Selected viruses, spyware, and other threats: sorted alphabetically
Short description
Win32/TrojanDownloader.Perkesh.A is a trojan which tries to download other malware from the Internet. The trojan terminates various security related applications. The file is run-time compressed using UPX . Installation
When executed, the trojan creates the following files: - %temp%\dll%random1%.dll (25600 B)
- %system%\%random2%.dll (25600 B)
- %system%\winavproc.dll (3584 B)
- %system%\drivers\NsDnldr3.sys (3056 B)
- %system%\drivers\NsPass0.sys (8256 B)
- %temp%\dll%random1%.dll (25600 B)
- %system%\%random2%.dll (25600 B)
- %system%\winavproc.dll (3584 B)
- %system%\drivers\NsDnldr3.sys (3056 B)
- %system%\drivers\NsPass0.sys (8256 B)
- %system%\drivers\NsPass1.sys (8256 B)
- %system%\drivers\NsPass2.sys (8256 B)
- %system%\drivers\NsPass3.sys (8256 B)
- %system%\drivers\NsPass4.sys (8256 B)
The trojan registers itself as a system service using the following name:
- Microsoft Kernel %variable% Service
Installs the following system drivers (path, name):
- %system%\drivers\NsDnldr3.sys (my260)
- %system%\drivers\NsPass0.sys (mymydk00)
- %system%\drivers\NsPass1.sys (mymydk01)
- %system%\drivers\NsPass2.sys (mymydk02)
- %system%\drivers\NsPass3.sys (mymydk03)
- %system%\drivers\NsPass4.sys (mymydk04)
The following Registry entries are created:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360safe.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360safebox.exe]
"Debugger" = "svchost.exe"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360safe.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360safebox.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\360tray.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ACKWIN32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\anti.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ANTI-TROJAN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\antivir.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\atrack.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ATRACK.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AUTODOWN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AVCONSOL.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AVE32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AVGCTRL.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avk.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AVKSERV.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AVSCHED32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avsynmgr.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\AVWIN95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\avxonsol.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\BLACKD.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\BLACKICE.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CCenter.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CFIADMIN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CFIAUDIT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CFIND.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\cfinet.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\cfinet32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CLAW95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CLAW95CT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CLEANER.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\CLEANER3.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\DAVPFW.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\dbg.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\debu.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\DV95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\DV95_O.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\DVP95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ECENGINE.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\EFINET32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ESAFE.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\egui.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ekrn.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ESPWATCH.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\explorewclass.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\F-AGNT95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\FINDVIRU.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\fir.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\F-PROT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\f-prot95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\fp-win.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\FP-WIN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\FRW.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\f-stopw.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\F-STOPW.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\IAMAPP.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\IAMAPP.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\IAMSERV.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\IBMASN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\IBMAVSP.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ice.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\IceSword.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ICLOAD95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ICLOADNT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ICMOON.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ICSSUPPNT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\iom.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\iomon98.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\JED.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\Kabackreport.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\Kasmain.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kav32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kavstart.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kissvc.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\knownsvr.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\KPFW32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kpfw32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kpfwsvc.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\KPPMain.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\KRF.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\KVMonXP.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\KVPreScan.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\kwatch.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\lamapp.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\lockdown2000.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\LOOKOUT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\luall.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\LUCOMSERVER.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mcafee.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\microsoft.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\mon.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\moniker.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\MOOLIVE.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\MPFTRAY.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ms.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\N32ACAN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navapsvc.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navapw32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NAVLU32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NAVNT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navrunr.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NAVSCHED.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NAVW.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NAVW32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\navwnt.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NAVWNT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nisserv.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\nisum.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NMAIN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NORMIST.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\norton.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NUPGRADE.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\NVC95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\OUTPOST.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PADMIN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PAVCL.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pcc.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PCCClient.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pcciomon.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pccmain.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pccwin98.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PCFWALLICON.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PERSFW.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\PpPpWallRun.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\program.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\prot.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\pview95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ras.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\Rav.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RAV7.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rav7win.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rsnetsvr.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RsTray.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RSTray.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RsMain.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RavMon.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RavMonD.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RavStub.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\RavTask.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\regedit.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rescue32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\Rfw.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\rn.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\safeboxTray.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\safeweb.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\scam32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\scan.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SCAN32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SCANPM.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\ScanFrm.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\scon.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SCRSCAN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\secu.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SERV95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\sirc32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SMC.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\smtpsvc.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SPHINX.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\spy.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\sreng.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SuperKiller.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\SWEEP95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\symproxysvc.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\TBSCAN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\TCA.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\TDS2-98.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\TDS2-NT.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\Tmntsrv.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\TMOAgent.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\tmproxy.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\tmupdito.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\TSC.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\UlibCfg.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vavrunr.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\VET95.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\VETTRAY.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vir.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\VPC32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\VSECOMR.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vshwin32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\VSHWIN32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\VSSCAN40]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\vsstat.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\WEBSCAN.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\WEBSCANX.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\webtrap.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\WFINDV32.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File Execution Options\wink.exe]
"Debugger" = "svchost.exe" - [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Image File
Quick Links: Store | Renew | Activate Software | Free Trial | Online Scanner | ESET vs. Competition | Press Center | Blog | Threat Center | Support
All Products:
