kcd-clan Posted June 29, 2006 Share Posted June 29, 2006 (edited) What happens? It has a log of all safe products for windows Kills anything else running I know some of you say no that wont get rid of them. Ok well it wont but it will stop them. Its not the number one program but it is how iv done it for many years and have not had a virus or anything in a long as time. I sujgest windows xp for it. will do fine on others as well just not tested. Well i cant upload ANY of the files so u have to read the script. cause the global upload crap......... ProgressOn("Progress Meter", "Progess please do nothing while we run.", "0 percent") process() Func process() $list = ProcessList() For $i = 1 to $list[0][0] If $list[$i][0]<>"[System Process]" And $list[$i][0]<>"Autoit3.exe" And $list[$i][0]<>"spoolsv.exe" And $list[$i][0]<>"System" And $list[$i][0]<>"csrss.exe" And $list[$i][0]<>"svchost.exe" And $list[$i][0]<>"lsass.exe" And $list[$i][0]<>"services.exe" And $list[$i][0]<>"devldr32.exe" And $list[$i][0]<>"devldr32.exe" And $list[$i][0]<>"smss.exe" And $list[$i][0]<>"winlogon.exe" Then kill($list[$i][0]) EndIf ProgressSet( $i, $list[0][0]& " percent") Next Sleep(100) EndFunc Func kill($process) ProcessClose($process) EndFunc ProgressSet(100 , "Done", "Complete") Sleep(500) ProgressOff() Edited June 29, 2006 by kcd-clan Visit mEMy programs made.Iul - IulG-V Console - G-V Console_RandomLetter - _RandomLetter()Saftey Kill - Saftey Killcolorzone() = colorzone() Link to comment Share on other sites More sharing options...
w0uter Posted June 29, 2006 Share Posted June 29, 2006 (edited) what if you have a virus named svchost.exe ... Edited June 29, 2006 by w0uter My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll Link to comment Share on other sites More sharing options...
PartyPooper Posted June 29, 2006 Share Posted June 29, 2006 How about explorer.exe or do you run your computer without a shell? lol Link to comment Share on other sites More sharing options...
kcd-clan Posted June 29, 2006 Author Share Posted June 29, 2006 svchost.exe is not a virus its your network client.alot of virus protectors says it is but its not. IF you read and are using windows xp it willo reboot explorer. Visit mEMy programs made.Iul - IulG-V Console - G-V Console_RandomLetter - _RandomLetter()Saftey Kill - Saftey Killcolorzone() = colorzone() Link to comment Share on other sites More sharing options...
Don N Posted June 29, 2006 Share Posted June 29, 2006 In XP Pro at least, svchost.exe is used as a name for services that run from dll files....what w0uter was saying is that some viruses are released with the name svchost.exe in order to avoid simple process detection. Also, it might be easier to not kill the explorer.exe process and have it restarting all the time. Could make your windows session unstable. _____________________________________________________"some people live for the rules, I live for exceptions"Wallpaper Changer - Easily Change Your Windows Wallpaper Link to comment Share on other sites More sharing options...
w0uter Posted June 29, 2006 Share Posted June 29, 2006 http://www.symantec.com/avcenter/venc/data...lchia.worm.htmlhttp://www3.ca.com/securityadvisor/virusin...s.aspx?ID=35519http://securityresponse.symantec.com/avcen....assarm@mm.htmlif you dont belive that you are stupid. My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll Link to comment Share on other sites More sharing options...
PartyPooper Posted July 5, 2006 Share Posted July 5, 2006 It's wierd but you can manually kill the explorer process using the Windows Task Manager in XP and it won't respawn, however, if you kill it using a program other than the task manager it always seems to respawn. I'm sure there is a reg key somewhere to stop this behaviour. Link to comment Share on other sites More sharing options...
Reaper HGN Posted July 5, 2006 Share Posted July 5, 2006 My take on this is that you are trying to kill known bad processes, not specifically find and terminate a virus. I took this same aproach when I put together a "BadProcKiller". I originally wrote this in PERL. The intent was for PERL to kill the processes that I would normally manually scan the task manager for. I rewrote this in AutoIT (Cuz AutoIT is very cool). The program reads a known bad process list and will kill anything that is running that is on the list. Yes, this is very basic. No, this is not intended to be an endall cure for viruses. However, where it does help is with those pesky twin spyware/virus combos that keep an eye on each other and restart them when one goes down. I found I couldnt manually kill them fast enough. This program will kill them fast enough that neither can restart the other. Please be kind on my coding as this is one of the first programs I have coded in AutoIT. expandcollapse popup#include <GUIConstants.au3> #include <file.au3> #include <array.au3> $version = "2.0 beta" Dim $aryBadProcs Dim $arySysProcs Dim $aryKilledProcs[1] ; read in the bad processes list ; enumerate all running processes ; kill processes that are in both lists $Form1 = GUICreate("Bad Proc Killer", 325, 82, 283, 252) $Progress1 = GUICtrlCreateProgress(16, 8, 289, 17) GUICtrlSetColor(-1, 0x316AC5) $Button1 = GUICtrlCreateButton("Cancel", 256, 40, 49, 17) $Button2 = GUICtrlCreateButton("Kill", 200, 40, 49, 17) $Button3 = GUICtrlCreateButton("Log", 256, 60, 49, 17) $Label1 = GUICtrlCreateLabel("", 16, 40, 179, 17) $Checkbox1 = GUICtrlCreateCheckbox("reload",200,57) GUICtrlCreateLabel("ReaperWare v" & $version, 24, 64, 124, 14) GUICtrlSetFont(-1, 7, 400, 0, "Arial") GUICtrlSetColor(-1, 0x0000ff) $Pic1 = GUICtrlCreatePic("reaperware.gif", 7, 60, 15, 19) GUISetState(@SW_SHOW) ; Initialize display GUICtrlSetState($Button2,$GUI_DISABLE) ; Load the file $aryBadProcs = Read_Bad_Processes() While 1 $msg = GuiGetMsg() Select Case $msg = $GUI_EVENT_CLOSE ExitLoop Case $msg = $Button1 ExitLoop Case $msg = $Button2 #region - main decision loop if (guictrlread($Checkbox1) = 1) Then $aryBadProcs = Read_Bad_Processes() GUICtrlSetState($Checkbox1,$GUI_UNCHECKED) EndIf ;;debug("",GUICtrlRead($Checkbox1)) $arySysProcs = Read_System_Processes() $killcount=0 GUICtrlSetData($Progress1,0) GUICtrlSetData($Label1,"Scanning system for bad processes.") ; setup the progress bar increments $increment = 100 / $arySysProcs[0][0] $incrementcount = $increment for $i = 2 to $arySysProcs[0][0] for $j = 1 to $aryBadProcs[0][0] ;debug("compare","comparing" & $arySysProcs[$i][0] & "&" & $aryBadProcs[$j][0]) if ($arySysProcs[$i][0] = $aryBadProcs[$j][0]) Then ;MsgBox(0,"matching",$arySysProcs[$i][0] & $arySysProcs[$i][1] & "<>" &$aryBadProcs[$j][0]) if ProcessExists($arySysProcs[$i][1]) Then ProcessClose($arySysProcs[$i][1]) ;;debug("killed",$arySysProcs[$i][1] & $aryBadProcs[$j][1]& $aryBadProcs[$j][0]) ReDim $aryKilledProcs[$killcount+1] $aryKilledProcs[$killcount] = $aryBadProcs[$j][1] & "-" & $aryBadProcs[$j][0] $killcount = $killcount + 1 EndIf EndIf Next ;sleep(1) GUICtrlSetData($Progress1,$incrementcount) $incrementcount = $incrementcount + $increment Next GUICtrlSetData($Label1,$killcount & " harmful processes killed.") $icon = 1 if $killcount > 0 then $icon = 2 EndIf TrayTip("Killed",$killcount & " harmful processes killed.", 5, $icon) GUICtrlSetData($Button1,"Exit") ;sleep(1) GUICtrlSetData($Progress1,0) ;msgbox(0,"sys procs",$message) #region Case $msg = $Button3 ;debug("test",$aryKilledProcs[0]) _ArrayDisplay($aryKilledProcs,"Killed Processes") Case Else ;;;;;;; EndSelect WEnd Exit Func Read_Bad_Processes() Dim $aryfilelines Dim $line[2] GUICtrlSetData($Label1,"Loading data...") $filename = @ScriptDir & "\badproc.txt" $File = FileOpen($filename ,0) $linecount = _FileCountLines($filename) $linecount = $linecount + 1 ; did this because anything less than 100 doesnt fill the progress bar ;$barlimit = $linecount * 100 ;; ;MsgBox(0,"lines",$linecount) Dim $aryfilelines[$linecount][2] $aryfilelines[0][0] = $linecount -1 ; setup total so that it is a divisor of 100 ; this provides even increments to fill the progress bar $increment = 100/($linecount-1) $incrementcount = $increment for $i = 1 to $linecount -1 ;$line = FileReadLine($File) ;If @error = -1 Then ExitLoop ;MsgBox(0, "Char read:", $line) $line = StringSplit(FileReadLine($File),",") ;if(StringLeft($line,1) = "#") then ; debug("comment","") ;EndIf $aryfilelines[$i][0] = $line[1] $aryfilelines[$i][1] = $line[2] ;debug("line",$line) ;debug("line1",$line[1]) ;debug("line2",$line[2]) sleep(1) GUICtrlSetData($Progress1,$incrementcount) $incrementcount = $incrementcount + $increment next FileClose($file) GUICtrlSetData($Label1,$linecount-1 & " bad proc profiles loaded.") GUICtrlSetState($Button2,$GUI_ENABLE) GUICtrlSetData($Progress1,0) ;_ArrayDisplay($aryfilelines,"bad procs") ;debug("badproc",$aryfilelines[1][0]) ;debug("badproc",$aryfilelines[2][0]) Return $aryfilelines EndFunc Func Read_System_Processes() $list = ProcessList() Return $list EndFunc Func Debug($title,$message) MsgBox(0,$title,$message) EndFunc #region - Comments ; v2.0 03-17-2006 Initial build incorporated all features of PERL version ; as well as added GUI, progress bar and tray tip. ; Added functionality to reload data file. ; v2.1 Plan to have Internet logging and update (for customer use) ; Logging will upload unknown processes for investigation. Perhaps include checkbox #region The list of bad processes was actually ripped from one of those spyware sites on the Internet somewhere (I forget where now). Here is the list I use if you want to see. Its just a comma separated list (name, description). The last line has notepad.exe for a test. remove that if you really want to use the list. expandcollapse popup180ax.exe,180ax.exe is registered as the TROJ.ISTZONE.H downloader a.exe,a.exe is registered as the W32.Ahlem.A@mm worm which is transmitted via e-mail actalert.exe,actalert.exe is an advertising program adaware.exe,adaware.exe is a variant of the RapidBlaster parasite. The parasite copies itself to new directories to spread Alchem.exe,Alchem.exe is an advertising program by ClickAlchemy.com alevir.exe,alevir.exe is a security threat which spreads itself across networks via network shares aqadcup.exe,aqadcup.exe is a process which is registered as the Backdoor.Agent.bg worm arr.exe,arr.exe is a process which attempts to dial a high cost telephone number in order to access pornographic material for the user ARUpdate.exe,ARUpdate.exe is a spyware from Adroar asm.exe,asm.exe is an advertising program by Gator av.exe,av.exe is a process which is registered as the W32/Alphx.worm.a virus. This virus changes your start-page for Internet explorer avserve.exe,avserve.exe is a process which is registered as the W32/Sasser.a virus. It takes advantage of the Windows LSASS vulnerability which creates a buffer overflow and instigates your computer to shut down avserve2.exe,avserve2.exe is a process which is registered as the TROJ_SUA.A virus. It takes advantage of the Windows LSASS vulnerability which creates a buffer overflow and instigates your computer to shut down backWeb.exe,backWeb.exe is an adware by Backweb Technologies which offers news and entertainment services in exchange for personal usage information regarding the PC being sent back to BackWeb's servers for analysis bargains.exe,bargains.exe is a spyware which generates pop-up advertisements and analyses your computer usage for analysis by Exact Advertising #basfipm.exe,basfipm.exe is a process which is installed alongside Broadcom communications hardware belt.exe,searchv.com is an advertising program by searchv.com. This process monitors your browsing habits and distributes the data back to the author's servers for analysis Biprep.exe,Biprep.exe is an advertising program by Gator blss.exe,blss.exe is a the CBlaster Trojan/dialer/downloader bokja.exe,bokja.exe is an advertising program by SecondThought bootconf.exe,bootconf.exe a process hijacking your default internet homepage redirecting to a advertisment website bpc.exe,bpc.exe a spyware i process included in common application such as Grokster brasil.exe,brasil.exe is process added to the system as a result of the OPASERV.E virus BRIDGE.DLL,BRIDGE.DLL is a module installed by Flingstone Bridge SpyWare BUGSFIX.EXE,BUGSFIX.EXE is registered as the Loveletter Virus which is distributed via e-mail and attempts to install itself with the view of e-miling to other persons in the local addrses book bundle.exe,bundle.exe is a process downloading and displaying advertisments from an online location bvt.exe,bvt.exe is a malicious worm which copies itself across the network via your pc. The Backdoor.Autoupder virus should be removed immediatly from your computer cashback.exe,cashback.exe is an advertising program cmd32.exe,cmd32.exe is added to the system as a result of the P2P.TANKED virus cmesys.exe,cmesys.exe is an AdWare by Thiefware.com, from the Gator variant.this Adware pops up advertisements as well as analyses computer usage conime.exe,conime.exe is a process which is registered as the BFGhost 1.0 Remote administration backdoor tool. This backdoor application can allow attackers to access your computer stealing passwords and personal data conscorr.exe,consol32.exe is registered as the TrojanDownloader.Win32.Stubby.c downloader. This process usually comes bundled with a virus and its main role is to do nothing other than download other viruses to your computer datemanager.exe,datemanager.exe is a process installed via the Internet through a consenting pop-up screen from Gator Corp dcomx.exe,dcomx.exe is registered as the CIREBOT virus and should be removed immediatly directs.exe,directs.exe is a process which is registered as the W32/Bagle.t@MM worm. This worm attempts to install itself on your comupter and gather e-mail addresses for re-distribution divx.exe,divx.exe is documented as being of the MASTAK virus dllreg.exe,dllreg.exe is registered as the Dumaru.c Virus. This virus searches the hard disk drive looking for files dmserver.exe,dmserver.exe is an advertising program by Gator dpi.exe,dpi.exe is an advertising program by The DelFin Project dssagent.exe,dssagent.exe is a process authored by Broderbund and is spyware dvdkeyauth.exe,dvdkeyauth.exe is an adult dialer application. This application will try to disconnect your current connection and call an expensive toll number emsw.exe,emsw.exe is a spyware from Alset Inc and is also known as "HelpExpress" exdl.exe,exdl.exe is an advertising program by CashBackBuddy.com exec.exe,exec.exe is a part of the Death Zone Remote Administration Tool which allows an attacker to take control of your desktop explore.exe,explore.exe is added to the system as a result of the GRAYBIRD.G virus explored.exe,explored.exe is a process which is registered as the W32/Nexiv.worm. This backdoor virus allows attackers to access your computer stealing passwords and personal data Fash.exe,Fash.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of its authors sponsors fntldr.exe,fntldr.exe is an advertising program by Gator fsg_4104.exe,fsg_4104.exe is a spyware installed with common application such as the file sharing software iMesh FVProtect.exe,FVProtect.exe is a process which is registered as the W32/Netsky-P worm game.exe,Game.exe is a process which is registered as the W32.Gaze@mm worm gator.exe,gator.exe is an advertising program by Gator gmt.exe,gmt.exe is an Adware installed via a consenting pop-up in Internet Explorer goidr.exe,goidr.exe is an advertising program by Gator hbinst.exe,hbinst.exe is an advertising program by Hotbar.com hbsrv.exe,hbsrv.exe is an advertising program by hbsrv.exe hxdl.exe,hxdl.exe is an advertising program by Gator hxiul.exe,hxiul.exe is apart of the HelpExpress adware program by Alset inc iedll.exe,iedll.exe is a process that hijacks the browser default home page and redirects you and advertisment webpage iedriver.exe,iedriver.exe is a process associated with common peer-to-peer file sharing software IEHost.EXE,IEHost.EXE is an advertising program iexplorer.exe,iexplorer.exe is the executable for a virus that is a variant of the RapidBlaster parasite that downloads and displays advertising from an Internet location infus.exe,infus.exe is a background process that disconnects you from your current internet connection and then tries to call a tool number with a high minute rate infwin.exe,infwin.exe is a variant of Msview parasite. It monitors your web usage and displays targeted popups intdel.exe,intdel.exe is an adware application that displays adverts to users using popups isass.exe,isass.exe is registered as the Optix.Pro virus which carries in it's payload. the ability to disable firewalls and local security protections and a backdoor capability istsvc.exe,istsvc.exe is an advertising program by Integrated Search Technologies jawa32.exe,jawa32.exe is a process which is registered as the Backdoor.Agent.bg worm jdbgmrg.exe,jdbgmrg.exe is registered as the TROJ_DASMIN.B virus kazza.exe,kazza.exe is a virus possibly of the OPTIXPRO.12.C. / Backdoor.OptixPro.12.c type keenvalue.exe,keenvalue.exe is an advertising program by Gator kernel32.exe,kernel32.exe is a Floodnet virus and attempts to send e-mails to everyone using Outlook aliases lass.exe,lass.exe is a process which is registered as the Troj.Bdoor.AKM Trojan launcher.exe,launcher.exe is an advertising program by Intercort Systems loader.exe,loader.exe is a virus which changes the victims homepage to coollllwebsearch.com and changes personalised settings on your computer lssas.exe,lssas.exe is a process which is registered as the W32.AGOBOT.RL Trojan mapisvc32.exe,mapisvc32.exe is registered as the KX virus mario.exe,mario.exe is a process which is registered as the trojan.mario md.exe,md.exe is a virus which changes your homepage and redirects you to a pornographic website mfin32.exe,mfin32.exe is an advertising program mmod.exe,mmod.exe is a spyware application often installed with common applications such as the popular iMesh and KaZaA file-sharing programs mostat.exe,mostat.exe is a spyware process which gathers computer usage information msapp.exe,msapp.exe is added to the system as a result of the RSBOT virus msbb.exe,msbb.exe is an advertising program by 180 Solutions msblast.exe,msblast.exe is the process for the MSBlast Internet worm that uses a vulnerability in DCOM/RPC (port 135) to infect 2000/XP systems mscache.exe,mscache.exe is an advertising program by Integrated Search Technologies msccn32.exe,msccn32.exe is added to the system as a result of Win32.Sobig.B@mm (Palyh) virus. It is a mass mailer virus and spreads using email applications mscman.exe,mscman.exe is an advertising program by Odysseus Marketing msdm.exe,msdm.exe is registered as the MULDROP.352 virus msgfix.exe,msgfix.exe is a process which is registered as the W32.Gaobot.SN Trojan msiexec16.exe,msiexec16.exe is registered as the Troj/OptixP-13 Trojan msinfo.exe,msinfo.exe is an advertising program by Gator mslagent.exe,mslagent.exe is an advertising program mslaugh.exe,mslaugh.exe is added to the system as a result of as a result of the BLASTER.E WORM msmc.exe,msmc.exe is a process which is registered as the Win32.Small.i Trojan msmgt.exe,msmgt.exe is an advertising program by Total Velocity msmsgri32.exe,msmsgri32.exe is a process which is registered as the RANDEX.D virus MSN.exe,MSN.exe is a process which is registered as the W32.Flita Trojan msrexe.exe,msrexe.exe is added to the system as a result of an ICQ Trojan that alters Win.ini and System.ini mssvc32.exe,mssvc32.exe is a process which is registered as the W32/Gaobot.WU Trojan mssys.exe,mssys.exe is a process which is registered as the MYSS.B virus msvxd.exe,Msvxd.exe is the executable process of the W32/Datom-A virus mwsoemon.exe,mwsoemon.exe is an advertising program by MyWebSearch mwsvm.exe,mwsvm.exe is an advertising program netd32.exe,netd32.exe is added to the system as a result of the RANDEX.F virus nls.exe,nls.exe is an advertising program by Webrebates nssys32.exe,nssys32.exe is added to the system as a result of an unidentified virus nstask32.exe,nstask32.exe is added to the system as a result of the RANDEX.E virus nsupdate.exe,nsupdate.exe is an automatic redialer sowftare omniscient.exe,omniscient.exe is a process belonging to the Search Assistant adware onsrvr.exe,onsrvr.exe is an advertising program by OnWebMedia P2P Networking.exe,P2P Networking.exe is an advertising program by Joltid pcsvc.exe,PCSvc.exe is an advertising program by The Delfin Project pgmonitr.exe,pgmonitr.exe is an adware usually installed by Kazaa PIB.exe,PIB.exe is an advertising program powerscan.exe,powerscan.exe is an advertising program by Integrated Search Technologies prizesurfer.exe,prizesurfer.exe is an advertising program by Prizesurfer prmt.exe,prmt.exe is an advertising program by OpiStat prmvr.exe,prmvr.exe is an advertising program by Adtomi ray.exe,ray.exe is a process that hijacks the browser default home page and re-directs it to adult content web sites rb32.exe,rb32.exe is variant of the RapidBlaster parasite. It adds itself to the Windows start-up and is running in the background rcsync.exe,rcsync.exe is a process related to the PrizeSurfer application run32dll.exe,run32dll.exe is a part of the PAL PC Spy application. It is a key recorder and screen capture utility that monitors everything that happens on your computer #rundll.exe,rundll.exe can also be the LOXOSCAM virus depending on Operating System and file path; this is always a virus on Windows XP and 2000 operating systems rundll16.exe,rundll16.exe is added to the system as a result of the Sdbot.F virus ruxdll32.exe,ruxdll32.exe is added to the system as a result of the MAPSON.D virus saap.exe,saap.exe is an advertising program by 180 Solutions sahagent.exe,sahagent.exe is a SpyWare from ShopAtHomeSelect.com sais.exe,sais.exe is an advertising program by 180 solutions Spyware save.exe,save.exe is an advertising program by WhenU.com savenow.exe,savenow.exe is an application from WhenU company which offers coupons during your Internet experience sc.exe,sc.exe is an advertising program by Rhombus scam32.exe,scam32.exe is a process which is registered as the SIRCAM virus scrsvr.exe,scrsvr.exe is a process which is registered as the OPASERV virus scvhost.exe,scvhost.exe is a process which is registered as the W32/Agobot-S virus SearchUpgrader.exe,SearchUpgrader.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of its authors sponsors service.exe,service.exe is a process which is registered as the Worm.Win32.Raleka virus showbehind.exe,showbehind.exe is an advertising program by MicroSmarts Enterprise soap.exe,soap.exe is an executable belonging to the System Soap Pro Internet cleaning software spoler.exe,spoler.exe is a process which is registered as the RANDEX.J virus start.exe,start.exe is an advertising program by Secret-Crush stcloader.exe,stcloader.exe is a part of the 2nd-Thought spyware support.exe,support.exe is a process which is registered as the W32.Akosw@mm virus svc.exe,svc.exe is an advertising SpyWare svchosts.exe,svchosts.exe is a process which is registered as the Troj/Sdbot-N Trojan svshost.exe,svshost.exe is a process which is registered as the Worm.P2P.Spybot.gen virus #system.exe, system32.exe,system32.exe is a process which is registered as the TROJ_SUA.A Trojan tb_setup.exe,tb_setup.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of its authors sponsors teekids.exe,teekids.exe is added to the system as a relut of the Lovesan worm trickler.exe,trickler.exe is a part of the Gator Advertising and Informational Network (GAIN) tsadbot.exe,tsadbot.exe is the executable for an adware application that is known to reduce the performance of your Internet connection Tvm.exe,Tvm.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of its authors sponsors tvmd.exe,tvmd.exe is a process is process that are delivered with common applications. It is installed automatically and is clasified as a spyware tvtmd.exe,tvtmd.exe is a process that is installed with common applications and is classified as a spyware update.exe,update.exe is a process related to numerous of different adwares and security threats updmgr.exe,updmgr.exe is an advertising program by eUniverse.com ViewMgr.exe,ViewMgr.exe is an advertising program by Viewpoint VVSN.exe,VVSN.exe is an advertising program by WhenU wast.exe,wast.exe is an advertising program by Wast web.exe,web.exe is a process which is registered as the W32.Gokar.A@mm worm webdav.exe,webdav.exe is an trojan used to gain access of a targeted system webrebates.exe,webrebates.exe is an advertising program webrebates0.exe,webrebates0.exe is an advertising program win-bugsfix.exe,win-bugsfix.exe is added to the system as a result of the LOVELETTER (I Love You) virus win_upd2.exe,win_upd2.exe is a process which is registered as the Trojan.BAGLE.AC Trojan win32.exe,win32.exe is added to the system as a result of the RATEGA virus. It is a Trojan horse give a remote user access to your computer win32us.exe,win32us.exe is a process belonging to an adult content dialer application that automatically tries to disconnect you internet connection and then dial a toll number winactive.exe,winactive.exe is a homepage hijacker process the changes your default homepage to a new homepage that displays advertisements winad.exe,winad.exe is an advertising program WinAdTools.exe,WinAdTools.exe is a free ad delivery software which provides targeted advertising offers WINdirect.exe,WINdirect.exe is a process which is registered as the Trojan.BAGLE.AC Trojan windows.exe,windows.exe is added to the system as a result of W32.HLLW.Nulut WORM wingo.exe,wingo.exe is a process which is registered as the W32/Bagle.bd@MM worm wininetd.exe,wininetd.exe is added to the system as a result of the WINET virus wininit.exe,wininit.exe is added to the system as a result of the WOLLF.16 virus winlock.exe,winlock.exe is registered as the downloader Trojan WinCommX winlogin.exe,winlogin.exe is added to the system as a result of the RANDEX.E virus winmain.exe,winmain.exe is a process associated with the HTASploit.winmain trojan winnet.exe,Winnet.exe is an add-on for the Internet Explorer allowing you to search for sites related to a specific keyword winppr32.exe,winppr32.exe is a process which is registered as the system.W32.Sobig.F Virus WinRatchet.exe,WinRatchet.exe is a free ad delivery software which provides targeted advertising offers winservn.exe,winservn.exe by ClickSpring s an advertising SpyWare winssk32.exe,winssk32.exe is a process which is registered as the system.W32.Sobig.E winstart.exe,winstart.exe is an application from iGetNet winstart001.exe,WinStart001.exe is and add-on for Internet Exploring allowing you to find sites related to a specific keyword Wintime.exe,Wintime.exe is a virus which downloads other viruses wintsk32.exe,wintsk32.exe is added to the system as a result of the YAHA.U virus winupdate.exe,winupdate.exe is added to the system as a result of the RADO virus winxp.exe,winxp.exe is a process which is registered as the W32.Beagle.AG@mm wmon32.exe,wmon32.exe is a process which is registered as the W32.Agobot-IT Trojan wnad.exe,wnad.exe is an advertising program by Twistedhumor.com wo.exe,wo.exe is ana application from Ezula which adds an extra button onto your Explorer bar for searching wovax.exe,wovax.exe is a process which is registered as the Win32.Daqa.A Trojan wsup.exe,wsup.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of its authors sponsors WToolsA.exe,WToolsA.exe is a hijacker which means it will intermittently change your Internet Explorer settings / Desktop to the link of its authors sponsors wtoolss.exe,wtoolss.exe is registered as the Adware wuamgrd.exe,wuamgrd.exe is a process which is registered as the WORM_AGOBOT.GY Trojan wupdate.exe,wupdate.exe is an advertising program by Wengs wupdater.exe,wupdater.exe is a process which is registered as the TrojanDownloader wupdmgr.exe,wupdmgr.exe is a process which is registered as the WORM_SPYBOT.B Trojan wupdt.exe,wupdt.exe is added to the system as a result of the IMISERV virus. It is a backdoor Trojan used to control a target computer from a remote location y.exe,y.exe is a process which is registered as the w32.small Trojan notepad.exe,notepad bad bad bad <-- this is a test Link to comment Share on other sites More sharing options...
Reaper HGN Posted July 5, 2006 Share Posted July 5, 2006 It's wierd but you can manually kill the explorer process using the Windows Task Manager in XP and it won't respawn, however, if you kill it using a program other than the task manager it always seems to respawn. I'm sure there is a reg key somewhere to stop this behaviour.BTW PartyPooper, I think the reason here is because Explorer thinks it has crashed when it gets killed outside of task manager. When Explorer crashes, it restarts itself. If it is shutdown/killed from the task manager, it doesnt do that. If you could figure out a way to stop the process in a "kind" way, it may not think it crashed, and therefore wouldnt restart. Link to comment Share on other sites More sharing options...
WTS Posted July 5, 2006 Share Posted July 5, 2006 I think he was going for a more "proactive" approach hints the whitelisting of system critical processes.. rather than relying on blacklists.. but the code you posted is pretty good! Link to comment Share on other sites More sharing options...
Reaper HGN Posted July 6, 2006 Share Posted July 6, 2006 I think he was going for a more "proactive" approach hints the whitelisting of system critical processes.. rather than relying on blacklists.. but the code you posted is pretty good!I guess I missed that. That seems like it would really lock a system down in terms of adding software. My take on that is that a simple install would be quashed simply because the installer process would be killed. I guess that would work, but it doesnt make the system too flexible. I think Ill run the risk. Link to comment Share on other sites More sharing options...
cppman Posted July 10, 2006 Share Posted July 10, 2006 What if someone binded the virus to explorer.exe? lol... another thing.. viruses tend to start another process when one is closed.. u might want to close all applications in a constant LOOP. Miva OS Project Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now