup using RegRun Startup Optimizer.

comxt
Trojan.Comxt.
Creates
C:\:ddesvr [alternate data stream]
Creates the service:
comxt
Hides the service and its keys from user by patching Windows API.
Downloads their updates and store them to %Windir%\temp\2.tmp.
Executes the file as C:\:2.bin [alternate data stream].
Suggest to use UnHackMe to remove this rootkit.

confag.exe
confag.exe is a Trojan.Gatto-A.
confag.exe downloads code from the internet.
More info:
http://www.sophos.com/virusinfo/analyses...
Removal:
Kill confag.exe process and remove confag.exe from Windows startup using RegRun Startup Optimizer.

confbrw.dll
Confbrw.dll is W32/Stration-CD.
Related files:
%SysDir%\brwconf.exe
%SysDir%\brwmgr32.dll
%SysDir%\brwperf.exe
%SysDir%\brwprf32.dll
%SysDir%\brwstat.dll
%SysDir%\confbrw.dll
Read more:
http://www.sophos.com/security/analyses/...
Kill the file confbrw.dll and remove confbrw.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

confgldr.exe
W32.Gaobot.gen!poly is a worm that attempts to spread through network shares with weak passwords and allows attackers to access
an infected computer using a specific IRC channel.
Allows an attacker to remotely control a compromised computer and perform any of the following actions:
- Download and execute files
- Steal system information
- Harvest email addresses
- Steal CD keys for various games

Also Known As: W32.HLLW.Polybot, Phatbot, W32/Polybot.l!irc [McAfee], WORM_AGOBOT.HM [Trend], Backdoor.Agobot.hm [Kaspersky]

Copies itself as one of the following files:
%System%\soundman.exe
%System%\confgldr.exe
%System%\spoolsvc.exe

Adds one of the following values:
"^`d}qZxu" = "~`d}qzxu3zYF"
"Configuration Loader"="confgldr.exe"
"Video Process"="sysconf.exe"
"Service Host Process"="spoolsvc.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Creates a service for the worm with one of the following names and sets it to automatically run on startup:
Configuration Loader, SoundMan, Service Host Process

Hides all the files that contain the word "soun."

May change the %System%\drivers\etc\hosts file with some lines.
Attempt to spread to other systems by exploiting vulnerabilities.
Ends processes associated with antivirus and firewall software.
Attempts to delete the files and registry values associated with other worms.

Use RegRun Startup Optimizer to remove it from startup.
For more information to locate and remove this worm, see on
http://securityresponse.symantec.com/avc...

confi.exe
Confi.exe is W32.Lecna.H.
W32.Lecna.H is a worm that spreads by copying itself to mapped drives. It also opens a back door and may download potentially malicious code on to the compromised computer.
Related files:
%System%\AUTORUN.INF
%System%\confi.exe
%System%\Config.ini
%System%\Recycler.exe
%System%\uninstx.exe
%System%\keyvect.dll
%System%\netscv.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process confi.exe and remove confi.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

configuration.exe
Remote Access / Downloading trojan
The default file downloaded by the trojan is The Infector (they are written by the same person). This could easily be changed to any file anywhere on the Web. The perpetrator just enter the URL where the wanted trojan is, and his ICQ UIN to receive notification when the infected user is online. The sender is able to destroy WebDownloader after it has downloaded its trojan file.

configurator.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

conftroj.exe
Remote Access

confusearch.dll
This is browser spyware: Confusearch.
After running the CISVC32.exe it creates ConfuSearch.dll and
STRAd32.dll in the %SysDir% folder (where %SysDir% is the the Widnows
System(for Windows 95/98/Me) or System32 folder(for Windows
NT4/2000/XP).
CISVC32.exe registers both DLLs in th registry.
STRAd32.dll is the Browser Helper Object. It's used for logging
visited pages.
Adds the sub-key {1433F750-E53F-11D8-9669-0800200C9A66} to:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

ConfuSearch.dll - URL search hook object.
Adds the sub-key {D7CD08F0-D691-11D8-9669-0800200C9A66} to the :
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
It sends the user search requests to the:
http://www.dnscaching.net/search/?q=

Creates the keys:
HKCR\TypeLib\{D7CD08E1-D691-11D8-9669-0800200C9A66}
HKCR\TypeLib\{1433F742-E53F-11D8-9669-0800200C9A66}
HKCR\CLSID\{1433F750-E53F-11D8-9669-0800200C9A66}
HKCR\Interface\{1433F74F-E53F-11D8-9669-0800200C9A66}

To remove it you need to unregister both DLL's.
Run the command:
regsvr32 /u STRAd32.dll
regsvr32 /u ConfuSearch.dll

Delete other registry keys using regedit (it's not necessary).

conime.exe
Conime.exe is BFGhost 1.0 Remote administration backdoor tool.
Kill the process conime.exe and remove conime.exe from Windows startup using RegRun.
www.regrun.com

connection.exe
Remote Access / Virus dropper / Virus
Virusserver actually binds to other .exe files by infecting them.

connectionservices.dll
We suggest you to remove CONNECTIONSERVICES.DLL from your computer as soon as possible.
CONNECTIONSERVICES.DLL is Trojan/Backdoor.
Kill the file CONNECTIONSERVICES.DLL and remove CONNECTIONSERVICES.DLL from Windows startup.

connmie.exe
Connmie.exe is Trojan/Backdoor.
Kill the process connmie.exe and remove connmie.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

conscorr.exe
TrojanDownloader.Win32.Stubby.c downloader. This process usually comes bundled with a virus and its main role is to do nothing other than download other viruses to your computer. It is a registered security risk and should be removed immediately.

consmsls.dll
Consmsls.dll is W32/Stratio-E.
Related files:
%System%\consmsls.dll
%System%\dispregs.dll
%System%\icmuwmau.dat
%System%\icmuwmau.dll
%System%\icmuwmau.exe
%System%\vvrtusrf.exe
Read more:
http://www.sophos.com/security/analyses/...
Kill the file consmsls.dll and remove consmsls.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

conspawn.exe
Conspawn.exe is Magic Packet software.
Magic Packet might be used in planning an attack on a system, developing tools for such an attack, or performing it.
Read more:
http://www3.ca.com/securityadvisor/pest/...
Kill the process conspawn.exe and remove conspawn.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

consulta_universo_local.exe.exe
CONSULTA_UNIVERSO_LOCAL.EXE.EXE is Trojan.ADIRSS.
Read more:
http://fileinfo.prevx.com/fileinfo.asp?P...
Kill the process CONSULTA_UNIVERSO_LOCAL.EXE.EXE and remove CONSULTA_UNIVERSO_LOCAL.EXE.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

contexapp.exe
Contexapp.exe is Trojan/Backdoor.
Kill the process contexapp.exe and remove contexapp.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

contextplus.exe
Contextplus.exe is Adware.
www.contextplus.com
Kill the process contextplus.exe and remove contextplus.exe from Windows startup.
http://www.superadblocker.com/definition...

contravirus.exe
CONTRAVIRUS.EXE is Trojan/Backdoor.
Read more:
http://www.fileresearchcenter.com/C/CONT...
Kill the process CONTRAVIRUS.EXE and remove CONTRAVIRUS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

control64.exe
Control64.exe is Trojan/Backdoor.
Kill the process control64.exe and remove control64.exe from Windows startup.

contrware.exe
ContrWare.exe is a part of ContrWare software.
ContrWare is a misleading application that may give exaggerated reports of threats on the computer.
Related files:
%UserProfile%\Start Menu\Programs\ContrWare\ContrWare.lnk
%UserProfile%\Start Menu\Programs\ContrWare\Uninstall.lnk
%ProgramFiles%\ContrWare\ContrWare.exe
%ProgramFiles%\ContrWare\Uninstall.exe
Related directory:
%UserProfile%\Application Data\ContrWare
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process ContrWare.exe and remove ContrWare.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

conveur2.exe
CONVEUR2.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq87776...
Kill the process CONVEUR2.EXE and remove CONVEUR2.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cooler1.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

cooler3.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

copier.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

copy.exe
Copy.exe is Trojan that could infect the corporate network with a virus by GPS devices.
Related files:
host.exe
temp1.exe
temp2.exe
Read more:
http://searchmobilecomputing.techtarget....,289142,sid40_gci1241452,00.html
Kill the process copy.exe and remove copy.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

copypad32.exe
Copypad32.exe is Trojan/Backdoor.
Kill the process copypad32.exe and remove copypad32.exe from Windows startup.

corelnetwork.exe
Corelnetwork.exe is Trojan/Backdoor.
Related files:
1 :%WINDIR%\CANONSPEED.EXE
2 :%WINDIR%\CANONUTILITY.EXE
3 :%WINDIR%\CANON-UTILITY.EXE
4 :%WINDIR%\CISCO-FLASH.EXE
5 :%WINDIR%\COMPAQCHECKER.EXE
6 :%WINDIR%\COMPAQSPEED.EXE
7 :%WINDIR%\COMPAQUTILITY.EXE
8 :%WINDIR%\LEXMARKCHECKER.EXE
9 :%WINDIR%\LEXMARKSERVICE.EXE
10:%WINDIR%\LOTUSNETWORK.EXE
11:%WINDIR%\LOTUSTOOL.EXE
12:%WINDIR%\MACROMEDIACHECKER.EXE
13:%WINDIR%\MACROMEDIALAN.EXE
14:%WINDIR%\MACROMEDIAMONITOR.EXE
15:%WINDIR%\MACROMEDIA-SENSOR.EXE
Read more:
http://spywarefiles.prevx.com/RRHJCJ2777...
Kill the process corelnetwork.exe and remove corelnetwork.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

corrida.exe
Corrida.exe is Trojan/Backdoor related to WareOut paarsite.
Kill the process corrida.exe and remove corrida.exe from Windows startup.
http://www.doxdesk.com/parasite/WareOut....

cowclient.exe
Remote Access

cowserver.exe
Remote Access

cpanel.exe
Cpanel.exe is a Spyware.IamBigBrother.
Cpanel.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
cpanel.exe
nl.exe
ctl3d32.dll
winl.dll
dmm.dll
ma.exe
%System%\DOM.dll
%System%\DartFtp.dll
%System%\DartSock.dll
%System%\EncodeX.dll
%System%\MabryObj.dll
%System%\MimeX.dll
%System%\SmtpX.DLL
%Windir%\cp.exe
Adds the value:
"Windows System Tray" = "[PATH TO SECURITY RISK]"
"Windows Service Manager" = "[PATH TO SECURITY RISK]"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cpanel.exe process and remove cpanel.exe from Windows startup using RegRun Startup Optimizer.

cpmrotate.dll
Cpmrotate.dll is AdRotator/IconAds Adware.
Related files:
%local_settings%\ temp\ 11-9df8e247b1ab6e4ea9303b15294a3428.exe
%local_settings%\ temp\ s11k..exe
%PROGRAM_FILES%\ COMMON FILES\ SLMSS\ slmss.exe
%SYSTEM%\ adrot-uninst.exe
%SYSTEM%\ adrotate.dll
%SYSTEM%\ adrotate1.dll
%system%\ adspipe.dll
%SYSTEM%\ brrotate.dll
%system%\ cpmrotate.dll
%SYSTEM%\ drivers\ csrss.exe
%system%\ mwsvm.exe
%system%\ mwsvm.ocx
%SYSTEM%\ nodeipproc.dll
%SYSTEM%\ uninsticn.exe
Read more:
http://research.sunbelt-software.com/thr...
Kill the file cpmrotate.dll and remove cpmrotate.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cprwsnt.exe
Cprwsnt.exe is Trojan/Backdoor.
Kill the process cprwsnt.exe and remove cprwsnt.exe from Windows startup.

cpu.dll
Cpu.dll is a mass-mailing worm W32.Chod@mm.
The backdoor cpu.dll tries to terminate antiviral programs installed on a user computer.
The cpu.dll spreads by e-mail, through MSN messenger and via IRC channel.
Backdoor cpu.dll monitors user Internet activity and passwords.
It sends stolen data to a hacker site.
Related files:
%System%\cpu.dll
%System%\[random folder name]\csrss.dat
%System%\[random folder name]\csrss.exe
%System%\[random folder name]\csrss.ini
%StartMenu%\Programs\Startup\csrss.lnk
More info:
http://securityresponse.symantec.com/avc...
Removal: Remove cpu.dll from Windows startup using RegRun Startup Optimizer.

cpush.dll
Cpush.dll is Sogou.Toolbar adware.
Read more:
http://www.symantec.com/enterprise/secur...
Kill the file cpush.dll and remove cpush.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cpycontrol.exe
CPYCONTROL.EXE is Dropper.Payload.
Read more:
http://fileinfo.prevx.com/adware/qqc19b7...
Kill the process CPYCONTROL.EXE and remove CPYCONTROL.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

crad.exe
Ntww.exe is dangerous Trojan/Backdoor.
Ntww.exe changes IE home page to www.v61.com.
Trojan runs a lot of its copies to make the removal hard.
Remove it using RegRun Startup Optmizer to get rid all processes at the same time.
[sdkfr32.exe] C:\WINDOWS\sdkfr32.exe
[mfcyp.exe] C:\WINDOWS\mfcyp.exe
[netrt.exe] C:\WINDOWS\netrt.exe
[ntww.exe] C:\WINDOWS\ntww.exe
[ntdf32.exe] C:\WINDOWS\system32\ntdf32.exe
[ntbw32.exe] C:\WINDOWS\ntbw32.exe
[crbn32.exe] C:\WINDOWS\system32\crbn32.exe
[sdkpn32.exe] C:\WINDOWS\sdkpn32.exe
[d3dl.exe] C:\WINDOWS\d3dl.exe
[mfcod.exe] C:\WINDOWS\mfcod.exe
[apiel.exe] C:\WINDOWS\system32\apiel.exe
[ntxo32.exe] C:\WINDOWS\ntxo32.exe
[atlag.exe] C:\WINDOWS\atlag.exe
[mszo32.exe] C:\WINDOWS\system32\mszo32.exe
[d3qk.exe] C:\WINDOWS\d3qk.exe
[javahd32.exe] C:\WINDOWS\system32\javahd32.exe
[appds32.exe] C:\WINDOWS\appds32.exe
[apipp.exe] C:\WINDOWS\system32\apipp.exe
[mfcnn.exe] C:\WINDOWS\mfcnn.exe
[mfckl.exe] C:\WINDOWS\system32\mfckl.exe
[netlc.exe] C:\WINDOWS\system32\netlc.exe
[atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
[addtm32.exe] C:\WINDOWS\system32\addtm32.exe
[crad.exe] C:\WINDOWS\crad.exe
[javapt.exe] C:\WINDOWS\system32\javapt.exe
[javauu32.exe] C:\WINDOWS\javauu32.exe
[d3yp.exe] C:\WINDOWS\system32\d3yp.exe
[crwo32.exe] C:\WINDOWS\crwo32.exe
[ieim32.exe] C:\WINDOWS\system32\ieim32.exe
[sysyu.exe] C:\WINDOWS\sysyu.exe
[mfcrr.exe] C:\WINDOWS\system32\mfcrr.exe
[atlfg.exe] C:\WINDOWS\system32\atlfg.exe
[winvr32.exe] C:\WINDOWS\winvr32.exe
[iebp.exe] C:\WINDOWS\system32\iebp.exe
[ipyn.exe] C:\WINDOWS\ipyn.exe
[mspm.exe] C:\WINDOWS\mspm.exe
[javaee.exe] C:\WINDOWS\system32\javaee.exe
[addfm32.exe] C:\WINDOWS\addfm32.exe
[addrs.exe] C:\WINDOWS\addrs.exe
[crfy.exe] C:\WINDOWS\system32\crfy.exe
[crrd.exe] C:\WINDOWS\crrd.exe
[apptr32.exe] C:\WINDOWS\system32\apptr32.exe
[d3wk.exe] C:\WINDOWS\d3wk.exe
[apilk32.exe] C:\WINDOWS\apilk32.exe
[iedm.exe] C:\WINDOWS\system32\iedm.exe
[javagm.exe] C:\WINDOWS\system32\javagm.exe
[ntjw32.exe] C:\WINDOWS\ntjw32.exe
[netdo32.exe] C:\WINDOWS\netdo32.exe
[sysuc32.exe] C:\WINDOWS\system32\sysuc32.exe
[sdknd32.exe] C:\WINDOWS\system32\sdknd32.exe
[addko.exe] C:\WINDOWS\addko.exe
[mfcdh32.exe] C:\WINDOWS\system32\mfcdh32.exe
[sdkij32.exe] C:\WINDOWS\system32\sdkij32.exe
[msen.exe] C:\WINDOWS\system32\msen.exe
[msug.exe] C:\WINDOWS\msug.exe
[crkf32.exe] C:\WINDOWS\crkf32.exe
[winqj.exe] C:\WINDOWS\system32\winqj.exe
[sysgh32.exe] C:\WINDOWS\sysgh32.exe
[d3ud32.exe] C:\WINDOWS\d3ud32.exe
[netnm.exe] C:\WINDOWS\system32\netnm.exe
[apihs32.exe] C:\WINDOWS\system32\apihs32.exe
[addfp.exe] C:\WINDOWS\addfp.exe
[sdkqf32.exe] C:\WINDOWS\sdkqf32.exe
[crpn32.exe] C:\WINDOWS\system32\crpn32.exe
[netae.exe] C:\WINDOWS\netae.exe
[iewb.exe] C:\WINDOWS\system32\iewb.exe
[addkz32.exe] C:\WINDOWS\system32\addkz32.exe
[ipdv.exe] C:\WINDOWS\ipdv.exe
[ntqs32.exe] C:\WINDOWS\system32\ntqs32.exe
[winoo.exe] C:\WINDOWS\system32\winoo.exe
[ipwi.exe] C:\WINDOWS\system32\ipwi.exe
[atlzb.exe] C:\WINDOWS\atlzb.exe
[sysss.exe] C:\WINDOWS\sysss.exe
[appfh32.exe] C:\WINDOWS\appfh32.exe
[sysyh.exe] C:\WINDOWS\sysyh.exe
[msge.exe] C:\WINDOWS\system32\msge.exe

crar.exe
Crar.exe is RBOT worm.
Read more:
http://www.spywaredata.com/spyware/threa...
Kill the process crar.exe and remove crar.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crazzynet375.exe
Remote Access / Steals passwords
Alters Win.ini and System.ini. Comes with a NetScanner to help finfing infected PCs.

crazzynet50.exe
Remote Access / Steals passwords
Alters Win.ini and System.ini. Comes with a NetScanner to help finfing infected PCs.

crbizf.dll
Crbizf.dll is WORM_NSPM.JS.
Related files:
%System%\kavo.exe - copy of itself
%System%\kavo0.dll - detected by Trend Micro as TROJ_NSPM.VY
%System%\wincab.sys
%User Temp%\crbizf.dll - detected as TROJ_NSPM.VY
Read more:
http://www.trendmicro.com/vinfo/virusenc...
Kill the file crbizf.dll and remove crbizf.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

crbn32.exe
Ntww.exe is dangerous Trojan/Backdoor.
Ntww.exe changes IE home page to www.v61.com.
Trojan runs a lot of its copies to make the removal hard.
Remove it using RegRun Startup Optmizer to get rid all processes at the same time.
[sdkfr32.exe] C:\WINDOWS\sdkfr32.exe
[mfcyp.exe] C:\WINDOWS\mfcyp.exe
[netrt.exe] C:\WINDOWS\netrt.exe
[ntww.exe] C:\WINDOWS\ntww.exe
[ntdf32.exe] C:\WINDOWS\system32\ntdf32.exe
[ntbw32.exe] C:\WINDOWS\ntbw32.exe
[crbn32.exe] C:\WINDOWS\system32\crbn32.exe
[sdkpn32.exe] C:\WINDOWS\sdkpn32.exe
[d3dl.exe] C:\WINDOWS\d3dl.exe
[mfcod.exe] C:\WINDOWS\mfcod.exe
[apiel.exe] C:\WINDOWS\system32\apiel.exe
[ntxo32.exe] C:\WINDOWS\ntxo32.exe
[atlag.exe] C:\WINDOWS\atlag.exe
[mszo32.exe] C:\WINDOWS\system32\mszo32.exe
[d3qk.exe] C:\WINDOWS\d3qk.exe
[javahd32.exe] C:\WINDOWS\system32\javahd32.exe
[appds32.exe] C:\WINDOWS\appds32.exe
[apipp.exe] C:\WINDOWS\system32\apipp.exe
[mfcnn.exe] C:\WINDOWS\mfcnn.exe
[mfckl.exe] C:\WINDOWS\system32\mfckl.exe
[netlc.exe] C:\WINDOWS\system32\netlc.exe
[atlyi32.exe] C:\WINDOWS\system32\atlyi32.exe
[addtm32.exe] C:\WINDOWS\system32\addtm32.exe
[crad.exe] C:\WINDOWS\crad.exe
[javapt.exe] C:\WINDOWS\system32\javapt.exe
[javauu32.exe] C:\WINDOWS\javauu32.exe
[d3yp.exe] C:\WINDOWS\system32\d3yp.exe
[crwo32.exe] C:\WINDOWS\crwo32.exe
[ieim32.exe] C:\WINDOWS\system32\ieim32.exe
[sysyu.exe] C:\WINDOWS\sysyu.exe
[mfcrr.exe] C:\WINDOWS\system32\mfcrr.exe
[atlfg.exe] C:\WINDOWS\system32\atlfg.exe
[winvr32.exe] C:\WINDOWS\winvr32.exe
[iebp.exe] C:\WINDOWS\system32\iebp.exe
[ipyn.exe] C:\WINDOWS\ipyn.exe
[mspm.exe] C:\WINDOWS\mspm.exe
[javaee.exe] C:\WINDOWS\system32\javaee.exe
[addfm32.exe] C:\WINDOWS\addfm32.exe
[addrs.exe] C:\WINDOWS\addrs.exe
[crfy.exe] C:\WINDOWS\system32\crfy.exe
[crrd.exe] C:\WINDOWS\crrd.exe
[apptr32.exe] C:\WINDOWS\system32\apptr32.exe
[d3wk.exe] C:\WINDOWS\d3wk.exe
[apilk32.exe] C:\WINDOWS\apilk32.exe
[iedm.exe] C:\WINDOWS\system32\iedm.exe
[javagm.exe] C:\WINDOWS\system32\javagm.exe
[ntjw32.exe] C:\WINDOWS\ntjw32.exe
[netdo32.exe] C:\WINDOWS\netdo32.exe
[sysuc32.exe] C:\WINDOWS\system32\sysuc32.exe
[sdknd32.exe] C:\WINDOWS\system32\sdknd32.exe
[addko.exe] C:\WINDOWS\addko.exe
[mfcdh32.exe] C:\WINDOWS\system32\mfcdh32.exe
[sdkij32.exe] C:\WINDOWS\system32\sdkij32.exe
[msen.exe] C:\WINDOWS\system32\msen.exe
[msug.exe] C:\WINDOWS\msug.exe
[crkf32.exe] C:\WINDOWS\crkf32.exe
[winqj.exe] C:\WINDOWS\system32\winqj.exe
[sysgh32.exe] C:\WINDOWS\sysgh32.exe
[d3ud32.exe] C:\WINDOWS\d3ud32.exe
[netnm.exe] C:\WINDOWS\system32\netnm.exe
[apihs32.exe] C:\WINDOWS\system32\apihs32.exe
[addfp.exe] C:\WINDOWS\addfp.exe
[sdkqf32.exe] C:\WINDOWS\sdkqf32.exe
[crpn32.exe] C:\WINDOWS\system32\crpn32.exe
[netae.exe] C:\WINDOWS\netae.exe
[iewb.exe] C:\WINDOWS\system32\iewb.exe
[addkz32.exe] C:\WINDOWS\system32\addkz32.exe
[ipdv.exe] C:\WINDOWS\ipdv.exe
[ntqs32.exe] C:\WINDOWS\system32\ntqs32.exe
[winoo.exe] C:\WINDOWS\system32\winoo.exe
[ipwi.exe] C:\WINDOWS\system32\ipwi.exe
[atlzb.exe] C:\WINDOWS\atlzb.exe
[sysss.exe] C:\WINDOWS\sysss.exe
[appfh32.exe] C:\WINDOWS\appfh32.exe
[sysyh.exe] C:\WINDOWS\sysyh.exe
[msge.exe] C:\WINDOWS\system32\msge.exe

crbp32.exe
Crbp32.exe is Trojan.Win32.Agent.bi.
Read more:
http://www.viruslist.com/en/viruses/ency...
Kill the process crbp32.exe and remove crbp32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crce.exe
Crce.exe is Trojan/Backdoor Backdoor.Win32.Small.dc.
Kill the process crce.exe and remove crce.exe from Windows startup.

crcg32.exe
Crcg32.exe is Trojan/Backdoor.
Kill the process crcg32.exe and remove crcg32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crcss.exe
Crcss.exe is Trojan/Backdoor.
Kill the process crcss.exe and remove crcss.exe from Windows startup.
http://www.sophos.com/virusinfo/analyses...

creader.exe
We suggest you to remove creader.exe from your computer as soon as possible.
Creader.exe is a part of PerformanceOptimizer software.
PerformanceOptimizer is a misleading application that reports false errors on the computer.
Related files:
%UserProfile%\Start Menu\Programs\Performance Optimizer\Documentation\Documentation.lnk
%UserProfile%\Start Menu\Programs\Performance Optimizer\Documentation\ReadMe.doc.lnk
%UserProfile%\Start Menu\Programs\Performance Optimizer\Performance Optimizer Home Page.lnk
%UserProfile%\Start Menu\Programs\Performance Optimizer\Performance Optimizer.lnk
%UserProfile%\Start Menu\Programs\Performance Optimizer\Sellmosoft Home Page.lnk
%UserProfile%\Start Menu\Programs\Performance Optimizer\Uninstall Performance Optimizer.lnk
%ProgramFiles%\Performanceoptimizer (Free)\creader.exe
%ProgramFiles%\Performanceoptimizer (Free)\inst.imd
%ProgramFiles%\Performanceoptimizer (Free)\pcid.exe
%ProgramFiles%\Performanceoptimizer (Free)\PerfOpt.chm
%ProgramFiles%\Performanceoptimizer (Free)\PerfOpt.exe
%ProgramFiles%\Performanceoptimizer (Free)\Performance Optimizer Home Page.url
%ProgramFiles%\Performanceoptimizer (Free)\PoChk.exe
%ProgramFiles%\Performanceoptimizer (Free)\ReadMe.doc
%ProgramFiles%\Performanceoptimizer (Free)\Sellmosoft Home Page.url
%ProgramFiles%\Performanceoptimizer (Free)\sload.sbd
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data001.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data003.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data006.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data007.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data009.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data011.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data013.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data016.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data017.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data020.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data023.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data027.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data030.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data031.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data033.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data040.reg
%ProgramFiles%\Performanceoptimizer (Free)\Tweaks\data042.reg
%ProgramFiles%\Performanceoptimizer (Free)\uninstpo.exe
Read more:
http://www.symantec.com/business/securit...
Kill the process creader.exe and remove creader.exe from Windows startup.

creadisk.exe
Remote Access

crfmon.exe
Crfmon.exe is Trojan/Backdoor.
Kill the process crfmon.exe and remove crfmon.exe from Windows startup.

crgy32.exe
Crgy32.exe is Trojan/Virus.
Kill the Crgy32.exe process and remove it from Windows startup.

crhwn20.dll
Crhwn20.dll is Trojan/Backdoor.
Kill the file crhwn20.dll and remove crhwn20.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

critical volume.exe
CRITICAL VOLUME.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq8ecb5...
Kill the process CRITICAL VOLUME.EXE and remove CRITICAL VOLUME.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

criticalupdate.exe
CriticalUpdate.exe is an adware program Adware.Affilred.
CriticalUpdate.exe monitors user Internet activity.
Related files:
usbwin32.exe
C:\CriticalUpdate.exe
C:\cab.exe
C:\winsecure.exe
%Windir%\twain_32.exe
%Windir%\mshotfix.exe
%Windir%\msupdate.exe
%System%\security32.exe
%System%\iProtect.exe
%System%\axe.exe
%System%\inetconnect.dll
%System%\comnt32.dll.
Adds the value:
"MSUpdate" = "c:\criticalUpdate.exe"
"Microsoft Security Hot Fix Update" = "%SystemRoot%\mshotfix.exe"
"Microsoft Cab Manager" = "c:\exec.exe"
"Windows Security Manager" = "c:\winsecure.exe"
"Windows Security Update" = "%Windir%\security32.exe"
"Userinit" = "%System%\userinit.exe, %Windir%\iProtect.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill CriticalUpdate.exe process and remove CriticalUpdate.exe from Windows startup using RegRun Startup Optimizer.

crja32.exe
CRJA32.EXE is Trojan/Backdoor.
Kill the process CRJA32.EXE and remove CRJA32.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

crni32.exe
Crni32.exe is Trojan/Backdoor.
Kill the process crni32.exe and remove crni32.exe from Windows startup.

croy32.exe
Croy32.exe is Trojan/Backdoor Downloader Agent.
Kill the process croy32.exe and remove croy32.exe from Windows startup.

crp386.exe
Crp386.exe is Trojan/Backdoor.
Kill the process crp386.exe and remove crp386.exe from Windows startup.

crsreco.exe
Crsreco.exe is Adware BetterInternet.
Kill the process crsreco.exe and remove crsreco.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crsrs.exe
Crsrs.exe is Trojan/Backdoor Forbot-BP.
Kill the file crsrs.exe and remove crsrs.exe from Windows startup.
http://www.sophos.com/virusinfo/analyses...

crsrss.exe
Crsrss.exe is Trojan/Backdoor.
Kill the process crsrss.exe and remove crsrss.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crss.exe
Crss.exe is Trojan/Backdoor.
Kill the process crss.exe and remove crss.exe from Windows startup.
Related files for W32.HLLW.Nautic:
* NTDLL.exe
* Win32.exe
* Explore.exe
* Kernel32.exe
* krnl286.exe
* Dllhost32.exe
* MSTCP.exe
* CRSS.exe
* Winlogon32.exe
* Winsrvc.exe
* Ntoskrn.exe
* Vmm32.exe
* Sysmon.exe
* System32.exe
* Sys.exe
* Win.exe
* Rundil32.exe
* Msrvcp.exe
* Msgmsr.exe
* Mscde32.exe
* Regsvclib.exe
* Reg32.exe
* Registry32.exe
* Service.exe
* Rpcsrvc.exe
More info:
http://securityresponse.symantec.com/avc...

crsss.exe
Crsss.exe is W32.Spotface.A.
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process crsss.exe and remove crsss.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crsss32.exe
Crsss32.exe is Win32/Rbot Family.
Read more:
http://www3.ca.com/securityadvisor/virus...
Kill the process crsss32.exe and remove crsss32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crue32.exe
Crue32.exe is Trojan/Backdoor.
Kill the process crue32.exe and remove crue32.exe from Windows startup.

cruu.exe
CRUU.EXE is Spyware.Midaddle.
Read more:
http://virusinfo.prevx.com/pxparall.asp?...
Kill the process CRUU.EXE and remove CRUU.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

crvs.exe
Crvs.exe is CoolWeb Trojan.
Kill the process crvs.exe and remove crvs.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crvss.exe
Backdoor.Sdbot.AB
It is a Trojan horse program with backdoor capabilities that spreads to network shares and allows a remote attacker to gain unauthorized access to an infected computer.
Steals confidential information.
Attempts to access the network share folder $IPC.
If the network share folder is password-protected, the Trojan attempts to gain access using predefined user names and passwords.
Opens a backdoor by connecting to the IRC server newuslut.parited.net on TCP port 6564, and listening for commands from a remote attacker.
These commands may allow a remote attacker to perform some of the following actions:
- Perform a Denial of Service (DoS) attack against a target host
- Retrieve system information
- Connect to a URL
- Upload and download files
- Execute programs
- Log keystrokes
- Sniff network packets
- Conduct port scans against other computers
- Steal the Windows Product ID
- Steals CD keys for the different games

Manual removal:
Navigate to the keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Windows media service"="crvss.exe"

cryp32.dll
Cryp32.dll is Trojan/Backdoor.
Kill the file cryp32.dll and remove cryp32.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

crypph.dll
Crypph.dll is Trojan/Backdoor.
Kill the file crypph.dll and remove crypph.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

crypt32.exe
Crypt32.exe is Sober.D.
Read more:
http://antivirus.about.com/cs/allabout/a...
Kill the process crypt32.exe and remove crypt32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

crypt32chain.dll
crypt32chain.dll is a Trojan/Backdoor.
Removal:
Remove crypt32chain.dll from Windows startup using RegRun Startup Optimizer.

crypt32net.dll
Crypt32net.dll is Troj/Banworm-H.
Read more:
http://www.sophos.com/security/analyses/...
Kill the file crypt32net.dll and remove crypt32net.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cryptfg.exe
Cryptfg.exe is Trojan/Backdoor.
Kill the process cryptfg.exe and remove cryptfg.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cryptimg.dll
Cryptimg.dll is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq82fb7...
Kill the file cryptimg.dll and remove cryptimg.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

crypts.dll
Crypts.dll is Downloader-BAR.
Read more:
http://vil.nai.com/vil/content/v_141505....
Kill the file crypts.dll and remove crypts.dll from Windows startup using RegRun Reanimator.
http://www.regrun.com

cryptuue.exe
Steals passwords / ICQ trojan
Displays a Firework and simultanlously starts in the backround. Sends the passwords encrypted via e-mail

cs1sa1.dll
CS1SA1.DLL is Trojan/Backdoor.
Kill the file CS1SA1.DLL and remove CS1SA1.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

csapputil.dll
csapputil.dll is a Spyware.CometCursor.
csapputil.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csapputil.dll from Windows startup using RegRun Startup Optimizer.

csass.exe
W32/Rbot-DS is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
W32/Rbot-DS spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

Copies itself to the Windows System32 folder as CSASS.EXE and creates the following entries at these locations in the registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\
LanGuard Auto Updater = csass.exe

May also set the following registry keys:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = N
HKLM\SYSTEM\ControlSet001\Control\Lsa\restrictanonymous = 1
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = 1

It will allow a remote user to issue various remote commands such as launching DOS attacks, deleting remote shares and keylogging information.

Remove it with RegRun.

csband.dll
Csband.dll is a Spyware.CometCursor.
Csband.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csband.dll from Windows startup using RegRun Startup Optimizer.

csbho.dll
Csbho.dll is a Spyware.CometCursor.
Csbho.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csbho.dll from Windows startup using RegRun Startup Optimizer.

csble.exe
Csble.exe is Trojan/Backdoor.
Kill the process csble.exe and remove csble.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csbrange.dll
csbrange.dll is a Spyware.CometCursor.
csbrange.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csbrange.dll from Windows startup using RegRun Startup Optimizer.

cscore.dll
Cscore.dll is a Spyware.CometCursor.
Cscore.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove cscore.dll from Windows startup using RegRun Startup Optimizer.

cscss.exe
Cscss.exe is Trojan/Backdoor.
Kill the process cscss.exe and remove cscss.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csctx.dll
Csctx.dll is a Spyware.CometCursor.
Csctx.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csctx.dll from Windows startup using RegRun Startup Optimizer.

csddriver.sys
Csddriver.sys is Troj/Goldun-EE.
Related file:
\CsdDriver.sys
\UpperHost.dll
Read more:
http://www.sophos.com/security/analyses/...
Kill the file csddriver.sys and remove csddriver.sys from Windows startup using RegRun Reanimator.
http://www.regrun.com

cseng.dll
Cseng.dll is a Spyware.CometCursor.
Cseng.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove cseng.dll from Windows startup using RegRun Startup Optimizer.

cserv32.exe
Cserv32.exe is W32.Stration.EC@mm.
Related files:
%Windir%\cserv32.exe
%Windir%\cserv32.dat
%Windir%\cserv32.wax
%System%\e1.dll
%System%\[10 RANDOM CHARACTERS].exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process cserv32.exe and remove cserv32.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cserver.exe
Remote Access
Includes the LookItUp-tool to test a server host for infection.

csietb.dll
Csietb.dll is a Spyware.CometCursor.
Csietb.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csietb.dll from Windows startup using RegRun Startup Optimizer.

csinst.dll
Csinst.dll is a Spyware.CometCursor.
Csinst.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csinst.dll from Windows startup using RegRun Startup Optimizer.

csinstall.exe
Csinstall.exe is an adware program Adware.CashSaver.
Csinstall.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
csinstall.exe
%System%\mscsclient.exe
%System%\cashsaverbho.dll
%System%\csuninstall.exe
%System%\56171D04\E5C5BDB4.exe
%System%\csupdate.info
%System%\mscsclient.ekw
Adds the value:
"00D34A52" = "%System%\56171D04\E5C5BDB4.exe"
"MSCSCLIENT" = "%System%\mscsclient.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill csinstall.exe process and remove csinstall.exe from Windows startup using RegRun Startup Optimizer.

csipx.exe
Csipx.exe is Trojan/Backdoor.
Kill the process csipx.exe and remove csipx.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csmctrl32.exe
Remote Access / ICQ trojan
Sockets des Troie is French for Trojan Sockets and was one of the very first Remote Access trojans being published.

csrns.exe
CSRNS.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqc4587...
Kill the process CSRNS.EXE and remove CSRNS.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrrs.exe
Gaobot Trojan.
Spreads in local network via open shares.
Also it uses DCOM RPC vulnerability (135,445 ports) and WebDav vulnerability (port 80).
Allows to control the victim computer by IRC.
Terminates well known antiviral software.
Removal:
install the patches from Microsoft:
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
Set the strong passwords for network shares.
Use RegRun "Terminate" feature to erase the virus body files.
They are located in Windows\System32 folder.
Cavapsvc.exe
Csrrs.exe
Cvhost.exe
DIIhost.exe (with capital letter 'i')
Dosrun32.exe
Dos32.exe
Lsas.exe
Regloadr.exe
Schost.exe
Scvhost.exe
Service.exe
Servicess.exe
Sochost.exe
Swchost.exe
System.exe
Update.exe
Wdrun32.exe
Winhlpp32.exe
Winreg.exe
Winupdsdgm.exe

Free removal tool:
http://securityresponse.symantec.com/avc...

csrs.exe
%SysDir%\Csrs.exe is TR/Dldr.Delf.ARO.
Read more:
http://www.avira.com/en/threats/section/...
Kill the process csrs.exe and remove csrs.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrsd.exe
CSRSD.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qq7db37...
Kill the process CSRSD.EXE and remove CSRSD.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrsrss.exe
Csrsrss.exe is W32.Nujama.B.
W32.Nujama.B is a worm that spreads through mapped drives and shared folders, and lowers security settings on the compromised computer.
Related files;
%System%\SystemMonitor.exe
%System%\csrsrss.exe
ptstnoop.exe
InfoVersion.exe
cmmput.exe
call of duty.exe
[FOLDER NAME].exe
%Windir%\Web\Folder.htt
%Windir%\Web\Desktop.ini
%Windir%\system\oeminfo.ini
Datos de [MACHINE NAME].exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process csrsrss.exe and remove csrsrss.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrsrv86.exe
CSRSRV86.EXE is Trojan/Backdoor.
Kill the process CSRSRV86.EXE and remove CSRSRV86.EXE from Windows startup.

csrss.exe
Csrss.exe is W32.Kibtos.
W32.Kibtos is a worm that spreads by copying itself to all drives. It may also display a message and picture asking the user to vote for Kibaki.
Related files:
%System%\drivers\intel.exe
%Windir%\csrss.exe
%Windir%\Autorun.inf
[DRIVE LETTER]:\AUTORUN.INF
[DRIVE LETTER]:\camp.exe
Read more:
http://www.symantec.com/enterprise/secur...
Kill the process csrss.exe and remove csrss.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrss.ink
Csrss.Ink is Trojan/Backdoor.
Kill the file csrss.Ink and remove csrss.Ink from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrss.scr
CSRSS.scr is Trojan/Backdoor TROJ_CARTAO.C.
Kill the file CSRSS.scr and remove CSRSS.scr from Windows startup.
http://de.trendmicro-europe.com/consumer...

csrssa.exe
Csrssa.exe is Trojan/Backdoor.
Kill the process csrssa.exe and remove csrssa.exe from Windows startup.

csrssp.exe
Csrssp.exe is Trojan/Backdoor.
Kill the process csrssp.exe and remove csrssp.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csrwrnmw.exe
CSRWRNMW.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqac736...
Kill the process CSRWRNMW.EXE and remove CSRWRNMW.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

csscv.exe
Csscv.exe is W32/Sdbot-CPL.
Read more:
http://www.sophos.com/security/analyses/...
Kill the process csscv.exe and remove csscv.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cssrs.exe
WORM_AGOBOT.FX
This is memory-resident worm. It drops and executes a copy of itself as the file CSSRS.EXE.
It takes advantage of the following system vulnerabilities:
DCOM RPC vulnerability using TCP port 135
RPC Locator vulnerability using TCP port 445
WebDav vulnerability using TCP port 80

Attempt to gain access to specific shared folders on the network using a predefined list of user names and passwords.
Connect to an IRC channel and listens for commands from a remote user.
Allow the malicious user to perform several tasks on a damage system.
Terminate antivirus processes, firewall programs, and system tools. It runs on Windows NT, 2000, and XP.

Manual removal:
Delete this keys:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run
WinFX = "cssrs.exe"
Display Drivers = "cssrs.exe"

HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>RunServices
In the right panel, locate and delete the entry:
WinFX = "cssrs.exe"
Display Drivers = "cssrs.exe"

HKEY_LOCAL_MACHINE>System>CurrentControlSet>Services>Driver

Also download and install the critical patches from the Microsoft site:
Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-001
Microsoft Security Bulletin MS03-007

Automatic removal: Use RegRun Startup Optimizer to remove it from startup.

cssrss.exe
Cssrss.exe is W32/Forbot-CE.
Read more:
http://www.sophos.com/security/analyses/...
Kill the process cssrss.exe and remove cssrss.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csss.exe
Csss.exe is Trojan/Backdoor.
Kill the process csss.exe and remove csss.exe from Windows startup.

cstray.exe
Cstray.exe is a Spyware.CometCursor.
Cstray.exe is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cstray.exe process and remove cstray.exe from Windows startup using RegRun Startup Optimizer.

csutil.dll
Csutil.dll is a Spyware.CometCursor.
Csutil.dll is an Internet Explorer Browser Helper Object.
Related files:
%ProgramFiles%\Comet\Bin\comet.exe
%ProgramFiles%\Comet\Bin\comutil.dll
%ProgramFiles%\Comet\Bin\csapputil.dll
%ProgramFiles%\Comet\Bin\csband.dll
%ProgramFiles%\Comet\Bin\csbho.dll
%ProgramFiles%\Comet\Bin\csbrange.dll
%ProgramFiles%\Comet\Bin\cscore.dll
%ProgramFiles%\Comet\Bin\csctx.dll
%ProgramFiles%\Comet\Bin\cseng.dll
%ProgramFiles%\Comet\Bin\csietb.dll
%ProgramFiles%\Comet\Bin\csinst.dll
%ProgramFiles%\Comet\Bin\csinstall.exe
%ProgramFiles%\Comet\Bin\cstray.exe
%ProgramFiles%\Comet\Bin\csutil.dll
%ProgramFiles%\Comet\Bin\fileutil.dll
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove csutil.dll from Windows startup using RegRun Startup Optimizer.

csvhost.exe
Csvhost.exe is W32/Gaobot.worm.gen.
Read more:
http://vil.nai.com/vil/content/v_100785....
Kill the process csvhost.exe and remove csvhost.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

csystime.exe
Added as a result of the following virus:
W32.Randex.S is a network-aware worm that attempts to connect to a predetermined IRC server to receive instructions from its author.

It does the following:
Copies itself as the file, %System%\CSysTime.exe.
Calculates a random IP address for a computer that it will try to infect.
Attempts to authenticate itself to the aforementioned, randomly generated IP addresses.
Copies itself to shares that have weak passwords.

Adds the value:
"System time updator"="CSysTime.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Connects to a specific IRC channel on a specific IRC server to receive remote instructions, such as:
ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these machines.
cdkey: Collects CD keys of many popular games and sends them to the IRC channel.
sysinfo: Retrieves the infected machine's information, such as CPU speed, memory, and so on.

Use RegRun Startup Optimizer to remove it from startup.

ct600_06.dll
CT600_06.DLL is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/fileinfo.asp?P...
Kill the file CT600_06.DLL and remove CT600_06.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctels.exe
Steals passwords
Gets the Dial Up Networking passwords via e-mail.

ctflsv.exe
Ctflsv.exe is Trojan/Backdoor.
Kill the process ctflsv.exe and remove ctflsv.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctfman.exe
CTFMAN.EXE is Trojan/Backdoor.
Read more:
http://spywarefiles.prevx.com/RRHEAH2741...
Kill the process CTFMAN.EXE and remove CTFMAN.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctfmom.exe
Ctfmom.exe is Trojan/Backdoor.
Kill the process ctfmom.exe and remove ctfmom.exe from Windows startup.

ctfmon32.dll
CTFMON32.DLL is Rootkit.DialCall.
Read more:
http://fileinfo.prevx.com/adware/qqf2616...
Kill the file CTFMON32.DLL and remove CTFMON32.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctfnom.exe
Ctfnom.exe is Troj/Digidor-A.
Related files:
%Windows folder%\svohost.exe
%Windows system folder%\HDDGMom.exe
%Windows system folder%\lsasa.exe
Read more:
http://www.sophos.com/virusinfo/analyses...
Kill the process ctfnom.exe and remove ctfnom.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctfnon.exe
Ctfnon.exe is a part of Piaoyes (Remote Control Tool).
Related files:
%System%\ctfnon.exe
ctfnon.exe
zz.exe
Read more:
http://research.sunbelt-software.com/thr...
Kill the process ctfnon.exe and remove ctfnon.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctfrmon.exe
CTFRMON.EXE is Trojan/Backdoor.
Kill the process CTFRMON.EXE and remove CTFRMON.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cthelp.exe
Cthelp.exe is a Trojan Backdoor.Sdbot.
Cthelp.exe spreads via Internet Relay Chat (IRC).
Cthelp.exe tries to terminate antiviral programs installed on a user computer.
Cthelp.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%System%\Cnfgldr.exe
%System%\cthelp.exe
%System%\Sysmon16.exe
%System%\Sys3f2.exe
%System%\Syscfg32.exe
%System%\Mssql.exe
%System%\Aim95.exe
%System%\Svchosts.exe
%System%\FB_PNU.EXE
%System%\Cmd32.exe
%System%\Sys32.exe
%System%\Explorer.exe
%System%\IEXPL0RE.EXE
%System%\iexplore.exe
%System%\sock32.exe
%System%\MSTasks.exe
%System%\service.exe
%System%\Regrun.exe
%System%\ipcl32.exe
%System%\syswin32.exe
%System%\CMagesta.exe
%System%\YahooMsgr.exe
%System%\vcvw.exe
%System%\spooler.exe
%System%\MSsrvs32.exe
%System%\svhost.exe
%System%\winupdate32.exe
%System%\quicktimeprom.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cthelp.exe process and remove cthelp.exe from Windows startup using RegRun Startup Optimizer.

cthkpcv.dll
CTHKPCV.DLL is Trojan/Backdoor.
Read more:
http://www.bleepingcomputer.com/startups...
Kill the file CTHKPCV.DLL and remove CTHKPCV.DLL from Windows startup using RegRun Reanimator.
http://www.regrun.com

cthonic.vbs
I-Worm.Thonic.b
This worm spreads via the Internet as an attachment to infected files.
The worm searches for files with the extensions .exe, .cpl, and .scr.
When infecting these files it writes itself to the end of the files in a section named .DCUbLmd
The worm's code contains errors. It is unable to propagate independently.
A VBS script controls propagation via email.
The executable file infects notepad.exe, and copies itself to the C: root directory as C:\snowboard_accident.avi.[75 spaces]exe

Infected messages:
Subject: Hey check out this funny video my friend sent me !
Message body: Mail Body
Attachment name: C:\snowboard_accident.avi.[75 spaces]exe
The worm uses Windows MAPI function to send messages.
When sending infected messages, the worm accesses MS Outlook and sends itself to all addresses harvested from the address book.
It also propagates via mIRC.

Use RegRun Startup Optimizer to automatically remove this worm.

ctl3d32.dll
ctl3d32.dll is a Spyware.IamBigBrother.
ctl3d32.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
cpanel.exe
nl.exe
ctl3d32.dll
winl.dll
dmm.dll
ma.exe
%System%\DOM.dll
%System%\DartFtp.dll
%System%\DartSock.dll
%System%\EncodeX.dll
%System%\MabryObj.dll
%System%\MimeX.dll
%System%\SmtpX.DLL
%Windir%\cp.exe
Adds the value:
"Windows System Tray" = "[PATH TO SECURITY RISK]"
"Windows Service Manager" = "[PATH TO SECURITY RISK]"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Remove ctl3d32.dll from Windows startup using RegRun Startup Optimizer.

ctmon.exe
Ctmon.exe is Trojan Clckr-AN.
Read more:
http://www.sophos.com/virusinfo/analyses...
Kill the process ctmon.exe and remove ctmon.exe from Windows startup using RegRun.
www.regrun.com

ctpmon.exe
Ctpmon.exe is Trojan/Backdoor.
Kill the process ctpmon.exe and remove ctpmon.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctrlpan.dll
We suggest you to remove ctrlpan.dll from your computer as soon as possible.
Ctrlpan.dll is Trojan.Win32.StartPage.au.
Read more:
http://www.viruslist.com/en/viruses/ency...
Kill the file ctrlpan.dll and remove ctrlpan.dll from Windows startup.

ctswin.exe.exe
CTSWIN.EXE.EXE is Trojan.ADIRSS.
Read more:
http://fileinfo.prevx.com/fileinfo.asp?P...
Kill the process CTSWIN.EXE.EXE and remove CTSWIN.EXE.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

ctxad.exe
Ctxad.exe is Spyware Midaddle.
Directory: %TEMP%
Kill the process ctxad.exe and remove ctxad.exe from Windows startup using RegRun.
www.regrun.com

cuapp.exe
cuApp.exe is a mass-mailing worm W32.Kedebe.B@mm.
cuApp.exe tries to terminate antiviral programs installed on a user computer.
cuApp.exe opens a back door on a random TCP port.
Related files:
%System%\winssc32.exe
%System%\mscppmgr.exe
%System%\kerne132.exe
%System%\NAVMON.EXE
%System%\drwmgr32.exe
%System%\DLLH0ST.EXE
%System%\gcasctrl.exe
%System%\msscan.exe
%System%\cuApp.exe
%System%\LSSAS.EXE
%System%\AVmon.exe
%System%\SERVlCES.EXE
%System%\gcasSav32.exe
%System%\LUC0MS~1.EXE
%System%\zlbclient.exe
%System%\mantispam.exe
%System%\NETM0N.EXE
%System%\srvchost.exe
%System%\USRMGRINIT.JFX
Admin Password Cracker.exe
DVD ripper keygen.exe
Messenger 7.0 Installer.exe
Microsoft AntiSpyware Patch.com
Mydoom removal tool.exe
Naked teen-Actions.com
Norton Personal Firewall 2005 Patch.exe
Spyware remover.exe
Win Server 2003 Remote Exploit.cmd
ZoneAlarm Security Suite 2005 Crack.com
Adds the value:
"Windows [worm filename without extension] Monitor" = "[file name of the worm]"
"Run" = "[file name of the worm]"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cuApp.exe process and remove cuApp.exe from Windows startup using RegRun Startup Optimizer.

cupid2.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

cure.exe
Remote Access

curepcsolution.exe
CurePCSolution.exe is a part of CurePCSolution software.
CurePCSolution is a program that simulates detection of threats on the computer.
Related files:
C:\WINDOWS\Installer\{2687B107-2B13-410A-A850-BE211B74AF12}\controlPanelIcon.exe
C:\WINDOWS\Installer\{2687B107-2B13-410A-A850-BE211B74AF12}\SystemFolder_msiexec.exeC:\Documents and Settings\All Users\Desktop\Start CurePCSolution.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start CurePCSolution.exe.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CurePCSolution\CurePCSolution.exe.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\CurePCSolution\Uninstall CurePSSolution.lnk
C:\Program Files\CurePCSolution\CurePCSolution.exe
C:\Program Files\CurePCSolution\curepcsolution.ini
C:\Program Files\CurePCSolution\data\params.dat
C:\Program Files\CurePCSolution\data\virus.dat
C:\Program Files\CurePCSolution\ExcludeParams.txt
C:\Program Files\CurePCSolution\help.chm
Read more:
http://www.symantec.com/security_respons...
Kill the process CurePCSolution.exe and remove CurePCSolution.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cust.exe
Cust.exe is Spyware Midaddle.
Related files:
1 :%APPDATA%\ACCS.EXE
2 :%APPDATA%\AETE.EXE
3 :%APPDATA%\AMEE.EXE
4 :%APPDATA%\ATOU.EXE
5 :%APPDATA%\ATUW.EXE
6 :%APPDATA%\CUST.EXE
7 :%APPDATA%\EAOU.EXE
8 :%APPDATA%\EBER.EXE
9 :%APPDATA%\EROR.EXE
10:%APPDATA%\LASU.EXE
Read more:
http://fileinfo.prevx.com/QQ0e5418361272...
Kill the process cust.exe and remove cust.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cvchost.exe
We suggest you to remove CVCHOST.EXE from your computer as soon as possible.
CVCHOST.EXE is W32/Sdbot-DFH.
Read more:
http://www.sophos.com/security/analyses/...
Kill the process CVCHOST.EXE and remove CVCHOST.EXE from Windows startup.

cvdialog.exe
CVDIALOG.EXE is Trojan/Backdoor.
Read more:
http://fileinfo.prevx.com/adware/qqf47a6...
Kill the process CVDIALOG.EXE and remove CVDIALOG.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cvhost.exe
Gaobot Trojan.
Spreads in local network via open shares.
Also it uses DCOM RPC vulnerability (135,445 ports) and WebDav vulnerability (port 80).
Allows to control the victim computer by IRC.
Terminates well known antiviral software.
Removal:
install the patches from Microsoft:
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
http://www.microsoft.com/technet/securit...
Set the strong passwords for network shares.
Use RegRun "Terminate" feature to erase the virus body files.
They are located in Windows\System32 folder.
Cavapsvc.exe
Csrrs.exe
Cvhost.exe
DIIhost.exe (with capital letter 'i')
Dosrun32.exe
Dos32.exe
Lsas.exe
Regloadr.exe
Schost.exe
Scvhost.exe
Service.exe
Servicess.exe
Sochost.exe
Swchost.exe
System.exe
Update.exe
Wdrun32.exe
Winhlpp32.exe
Winreg.exe
Winupdsdgm.exe

Free removal tool:
http://securityresponse.symantec.com/avc...

cvn0.exe
Cvn0.exe is Trojan/Backdoor.
Kill the process cvn0.exe and remove cvn0.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cw.exe
cw.exe is a Spyware.ChatWatch.
cw.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
cw.exe
ccrpTmr6.dll
PolarZIPLight.dll
Richtx32.ocx
Adds the value:
"cwatch" = "\cw.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cw.exe process and remove cw.exe from Windows startup using RegRun Startup Optimizer.

cxmdxcs.exe
Cxmdxcs.exe is Trojan/Backdoor.
Kill the process cxmdxcs.exe and remove cxmdxcs.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

cxtpls.exe
CXtPls.exe is a Spyware.Apropos.
CXtPls.exe is a Browser Helper Object.
CXtPls.exe monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Windir%\Downloaded Program Files\load.exe
%Windir%\Downloaded Program Files\monpop.exe
%Windir%\Downloaded Program Files\pop225.dll
%Windir%\Downloaded Program Files\pophook4.dll
%Windir%\Downloaded Program Files\PopSrv225.exe
%Temp%\auto_update_loader.exe
%Temp%\install_ct.exe
%Temp%\CXtPls.exe
%Temp%\ProxyStub.dll
%Temp%\WinGenerics.dll
%Temp%\ace.dll
%Temp%\atla.dll
%Temp%\atlw.dll
%Temp%\data.bin
%Temp%\libexpat.dll
%Temp%\ph.exe
%Temp%\pm.exe
%Temp%\setup.inf
%Temp%\uninstaller.exe
%Temp%\atl.dll
%System%\atmon.exe
%System%\intfaxui.exe
Adds the value:
"POP" = "C:\WINDOWS\Downloaded Program Files\PopSrv225.exe"
"AutoLoaderEnvoloAutoUpdater" = "auto_update_loader.exe"
"[random name]" = "intfaxui.exe"
"[random name]" = "atmon.exe"
to the Windows startup registry keys.
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill CXtPls.exe process and remove CXtPls.exe from Windows startup using RegRun Startup Optimizer.

cxtpls_loader.exe
Cxtpls_loader.exe is a Trojan Trojan.LowZones.
Cxtpls_loader.exe lowers Internet Explorer security settings.
Related files:
%Temp%\auto_update_install.exe
%Temp%\setup.inf
%Temp%\auf0.exe
%Temp%\cxtpls_loader.exe
%Temp%\iinstall.exe
%Temp%\sidefind.exe
%Temp%\WToolsA.exe
%Temp%\WToolsB.dll
%Temp%\AutoUpdaterInstaller[1].exe
%Temp%\nem220[1].dll
%Temp%\salm.exe
%Temp%\istbar.dll
%System%\auto_update_uninstall.exe
%Windir%\lohmvql.exe
%Windir%\nem220.dll
%Windir%\qoqek.exe
%Windir%\zeta.exe
More info:
http://securityresponse.symantec.com/avc...
Removal:
Kill cxtpls_loader.exe process and remove cxtpls_loader.exe from Windows startup using RegRun Startup Optimizer.

cycx2ey.exe
CYCX2EY.EXE is Trojan.Sandbox.A.
Read more:
http://fileinfo.prevx.com/adware/qqcce96...
Kill the process CYCX2EY.EXE and remove CYCX2EY.EXE from Windows startup using RegRun Reanimator.
http://www.regrun.com

cypreg.dll
We suggest you to remove cypreg.dll from your computer as soon as possible.
Cypreg.dll is W32/Bobandy-F.
Related files:
%My Documents%\%My Music%\My Music.exe
%My Documents%\%My Pictures%\My Pictures.exe
%Windows%\lsass.exe
%Windows%\QSF7N0S.exe
%Windows%\VDM2H2G.exe
%Windows%\NTC4D7O\%random characters%.com
%Windows%\NTC4D70\regedit.cmd
%Windows%\NTC4D70\service.exe
%Windows%\NTC4D70\smss.exe
%Windows%\NTC4D70\system.exe
%Windows%\NTC4D70\winlogon.exe
%Windows%\NTC4D70\XPV6I4O.exe
%System%\%random characters%\CTS3C8U.cmd
%System%\%random characters%.exe
%Windows%\cypreg.dll
%Windows%\MoonLight.txt
%System%\MSWINSCK.ocx531
%System%\systear.dll
%System%\msvbvm60.dl
%Windows%\onceinabluemoon.mid
Read more:
http://www.sophos.com/security/analyses/...
Kill the file cypreg.dll and remove cypreg.dll from Windows startup.

cysyycqp.sys
CYSYYCQP.SYS is TROJ_AGENT.KX.
Directory: %SysDir%\DRIVERS
Read more:
http://fi.trendmicro-europe.com/consumer...
Kill the file CYSYYCQP.SYS and remove CYSYYCQP.SYS from Windows startup using RegRun Reanimator.
http://www.regrun.com

cyxid98.exe
Cyxid98.exe is Trojan/Backdoor.
Kill the process cyxid98.exe and remove cyxid98.exe from Windows startup.

czsrv.exe
We suggest you to remove czsrv.exe from your computer as soon as possible.
Czsrv.exe is W32/Sdbot-DHW.
Read more:
http://www.sophos.co.uk/security/analyse...
Kill the process czsrv.exe and remove czsrv.exe from Windows startup.


Quick Links
What's new?
RSS Feed
Add to AppDatabase
Ask Experts
Join forum
Links

Articles
Virus or not? SPTD####.sys
What is mc21.tmp, mc22.tmp, mc23.tmp?

Select
Necessary
Useless
At your option
Dangerous

Copyright © 1998-2010 Greatis Software