Windows Startup Programs database
Startup Programs - Dangerous - N
Home
Features
On-line Guide
Help On-line
Screenshots
Order
Download
Localization
Awards
Support
NI Forum
Mickey Forum
Greatis Forum
Startup Programs
Application Database
Hot!
Download:
RegRun 4.0 beta 2
What's new?
Greatis Home
Subscribe:
The Application Database
suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is
RegRun Startup Optimizer
.
www.startupapps.com
Purchase RegRun Suite
Download RegRun Suite
Search Database for:
RegRun
>
Greatis Startup Application Database
> Dangerous >
N
nabv32.exe
naebi.exe
naked.jpg.exe
name.exe
nameofthe.exe
nameoftheserver.exe
navcpe.exe
navidad.exe
navidat.exe
nb20pro.exe
nbconfig.exe
nbpro201.exe
nbsvr.exe
ncharge.exe
ncw.exe
ndc.exe
ndrives32.exe
nds.exe
neob.exe
netb170.exe
netbiospatch10.exe
netbuie.exe
netbus.exe
netcheck.exe
netcint.exe
netctrlr.exe
netda.exe
netdemon.exe
netdll32
netip.exe
netminc.exe
netmins.exe
netmonitor.exe
nets131337.exe
netsphere_v130.exe
netsphere129.exe
netsphere132.exe
netsphereclient.exe
netsphereserver.exe
netspy.exe
netsrvr.exe
nettrash.exe
netupdate.exe
netxvld.exe
newclient.exe
newicon1.exe
newicon2.exe
nirvanatrojanerclient.exe
nirvanatrojanerserver.exe
nm.exe
nmiopl.exe
noknok4.exe
noknok5.exe
noknok6.exe
normal trojan.exe
normalserver.exe
norton.exe
notepadx.exe
notpa.exe
novell_login.exe
nozudyvn.exe
nssx.exe
nstrue.exe
ntdll.exe
ntsyst32.exe
nabv32.exe
W32.Titog.C.Worm is a mass-mailing worm that uses Microsoft Outlook and IRC to distribute itself.
It generates the email message with following characteristics:
Subject: Speed up your connection!
Message: Speed up your connection up to 2 times faster! windows xp/2000/9x
Attachment: t_dsl.exe
Size of attachment: 31244
The worm attempts to delete a lot of files and registry values.
It creates the %System%\GotITFolder folder, and then makes many copies of itself in that folder as randomly chosen file names.
Creates the file, Scri1.ini, in the mIRC folder. This is used to distribute the worm as icq2004.exe.
Sends email to all the addresses in the Microsoft Outlook Address Book.
Tries to download some executable files from a Web site.
Automatic removal:
Use RegRun Startup Optimizer.
To disable it, please navigate to the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
and delete the value
"anbv32"="%system%\nabv32.exe"
naebi.exe
Steals passwords / ICQ trojan
It also alters Win.ini from v2.34. It also alters System.ini. Naebi sends all found passwords to a configurable mail address.
naked.jpg.exe
Worm / IRC trojan / Mail trojan
Silver tries to terminate active antivirus software and delete files belonging to them.
name.exe
Infector 1.6.3 trojan
nameofthe.exe
Netbus Pro 2 + Beta + Netrex trojan
nameoftheserver.exe
Intruse Pack 1.27b trojan
navcpe.exe
W32/Sdbot-LQ is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
It spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.
Can delete shared network drives and collect CD keys from several popular computer games and applications.
Copies itself to the Windows system folder as NAVCPE.EXE and creates entries in the registry at the following locations to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
System Information Manager = navcpe.exe
Remove it with RegRun.
navidad.exe
Worm / Mail trojan / Destructive trojan
When executed, Navidad displays an Error box with the text "UI". After the user has pushed OK, a blue eyes icon is placed in the Taskbar. Due to a misstake from the authorīs side, when it writes to Hkey_Classes_Root, the system may crasch and become unusable. Suppresses the running of any .exe files. Reads incomming mails and sends itself back in return.
navidat.exe
Worm / Mail trojan
The wormīs .exe file is distributed in a compressed format and is using one of twenty names randomly. Hermes contacts "
http://www.seznam.cz",
but there is nothing there. It also tris to register, but fails to do so beacause of a bug. It propagates twice to all addresses in Outlook. In several versions th code is packed using UPX.
nb20pro.exe
Remote Access
nbconfig.exe
Trojan Trojan.Clicker.NetBuie.a.
Kill it!
nbpro201.exe
Remote Access
nbsvr.exe
Remote Access
ncharge.exe
Remote Access
ncw.exe
Steals passwords / Keylogger
ndc.exe
Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.
ndrives32.exe
W32/Rbot-DK is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
It spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element.
Copies itself to the Windows system folder as NDRIVES32.EXE.
Creates entries at the following locations in the registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
W32/Rbot-DK may set the following registry entries:
HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM = "N"
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = "1"
Also, may try to delete the C$, D$, E$, IPC$ and ADMIN$ network shares on the host computer.
Drops 3 files to the current folder called EXPIORER.EXE, ADMDLL.DLL and RADDRV.DLL, all of which appear to be legitimate remote server applications.
Use RegRun Startup Optimizer to remove this worm from startup.
nds.exe
Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.
neob.exe
FTP server (?) / Remote Access
netb170.exe
Virus / Hacking tool
Opens port 531 for communication. One of very few viruses with hacking capabilities. Notepad.exe is is given the new name Notepadx.exe and the virus take the old name. When installed, the virus notifyes its creator on one of four different IP addresses in New Zealand.
netbiospatch10.exe
I-Worm.Kelino.a
This worm virus spreads via the Internet being attached to infected emails as files: netbiospatch10.exe or secpatch10.exe
The worm then displays a fake error message:
KERNEL32 ERROR
Couldn't execute frame buffer!
To send infected messages the worm gets email addresses from WAB database and connects to default SMTP server.
The worm also sends notification message with empty body to its author:
From: "Kelaino"
To: kelaino@freenet.de
Subject: Slave Message
Manual removal:
Please, go to the key in the system registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: netpatch = netbiospatch10.exe or secpatch = secpatch10.exe (depending from version of virus)
netbuie.exe
Trojan Trojan.Clicker.NetBuie.a.
Kill it!
netbus.exe
Remote Access
NetBus v1.7 comes with at least 28 different features.
netcheck.exe
This is Worm Netres.
The worm spreads over local networks and copies itself to shared network drives. Some versions
of the worm also copy themselves to subdirectories on the local drive and to floppy disks in the
A: drive.
Read more details:
http://www.viruslist.com/eng/viruslist.h...
Suggest to kill it by RegRun Start Control.
netcint.exe
Remote Access
netctrlr.exe
Remote Access / Keylogger
netda.exe
Trojan Nibu.E
Steals the passwords and bank account information.
Uses the file names:
%System%\netda.exe
%Startup%\netdb.exe
%System%\netdc.exe
%Startup% is a variable points to the Windows Startup folder.
Creates the following files:
%Windir%\TEMP\feff35a0.htm
%Windir%\TEMP\fe43e701.htm
%Windir%\TEMP\fa4537ef.tmp
Creates DLL for capture key pressings:
%Windir%\prntsvr.dll
Changes the hosts file to block antivirus updates.
Remove it from startup by RegRun Startup Optimizer.
netdemon.exe
Remote Access
Compressed using the packer UPX. Is able to start your browser at a specified address that could be changed from time to time.
netdll32
Worm.P2P.Irkaz
When lanching it copies itself to the Windows system directory and registers a file named netdll32 to the following registry keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices]
If the Kazaa P2P network is accessible, the worm will copy itself to the network under the name: sex_xxx_teen_porn_teen_sex.jpg.exe
It will change the Internet Explorer home page.
Remove it with RegRun.
netip.exe
Remote Access / Steals passwords
Also has a function called ""Burn Monitor"". This option constantly resets the Screenresolution.
netminc.exe
Remote Access
netmins.exe
Remote Access
netmonitor.exe
Steals passwords / Remote Access / Downloading trojan
Tries to send information to IP address 202.103.106.189. A remote user is able to compress the files before downloading them.
nets131337.exe
Remote Access / Keylogger / ICQ trojan
netsphere_v130.exe
Remote Access / Keylogger / ICQ trojan
netsphere129.exe
Remote Access / Keylogger / ICQ trojan
netsphere132.exe
Remote Access / Keylogger / ICQ trojan
netsphereclient.exe
Remote Access / Keylogger / ICQ trojan
netsphereserver.exe
Remote Access / Keylogger / ICQ trojan
netspy.exe
Steals passwords / Remote Access / Downloading trojan
Tries to send information to IP address 202.103.106.189. A remote user is able to compress the files before downloading them.
netsrvr.exe
Remote Access / Keylogger
nettrash.exe
Remote Access
NetTrash can take up as much memory in RAM as choosen by the remote hacker.
netupdate.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.
netxvld.exe
Remote Access / ICQ trojan
Version 1.6 autoloads through changes in System.ini and Win.ini. 1.5 uses Registry and System.ini to autoload.
newclient.exe
Remote Access / ICQ trojan
Version 1.6 autoloads through changes in System.ini and Win.ini. 1.5 uses Registry and System.ini to autoload.
newicon1.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.
newicon2.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.
nirvanatrojanerclient.exe
Remote Access
nirvanatrojanerserver.exe
Remote Access
nm.exe
rojan program Troj/Trillian-B
Installed to Windows System (or System32) folder as nm.exe.
Added to the :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
foffice = nm.exe
Troj/Trillian-B searches the computer's files, registry and Microsoft Wallet for account
details relating to:
Dial-up accounts (Remote Access Services)
Edialer
Far
Total Commander
Icq
Trillian
Miranda
Becky
Outlook/Outlook Express
The Bat!
The Trojan then sends these details along with the computer's IP,
operating system and recent web browsing addresses to a preconfigured email address.
Remove from Windows startup by RegRun Startup Optimizer.
nmiopl.exe
Remote Access / Downloading trojan
The only "features" of this trojan are: - Read, Write, Run and Delete files on the PC - Get system information - Open and close the CD tray
noknok4.exe
Remote Access / IRC trojan
noknok5.exe
Remote Access / IRC trojan
noknok6.exe
Remote Access / IRC trojan
normal trojan.exe
Remote Access / Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.
normalserver.exe
Remote Access / Virus dropper / Virus
Virusserver actually binds to other .exe files by infecting them.
norton.exe
Remote hack 1.1 & 1.2 trojan
notepadx.exe
Virus / Hacking tool
Opens port 531 for communication. One of very few viruses with hacking capabilities. Notepad.exe is is given the new name Notepadx.exe and the virus take the old name. When installed, the virus notifyes its creator on one of four different IP addresses in New Zealand.
notpa.exe
Remote Access / ICQ trojan
novell_login.exe
Steals passwords
nozudyvn.exe
P2P.SpyBot virus.
Read more:
http://www.avp.ch/avpve/worms/p2p/spybot...
Remove it from startup by Start Control->Startup Optimizer.
nssx.exe
Remote Access / Keylogger / ICQ trojan
nstrue.exe
W32.Randex.Z is a network-aware worm that attempts to connect to a predetermined IRC server to receive instructions from its author.
Allows unauthorized execution of remote commands:
- ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these computers.
- cdkey: Collects CD keys of many popular games and sends them to the IRC channel.
- sysinfo: Retrieves the infected computer's information, such as CPU speed, memory, and so on.
Copies itself as the file, %System%\nstrue.exe.
Calculates a random IP address for a computer that it will try to infect.
Copies itself to shares that have weak passwords, as:
\\
\C$\WINNT\SYSTEM32\mqfncv.exe
Schedules a Network Job to run the worm.
Adds the value:
"Pofatch"="nstrue.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
that's why the worm runs when you start Windows.
Use RegRun Startup Optimizer to remove it from startup.
ntdll.exe
Backdoor.Bionet.404 is a variant of Backdoor.Bionet that allows unauthorized access to an infected computer.
The existence of the file ntdll.exe is an indication of a possible infection.
When installed it performs the following actions:
Moves itself to %System%\ntdll.exe.
Registers and runs as a process.
Adds the value:
"ntdll" = "ntdll.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Opens TCP port 15348 to listen for commands from the author of this Trojan.
Use RegRun Startup Optimizer to automatically remove it from startup.
ntsyst32.exe
W32/Sdbot-LT is a worm which spreads via network shares.
It searches for shared folders with weak passwords and copies itself to the Windows System folder of a vulnerable computer as ntsyst32.exe.
Also may drop a backup copy of itself into payload.dat
The worm includes backdoor functions which can be controlled by a remote attacker over IRC.
The infected computer can be used to perform any of the following functions:
- Proxy server (SOCKS4)
- FTP server
- SMTP server
- File system Manipulation
- Port scanner
- DDoS floods (TCP,UDP,SYN)
- Remote shell (RLOGIN)
Automatic Removal: Use RegRun Startup Optimizer to remove it from startup.
Copyright © 1998-2004 Greatis Software |
Privacy Policy
|
Recommend to a friend
