Windows Startup Programs database
Startup Programs - Dangerous - O
Home
Features
On-line Guide
Help On-line
Screenshots
Order
Download
Localization
Awards
Support
NI Forum
Mickey Forum
Greatis Forum
Startup Programs
Application Database
Hot!
Download:
RegRun 4.0 beta 2
What's new?
Greatis Home
Subscribe:
The Application Database
suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is
RegRun Startup Optimizer
.
www.startupapps.com
Purchase RegRun Suite
Download RegRun Suite
Search Database for:
RegRun
>
Greatis Startup Application Database
> Dangerous >
O
odbc.exe
odjiwjf.exe
olemon32.exe
oleproc.exe
onz.exe
optimize.exe
opwinclient.exe
orcmw.exe
otcxxh.exe
otms.exe
oxiioifr.exe
oxney.vbs
odbc.exe
Telecommando trojan
odjiwjf.exe
W32/Rbot-DN
It is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
Copies itself to the Windows System32 folder as ODJIWJF.EXE
Manual removal:
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
and remove any reference to ODJIWJF.EXE.
olemon32.exe
Remote Access / FTP server / CQ trojan
InCommand can bind (join or wrap) its server to any other .exe file, and can also add extra legth to it to avoid searches on specific file length. It uses selfinstalling plug-ins to add features to the trojan and can thousands of icons stored inside the EditServer file.
oleproc.exe
Remote Access / Novell NetWare trojan
Donald Dick looks like Donald Duck as a fat and smoking decadent Soviet Spetsnaz soldier.
onz.exe
Remote Access / ActiveX trojan / Downloading trojan / Worm / Mail trojan / IRC trojan / Virus / Network trojan
By just viewing a HTML file or reading a mail a trojan can be downloaded to the users computer. As of now it installs The Thing 1.6 server. Spreads through MS Outlook, shared drives and IRC.
optimize.exe
Spyware
Changes browser home page.
http://www.2-spyware.com/remove-internet...
Remove it from Windows startup.
opwinclient.exe
Remote Access
Alters Win.ini and System.ini.
orcmw.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.
otcxxh.exe
Backdoor.Carool is a Backdoor Trojan horse that allows unauthorized remote access your computer.
The Trojan also installs a keylogger and steals cached passwords.
Creates the following files:
%System%\OTCXXH.EXE
%System%\zpvkkom.dll
%System%\fpxjjgd.dll
%System%\keussm.dll
%System%\bdphhwls.tmp
Executes the OTCXXH.EXE file.
Adds the value: "otcx"="%System%\otcxxh.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Connects to a predetermined URL and uploads a keystroke log.
Listens for connections from the remote attacker on random TCP ports.
If they connect, an attacker can perform any of these following actions:
- Logs keystrokes
- Steals .pwl files
- Opens and closes the CD-ROM drive
RegRun Startup Optimizer will help you to remove this trojan.
otms.exe
Greeting card spammer.
Full remove instructions:
http://www.permissionedmedia.com/support...
When the Control Panel window opens, double-click on the Add/Remove Programs icon.
When the Add/Remove Programs Properties window opens, locate "WinSrv Reg" in the list of installed programs
oxiioifr.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.
oxney.vbs
VBS.Yeno@mm is a mass-mailing worm that sends itself to all the email addresses that it finds in the Microsoft Outlook Address Book.
The email has the following characteristics:
Subject: Fw: give some ...
Attachment: Variable file name.
This worm also adds comments to .vbs, .vbe, .htm, and .html files in the root folder of the C drive.
Creates a copy of itself as %System%\Oxney.vbs and sets the System attribute.
Adds the value: "SPINX" = "Oxney.vbs"
to the registry key: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
Adds the value: "SPINX" = "why you'r still drunk ???"
to the registry key: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion
Adds the following comment to all the .vbs and .vbe files that it finds in the root of the C drive.
'I'm sorry friend, I have no money !!
Adds other comments to all the .htm and .html files that it finds in the root of the C drive.
Automatic removal:
Use RegRun Startup Optimizer.
Copyright © 1998-2004 Greatis Software |
Privacy Policy
|
Recommend to a friend
