The Application Database suggests you which Windows startup programs are usefual and which are bad. The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer. www.startupapps.com

---

Purchase RegRun Suite Download RegRun Suite

Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > T

 

tamagotxi.exe
tapi32.exe
tapiras.exe
task_bar.exe
task_bar[1.2].exe
task_bar[1.3].exe
tasker.exe
taskman.exe
tasknet.exe
tclient.exe
tconf.exe
tconfig.exe
tcp.exe
tcpload.exe
tcpproxy.exe
tcv.exe
teekids.exe
teleclient.exe
teleserv.exe
telnet.bat
telnet23.exe
temp#01.exe
temp$01.exe
temp$1.exe
temp.exe
tempinetboost.exe
tesk.exe
th3tr41t0r.exe
theobbq.exe
thespy.exe
thing.exe
tiles.exe
tinurak.exe
tloader1.exe
tloader2.exe
tloader3.exe
tmp.ini
tnsrv.exe
tour98.exe
trance.exe
transscout.exe
trjp.exe
trojan.exe
trojanhrs.exe
trojspirit2001.exe
tryit.exe
ts5602.exe
tskmngr.exe
tsserv.exe
tutgvcn.exe
twink64.exe

tamagotxi.exe

Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)

tapi32.exe

Name: Shorm
Worm / Steals passwords / Network trojan
Propagates to all shared discs. Autostarts using Windows Startup directory. Passwords and users names are mailed to two addresses in Russia. The .exe file is compressed using ASPack. It connects to a Web page in Russia, both to receive IP addresses to scan and to update itself.

tapiras.exe

Steals passwords

task_bar.exe

Remote Access / FTP Server

task_bar[1.2].exe

Remote Access / FTP Server

task_bar[1.3].exe

Remote Access / FTP Server

tasker.exe

W32.Mydoom.R@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer.
The email contains a spoofed From address. The subject and message body vary, and the attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip extension.
May also attempt to open a back door on port 5422 and allow a remote attacker to have unauthorized access to the infected system.
This would allow a remote attacker to download and execute remote files.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Task"="%System%\tasker.exe"
Then, navigate to the key: HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32
and delete the value: "(Default)"="%System%\Nemog.dll"
At last, navigate to and delete the keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version

taskman.exe

W32/Rbot-IG is a worm which attempts to spread to remote network shares.
The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
This worm spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

It copies itself to the Windows system folder as TASKMAN.EXE and creates entries in the registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Task Manager = taskman.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Task Manager = taskman.exe

Automatic removal: Use RegRun Startup Optimizer.

tasknet.exe

Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

tclient.exe

Remote Access

tconf.exe

Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

tconfig.exe

Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

tcp.exe

Remote Access
Disguised as a TCP/IP booster.

tcpload.exe

Remote Access / Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.

tcpproxy.exe

Remote Access / Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.

tcv.exe

Remote Access / ICQ trojan
Sockets des Troie is French for Trojan Sockets and was one of the very first Remote Access trojans being published.

teekids.exe

Lovesan worm.
This worm scans several IP networks (randomly choosen) to get access to port 135 (COM).
The worm sends a buffer-overrun request to vulnerable computers. The newly infected machine then initiates the command shell on TCP port 4444.
Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected.
Removal:
remove it from startup by RegRun Startup Optimizer.

teleclient.exe

Remote Access

teleserv.exe

Remote Access

telnet.bat

Backdoor.IRC.Aladinz.R is a backdoor server that allows a remote attacker to obtain access to your computer.
The backdoor server uses an mIRC client and client scripts to communicate with a remote attacker.
It also creates a FTP server.

Creates the following folder: %System%\CatRoot.
Creates some files in the CatRoot folder, such as: update.bat; ServUDaemon.exe; dcom.reg; patch.reg; tar.exe etc.
Connects to a remote IRC server and waits for commands.
Listens on TCP ports 3422 and 43958.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Microsoft Office"="%system%\telnet.bat"
Delete the following keys:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Security
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SystemManagementys2

telnet23.exe

Steals passwords
At first Ring0 came as an attached file to Winsock Version Checker. When itīs active and the computer is connected to the Internet, the trojan searches for proxyservers and tries to send the collected information to an FTP server in Russia.

temp#01.exe

Steals passwords / Trojan dropper / ICQ trojan
Drops the trojan The Thing 1.6.

temp$01.exe

Steals passwords / Trojan dropper / ICQ trojan
Drops the trojan The Thing 1.6.

temp$1.exe

Steals passwords

temp.exe

Remote Access / Destructive trojan / Virus dropper
It copies itself to c:\recycled to avoid detection by some antivirus programs.

tempinetboost.exe

Remote Access / Downloading trojan

tesk.exe

Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

th3tr41t0r.exe

Worm / IRC trojan

theobbq.exe

Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

thespy.exe

Keylogger
Logs all keys typed on the server computer

thing.exe

Remote Access / ICQ trojan
Version 1.6 autoloads through changes in System.ini and Win.ini. 1.5 uses Registry and System.ini to autoload.

tiles.exe

Remote Access / Trojan dropper
Alters Win.ini and System.ini. A game hiding and dropping the SubSeven 2.0 server.

tinurak.exe

Remote Access

tloader1.exe

Steals passwords

tloader2.exe

Steals passwords

tloader3.exe

Steals passwords

tmp.ini

Opaserv dangerous trojan. Alters registry Run and win.ini under Windows 9X.
Kill it!

tnsrv.exe

Steals passwords / Remote Access
Steals all cached passwords.

tour98.exe

Remote Access
Modified Acid Shiver Server.

trance.exe

Shadow Phyre
Remote Access / IRC trojan

transscout.exe

Remote Access / Steals passwords / Keylogger

trjp.exe

Remote Access

trojan.exe

Senna Spy Trojan Generator
Trojan constructor / Remote Access
Has the ability to kill Firewall and Antivirus software from Memory.

trojanhrs.exe

Remote Access

trojspirit2001.exe

Remote Access / Steals passwords
Also has a function called ""Burn Monitor"". This option constantly resets the Screenresolution.

tryit.exe

Worm / Mail trojan
Alters Win.ini. The worm is encrypted. It propagates to users who earlier has mailed the user of the infected computer.

ts5602.exe

Keylogger / Remote Access

tskmngr.exe

Remote Access

tsserv.exe

For years you have been able to test your virus scanner with the harmless "Eicar" test file.
Using the just released "Trojan Simulator" you can now test your trojan scanner in the same
manner, using a harmless demonstration trojan. This is a risk-free way to see how your security
software behaves in a real-world situation.

More info - http://www.trojanhunter.com/trojansimula...

tutgvcn.exe

Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.

twink64.exe

Troj/Dloader-BW.
Attempts to download and execute EXE files from remote websites to the Windows system folder as intron.exe, ir.exe, lpt.exe and usb.exe.
Copies itself to the Windows system folder as twink64.exe and creates the following registry entry to run itself on system logon:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ControlPanel = \twink64.exe internat.dll,LoadKeyboardProfile

Use RegRun Startup Optimizer to automatically remove it from startup.