Windows Startup Programs database Startup Programs - Dangerous - P
Home
Features  
   On-line Guide
   Help On-line
   Screenshots

Order
Download  
    Localization
Awards
Support  
   NI Forum
   Mickey Forum
   Greatis Forum

Startup Programs
Application Database

Hot!
Download:
RegRun 4.0 beta 2

What's new?

Greatis Home


Subscribe:

The Application Database suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer.
www.startupapps.com


Get RegRun now! Buy Now! Purchase RegRun Suite
Download Download RegRun Suite
Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > P

Dangerous 

package.exe
panther.exe
panthr.exe
paradise.exe
party.exe
passport.exe
patch.exe
patch170.exe
patcher.exe
pazymi.exe
pcidev32.exe
pcinvader.exe
pcinvkiller.exe
pcinvserv.exe
pciserver.exe
pcx.exe
peditinc.exe
pegraft.exe
penis32.exe
phase.exe
phineas.com
photo1.exe
photo2.exe
phucker.exe
picard.vbs
pics.exe
pics4you.exe
piegates.exe
pingbomb.exe
pirate.exe
pkg6112.exe
pkg6135.exe
pkgxxxx.exe
pkzip25.exe
plyoqmmc.exe
pmss.exe
poet.exe
popsrv184.exe
porn_pic.vbs
port 5000.exe
port.exe
portscan.exe
prayer.exe
prayer13.exe
prettyorg.exe
prettypark.exe
pricol.exe
priority.exe
pro_cli.exe
procdll.exe
procmon.exe
progenict.exe
progmon.exe
progr.exe
prosiak.exe
prosiak_trojan.exe
pspgame.exe
pwclient.exe
pwmodify.exe
pwserver.exe

package.exe
W32.Dabber Worm
It spreads by exploiting vulnerability in the FTP server component of W32.Sasser.Worm and its variants.
The worm installs a backdoor on infected hosts listening on port 9898. If the attempt fails, W32Dabber.A tries to listen on from port 9899 to port 9999 in sequence until it finds an open port.
Tries to save itself in:
%System%\package.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\package.exe
%Windir%\All Users\Main menu\Programs\StartUp\package.exe
Remove it from startup by RegRun Start Control.

panther.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

panthr.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

paradise.exe
Remote Access

party.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

passport.exe
Remote Access

patch.exe
Virus / Hacking tool
Opens port 531 for communication. One of very few viruses with hacking capabilities. Notepad.exe is is given the new name Notepadx.exe and the virus take the old name. When installed, the virus notifyes its creator on one of four different IP addresses in New Zealand.

patch170.exe
Virus / Hacking tool
Opens port 531 for communication. One of very few viruses with hacking capabilities. Notepad.exe is is given the new name Notepadx.exe and the virus take the old name. When installed, the virus notifyes its creator on one of four different IP addresses in New Zealand.

patcher.exe
Remote Access

pazymi.exe
Remote Access
It kills more than 20 antivirus programs in memory and also four dedicated antitrojan softwares. The trojan can redirect ports and connect to several servers at the same time. It can also be used as a port scanner. Cafeini can also take another programīs place in the Registry. The server will automatically be updated using HTTP.

pcidev32.exe
Remote Access / FTP server

pcinvader.exe
Remote Access / FTP server

pcinvkiller.exe
Remote Access / FTP server

pcinvserv.exe
Remote Access / FTP server

pciserver.exe
Remote Access / FTP server

pcx.exe
Remote Access

peditinc.exe
Remote Access / FTP server / CQ trojan
InCommand can bind (join or wrap) its server to any other .exe file, and can also add extra legth to it to avoid searches on specific file length. It uses selfinstalling plug-ins to add features to the trojan and can thousands of icons stored inside the EditServer file.

pegraft.exe
Remote Access / Keylogger

penis32.exe
Lovesan worm.
This worm scans several IP networks (randomly choosen) to get access to port 135 (COM).
The worm sends a buffer-overrun request to vulnerable computers. The newly infected machine then initiates the command shell on TCP port 4444.
Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected.
Removal:
remove it from startup by RegRun Startup Optimizer.

phase.exe
Remote Access

phineas.com
Phineas Phucker Trojan.

photo1.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

photo2.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

phucker.exe
Remote Access

picard.vbs
I-Worm.Lee
This is a family of Internet worms that use different infection technologies depending on their versions.
There are two "basic" worms: "Lee.a" and "Lee.b".
The former spreads via IRC channels, and the latter uses MS Outlook to send infected e-mails.
Other worm versions are modifications and/or combinations of these original ones.

Automatic Removal: Use RegRun Startup Optimizer to remove it from startup.

pics.exe
Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)

pics4you.exe
Worm / Trojan dropper / Destructive trojan / Mail trojan
Drops a trojan January 1, 2000.

piegates.exe
Remote Access / Trojan dropper
Disguised as a game. Installs NetBus server 1.53 while you play.

pingbomb.exe
Remote Access

pirate.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

pkg6112.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.

pkg6135.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.

pkgxxxx.exe
Remote Access

pkzip25.exe
Keylogger

plyoqmmc.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.

pmss.exe
Remote Access / Novell NetWare trojan
Donald Dick looks like Donald Duck as a fat and smoking decadent Soviet Spetsnaz soldier.

poet.exe
W32.Doep.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet.

Creates the following files:
%Windir%\System32\poet.log
%Windir%\System32\Inf\readme.txt
%Windir%\System32\Inf\poet.exe

Adds the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Attempts to create copies of itself in the %Windir%\System32\Inf folder using different file names.
The file extension will be an .exe, .avi, or a .zip archive that contains a file with one of the previous two extensions.

Creates the following files:
C:\Program Files\KaAaA\My shared folder\The White Stripes - IM INFECTED.mp3
C:\Documents and Settings\All Users\Start Menu\Programs\BrainwashBrainwashBrainwash45.exe

Modifies configuration files or registry keys of file-sharing programs, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet,
so the shared folder of the programs is %Windir%\System32\Inf.

It then attempts to delete samo registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Such as: avserve.exe; avserve2.exe; skynetave.exe; etc.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"

popsrv184.exe
Browser Hijacker.
Sets your browser's settings to point to other sites.
Read more:
http://www.pestpatrol.com/PestInfo/p/peo...
Remove it from startup.

porn_pic.vbs
VBS.Powcox@mm
It is a partially encrypted VBS worm that attempts to email itself to every recipient in the Microsoft Outlook address book.

The email has the following characteristics:
Subject: heyy...
Body: Check this file,this is sevenC porn pic & movie
Attachment: Porn_pic.vbs

When it is run, it displays a message containing the following text:
Yesterday my body was attacked by water cow pox they attack my hand,my head,my face they all at my skin
it's hurt you know ?? Very hurt...!! I couldn't go to anywhere
I just stay at home and hope,so that fuckin water cow pox leave my body
Water cow Pox is my enemy...!!

Drops the following files:
C:\Windows\System\Porn_pic.jpg.vbs
C:\Windows\System\OEMINFO.ini

Creates a shortcut on the Windows desktop named Porn_pic.jpg, which points to the Porn_pic.jpg.vbs file.

Adds the different values, such as "NoDrives" = "67108863"; "NoClose" = "1"; "NoFind" = "1"; "NoDesktop" = "1"; "NoRun" = "1" etc.
to the registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Network

Change IE start page to "sevenc.vze.com"

Automatic removal: Use RegRun Startup Optimizer to remove it from startup.

port 5000.exe
Remote Access

port.exe
Remote Access
Disguised as a TCP/IP booster.

portscan.exe
Remote Access

prayer.exe
Remote Access

prayer13.exe
Remote Access

prettyorg.exe
Remote Access / Steals passwords / Worm / IRC trojan / Mail trojan
Alters Win.ini and System.ini. Partial trojan, partial worm. Spreads through IRC and email. Itīs hidden in a screen saver. Said to be a clone of Happy99. Tries to spread itself to all addresses in Outlook every 30 minutes.

prettypark.exe
Remote Access / Steals passwords / Worm / IRC trojan / Mail trojan
Alters Win.ini and System.ini. Partial trojan, partial worm. Spreads through IRC and email. Itīs hidden in a screen saver. Said to be a clone of Happy99. Tries to spread itself to all addresses in Outlook every 30 minutes.

pricol.exe
Steals passwords / ICQ trojan
Displays a Firework and simultanlously starts in the backround. Sends the passwords encrypted via e-mail

priority.exe
Remote Access / Virus dropper
It can be made to drop the PingPong virus.

pro_cli.exe
Remote Access

procdll.exe
WEEDBOTZ Virus.
Spreads via e-mail and IRC.
Installs backdoor program to control user computer.
Read more:
http://www.trendmicro.com/vinfo/virusenc...
Removal:
Remove it by RegRun Startup Optimizer.

procmon.exe
Steals passwords / Remote Access / Downloading trojan
Tries to send information to IP address 202.103.106.189. A remote user is able to compress the files before downloading them.

progenict.exe
Remote Access / ICQ trojan
Alters Win.ini.

progmon.exe
Added as a result of the Peeper Virus.

Backdoor.Peeper is a Trojan Horse that allows a hacker to control an infected computer. By default, it listens on TCP port 5180.
Adds the values:
"Internt = %System%\Internt.exe..."
"Program File = %System%\Progmon.exe..."
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Then waits for commands from a remote user.
Backdoor.Peeper can be instructed to do the following things:
1. Disable mouse and keyboard input
2. Log out the current user
3. Restart the computer
4. Hide the mouse cursor
5. Steal information about the computer and send it by email to the hacker.

Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.

progr.exe
Remote Access
Alters Win.ini and System.ini.

prosiak.exe
Remote Access

prosiak_trojan.exe
Prosiak 0.70 Beta 5 trojan

pspgame.exe
Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)

pwclient.exe
Remote Access / ICQ trojan / IRC trojan

pwmodify.exe
Remote Access / ICQ trojan / IRC trojan

pwserver.exe
Remote Access / ICQ trojan / IRC trojan

Copyright © 1998-2004 Greatis Software | Privacy Policy | Recommend to a friend