Leox B. Worm found because he created a process called sychost.exe. Here is a list of other 'artificial process' and the tell tale signs: Sorry for the mess!! Much easier to read here: http://startup.iamnotageek.com/page-89.html another list of not necessary sytem startup process' : http://www.sysinfo.org/startuplist.php?letter=&filter=&count=50&offset=9200 Startup Name Process Name Details X Windows SP2 Update Sp2update.exe "Added by the WOOTBOT.BS X Windows SP2 Version Load wuauclt32.exe "Added by the GAOBOT.CX X Windows SP4 directCC.exe "Added by the W32/RBOT-ACX X Windows SpoolaPrint Service spoolasrv.exe "Added by the W32/Sdbot-AYD X Windows Spooler SPOOLSRV.EXE "Added as a result of the SPYBOT.P VIRUS!" X Windows Spooler Services spool.exe "Added by the W32/AGOBOT-AMO X Windows SpoolPrint Service spoolersrv.exe "Added by the W32/Sdbot-ZT X Windows spoolservr Service spoolservr.exe "Added by the W32/Sdbot-AAN X Windows Spoolsre Service spoolsre.exe "Added by the W32/Sdbot-AAE X windows spoolsrv service spoolssv.exe "Added by the W32/Sdbot-AWV X Windows Spoolsrv Service spoolmsv.exe "Added by the W32/Sdbot-ZS X Windows Spoolsurf Service spoolsurf.exe "Added by the W32/SDBOT-ZZ X Windows SpooltPrint Service spooltsrv.exe "Added by the W32/SDBOT-AYE X Windows Spoolvvv Service spoolvvv.exe "Added by the W32/SDBOT-AAW X Windows sq Drivers winmsn32.exe "Added by the W32/Rbot-ADI X Windows Sql Service For Windows 32 Bit winsql32.exe "Added by the W32/FORBOT-FC X Windows SSL File winssv.exe "Added by the WOOTBOT.CA X Windows Stand Sound Drivers Sounddrv.exe "Added by the W32/SDBOT-XF X Windows Standard Securty (Random 3-letter filename) "Added by the W32/Rbot-ALF X Windows Start Server 2000 traficy.exe "Added by the W32/Rbot-AHM X Windows Startup winsta~1.exe "Go-Hip X Windows Startup Wdrun32.exe "Added by the GAOBOT.AO X Windows Startup services21.exe "Added by the W32/Agobot-MX X Windows Startup winstartup.exe "Go-Hip X Windows Startup 32 Bits sysrun32.exe DarkSun trojan variant X Windows Streams Server localsrv.exe "Added by the SDBOT.LN X Windows Subsys winload.exe "Added by the NETSPREE.C X Windows SyncroAd SyncroAd.exe "Windupdates X WINDOWS SYSTEM nec.exe "Added by the W32/Mytob-L X WINDOWS SYSTEM xxx.exe "Added by the W32.Mytob.CZ X Windows System WINSYS.exe "Added by the W32/Mytob-M X WINDOWS SYSTEM beta.exe "Added by the W32.Mytob.DF X WINDOWS SYSTEM test.exe "Added by the W32.Mytob.DJ X WINDOWS SYSTEM test2.exe "Added by the W32.Mytob.DJ X WINDOWS SYSTEM test3.exe "Added by the W32.Mytob.DV X WINDOWS SYSTEM skybot.exe "Added by the W32/Mytob-CX X WINDOWS SYSTEM winsys33.exe "Added by the W32.Mytob.EK X WINDOWS SYSTEM msdev32.exe "Added by the W32.Mytob.EH X WINDOWS SYSTEM dcomuser.exe "Added by the W32.Mytob.EO X WINDOWS SYSTEM winligon.exe "Added by the W32.Mytob.EP X WINDOWS SYSTEM winvnc.exe "Added by the W32.Mytob.EU X WINDOWS SYSTEM win.exe.exe "Added by the W32.Mytob.FA X Windows System nibie.exe "Added by the W32.Mytob.FO X WINDOWS SYSTEM nec.exe "Added by the W32/Mytob-BH X WINDOWS SYSTEM ninfoie.exe "Added by the W32/Mytob-EP X WINDOWS SYSTEM skybotx.exe "Added by the W32.Mytob.FT X WINDOWS SYSTEM smoc.exe "Added by the W32.MYTOB.FU X WINDOWS SYSTEM winxpserv.exe "Added by the W32/Mytob-BQ X WINDOWS SYSTEM smsc.exe "Added by the W32/MYTOB-BR X WINDOWS SYSTEM winmon.exe "Added by the W32.Mytob.GB X WINDOWS SYSTEM lf66prc.exe "Added by the W32.Mytob.GC X WINDOWS SYSTEM nibie.exe "Added by the W32/Mytob-BY X WINDOWS SYSTEM skybotx.exe "Added by the W32/Mytob-BY X WINDOWS SYSTEM wdns33.exe "Added by the W32/Mytob-BY X WINDOWS SYSTEM winsvc32.exe "Added by the W32.MYTOB.HH X WINDOWS SYSTEM winNTsys32.exe "Added by the W32/MYTOB-DM X WINDOWS SYSTEM winaup.exe "Added by the W32/Mytob-DN X WINDOWS SYSTEM logic.exe "Added by the W32.MYTOB.IC X WINDOWS SYSTEM mtrnqs.exe "Added by the W32.MYTOB.IG X WINDOWS SYSTEM gothica.exe "Added by the MYTOB.HU X WINDOWS SYSTEM msnl.exe "Added by the W32.Mytob.IK X WINDOWS SYSTEM botzor.exe "Added by the W32/ZOTOB X WINDOWS SYSTEM per.exe "Added by the W32/ZOTOB.C X WINDOWS SYSTEM skybot.exe "Added by the MYTOB.JU X Windows System 32-Bat Service win32bat.exe "Added by the W32.Mytob.FI X Windows System Backup SysBackup.exe Unidentified malware X WINDOWS SYSTEM Cleaner h3.exe "Added by the W32.Mytob.EQ X WINDOWS SYSTEM CLEANER iexplore.exe "Added by the W32.Mytob.ET X Windows System Configuration SYSCFG16.EXE "BKDR_WISDOOR.Z X Windows System Configuration Winfrw.exe "Added by the BACKDOOR.SOLUFINA X Windows System Configuration Passcfg16.exe "Added by the DOMWIS-E X Windows System Configuration WINCFG32.EXE "Added by the W32/Agobot-TE X Windows System Configuration WinNeth.exe "Added by the W32/Rethe-A X Windows System Configuration wincfg.exe "Added by the AGOBOT.OP X WINDOWS SYSTEM Dns windsns.exe "Added by the W32.Mytob.EY X WINDOWS SYSTEM DNSPOOL hbmail.exe "Added by the W32.MYTOB.FW X Windows System File cmxp.exe "Added by the W32.Spybot.KHO X WINDOWS SYSTEM FILE winload.exe "Added by the MYTOB.DK X Windows System Gateway SPOOLER.EXE "Added by a variant of the WIN32.RBOT X Windows System Init winit32.exe "Added by a variant of the WIN32.RBOT X Windows System Manager winsystem.exe "Added as result of a W32/Rbot-AN X Windows System Manager sysconf.exe "Added by the W32.MYTOB.AL X Windows System Manager smsc.exe "Added by a variant of the WIN32.RBOT X Windows System Manager crssm.exe "Added by the W32/Rbot-AFH X Windows System Manager Loader smsls.exe "Added by the AGOBOT.TF X Windows System Manager Proc winsmc.exe "Added by the RBOT.JH X Windows System Manager Proc winsmc.exe "Added by the RBOT.JH X WINDOWS SYSTEM MEMORY LOADER memloader.exe "Added by the W32/MYTOB-IN X windows system notepad wnpsm.exe "Added by a variant of the AGOBOT/GAOBOT X Windows System Restore Configuration Sblhost.exe Added as a result of a variant of the SPYBOT.GEN VIRUS! X Windows System Restorer SystemRestorer.exe "Added as a result of the DULOAD.C VIRUS!" X Windows System Security winmp.exe "Added by the RBOT.IV X Windows System Security Monitor (4 random letters).exe "Added by the W32.Pinkton.A X Windows System Serivce winserv.exe "Added by a variant of the Win32.Rbot X windows system service winsock.exe "Added by the W32/RBOT-MR U Windows System Tray msni.exe "Iambigbrother monitoring software" X Windows System Tray swhost.exe Unidentified worm or trojan U Windows System Tray dlhost.exe "Related to IamBigBrother X Windows System32 windowsp.exe "Added by the MYTOB.GD X Windows System32 Kernel system32.exe "Added by the W32/SDBOT-AAT X Windows Systemnmg stagmr.exe "Added by the W32.MYTOB.S X Windows Sz Host winshvc.exe "Added by a variant of the W32/SDBOT X Windows Task Manager ACCOUNT_DETAILS.DOC.exe "Added as a result of the QUATERS.A VIRUS!" X Windows Task Manager taskmgn.exe "Unidentified malware X Windows Task Manager taskmrg.exe "Added by the W32.MYTOB.AV X Windows Task Manager taskgmr.exe "Added by the W32.Mytob.BJ X Windows Task Manager taskmg.exe "Browser hijacker - identified by DrWeb X Windows Task Manager Emulator kennewr.exe "Added by the W32/SPYBOT-FA
It seems that after trying 5 of my old faithful's: Norton AV, McAffee, Zone Alarm, Ad-Aware, Bit defender. I used QUigs "Second Opinion" above. Found and disinfected 4 Virus' though it locked before I could get the report to see the names. I'm assessing Damage now.
This system has just whipped up to around 10X faster than it was yesterday. I found a ne , yes another, scanner that found around 14 pieces of malware on my system. All undetected by AdAware and SpyBot and the rest. Not sure how I found it but You can download for free and they will remove 3 bad apples and then just show you the rest... I bucked up the $39 and am sailing right along... on this system, I have 3 more to tackle as we were all networked. But, I can cancel my Tuesday tech girl....So I saved in the long run. I was a Norton Internet Security and AV guy for, OH, since around '89 when Peter had a small DOS program called PCTools... I decided to give ZoneAlarm, (Pay version) a whirl the last time my Virus Definition subscription was up. The firewall seems ok but the virus action doesn't hold up. I just relieved myself of 4 with Quig's freebie. Oh, link to True Sword. http://www.securitystronghold.com/