The Application Database suggests you which Windows startup programs are usefual and which are bad. The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer. www.startupapps.com

---

Purchase RegRun Suite Download RegRun Suite

Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > V

 

valentinecard.exe
vampire.exe
vbrun60.exe
vgb.exe
viagra.exe
vicevi_teza_odvala.txt.exe
video.exe
videodrv.exe
virusserver.exe
visualguard.exe
visualkillerclient.exe
visualkillerserver.exe
voicespy.exe
vpkiller.exe

valentinecard.exe

I-Worm.Valcard

This worm spreads via Internet as files attached to infected messages.
Sends infected messages to all address from MS Outlook Address Book.
Infected messages have the following characteristics:

Attachment: ValentineCard.exe
Header is one of the following strings:
Secret Admirer
Somebody Loves You
Romance from Afar
Love at first sight
...when sleepers wake and yet still dream...
Be Mine ?!
Yours Always
Happy Valentines
From Me To You
Thy eternal summer shall not fade
I can express no kinder sign of love, than this kind kiss
Poetry is an echo, asking a shadow to dance
O, beauty, till now I never knew thee!
Romantic gesture
Good night, sweet prince, and flights of angels sing thee to thy rest

Body is one of the following texts:
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

Febuary Feelings
It's that time of year again.
But I'm still only sedning a card to you.
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

Hi
I feel like a child sending you this card
but I just had to do it.
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

...and every breath I ever took,
every tear I ever wept,
Every star I wished upon,
Seemed nothing until now.
Happy Valentines
I hope you like the card I've attached,

In this life we cannot do great things.
We can only do small things with great love.
Happy Valentines
I hope you like the card I've attached,
even if you don't feel the same.

Copies itself as "ValentineCard.exe" and adds the value:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run 14th = %SystemDir%\ValentineCard.exe

The worm writes the flag into the registry
HKLM\Software\Microsoft\Windows\CurrentVersion Valentine = true
that mean the system was infected.

The worm code has a bug so it does the following:
Creates the file "C:\evil.jpg" with WAV content and opens it. But system not plays the WAV file.
If you will rename this file with WAV extension, you will hear: "Somebody loves you".

Worm also must open the window (but it's not) with the message:
I Love You !

On thursday worm reboots the Windows.
Remove this worm by RegRun Startup Optimizer.

vampire.exe

Worm / ICQ trojan
The source code is distributed in an exe file which is encrypted using Tripple DES and compressed using the packer SFX. The password = digital vampire. When it tries to send itself to other ICQ users it hides the file transfer window.

vbrun60.exe

Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

vgb.exe

Steals passwords / Trojan dropper / ICQ trojan
Drops the trojan The Thing 1.6.

viagra.exe

Remote Access

vicevi_teza_odvala.txt.exe

Worm / Mail trojan
The worm propagates by sending itself to all addresses in Outlook´s AddressBook.

video.exe

Worm / Destructive trojan / Mail trojan
The worm deletes several important system files the 16th of every month. It mails itself to 100 of the addresses in MS Outlook. Video is similar to the Passion and MyPics worms.

videodrv.exe

I-Worm.Mimail
Mimail is an internet worm spreading via infected emails. The worm uses a built in SMTP engine.
Infected messages has the following fields:
From: admin@%fake email address% where %fake email address% is different every time.
Subject: your account %rnd str% where %rnd str% is different every time.
Body:
Hello there, I would like to inform you about important information regarding your email address. This email address will be expiring.
Please read attachment for details.
---
Best regards, Administrator
---
Attach: message.zip with "message.html" file.
This HTML file drops the FOO.EXE file (worm copy) into the "Downloaded Program Files" directory and runs it.
(To do this action the worm exploits a vulnerability in Internet Explorer: allows a Java script in the HTML file to get access to disk files without any prompts.)
Worm copies itself to the Windows directory under the name "videodrv.exe" and registers this file in the system registry autorun key:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
VideoDriver = %WinDir%\videodrv.exe
The worm also creates the following files in the Windows directory:
exe.tmp - worm in HTML file
zip.tmp - worm's HTML file in ZIP archive (method "stored" - no compression).
eml.tmp - list of emails found on infected machine
(The worm uses its own ZIP file format supporting routine.)
Use RegRun Startup Optimizer to remove it from startup.

virusserver.exe

Remote Access / Virus dropper / Virus
Virusserver actually binds to other .exe files by infecting them.

visualguard.exe

I-Worm.NetSky.o
This worm spreads via the Internet as an attachment to infected messages.
The worm scans all disks for files with the email addresses and sends copies of itself to all email addresses harvested from these files.
The worm opens a group of several ports.
The port numbers are increased incrementally across the whole group every few seconds.

Manual removal:
Delete this key from the system registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] NetDy = <%windir%>\VisualGuard.exe

visualkillerclient.exe

Remote Access

visualkillerserver.exe

Remote Access

voicespy.exe

Remote Access / Eavesdropper

vpkiller.exe

Remote Access