Windows Startup Programs database Startup Programs - Dangerous - T
Home
Features  
   On-line Guide
   Help On-line
   Screenshots

Order
Download  
    Localization
Awards
Support  
   NI Forum
   Mickey Forum
   Greatis Forum

Startup Programs
Application Database

Hot!
Download:
RegRun 4.0 beta 2

What's new?

Greatis Home


Subscribe:

The Application Database suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer.
www.startupapps.com


Get RegRun now! Buy Now! Purchase RegRun Suite
Download Download RegRun Suite
Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > T

Dangerous 

tamagotxi.exe
tapi32.exe
tapiras.exe
task_bar.exe
task_bar[1.2].exe
task_bar[1.3].exe
tasker.exe
taskman.exe
tasknet.exe
tclient.exe
tconf.exe
tconfig.exe
tcp.exe
tcpload.exe
tcpproxy.exe
tcv.exe
teekids.exe
teleclient.exe
teleserv.exe
telnet.bat
telnet23.exe
temp#01.exe
temp$01.exe
temp$1.exe
temp.exe
tempinetboost.exe
tesk.exe
th3tr41t0r.exe
theobbq.exe
thespy.exe
thing.exe
tiles.exe
tinurak.exe
tloader1.exe
tloader2.exe
tloader3.exe
tmp.ini
tnsrv.exe
tour98.exe
trance.exe
transscout.exe
trjp.exe
trojan.exe
trojanhrs.exe
trojspirit2001.exe
tryit.exe
ts5602.exe
tskmngr.exe
tsserv.exe
tutgvcn.exe
twink64.exe

tamagotxi.exe
Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)

tapi32.exe
Name: Shorm
Worm / Steals passwords / Network trojan
Propagates to all shared discs. Autostarts using Windows Startup directory. Passwords and users names are mailed to two addresses in Russia. The .exe file is compressed using ASPack. It connects to a Web page in Russia, both to receive IP addresses to scan and to update itself.

tapiras.exe
Steals passwords

task_bar.exe
Remote Access / FTP Server

task_bar[1.2].exe
Remote Access / FTP Server

task_bar[1.3].exe
Remote Access / FTP Server

tasker.exe
W32.Mydoom.R@mm is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on an infected computer.
The email contains a spoofed From address. The subject and message body vary, and the attachment has a .bat, .cmd, .exe, .pif, .scr, or .zip extension.
May also attempt to open a back door on port 5422 and allow a remote attacker to have unauthorized access to the infected system.
This would allow a remote attacker to download and execute remote files.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Task"="%System%\tasker.exe"
Then, navigate to the key: HKEY_CLASSES_ROOT\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32
and delete the value: "(Default)"="%System%\Nemog.dll"
At last, navigate to and delete the keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\Version

taskman.exe
W32/Rbot-IG is a worm which attempts to spread to remote network shares.
The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
This worm spreads to network shares with weak passwords as a result of the backdoor Trojan element receiving the appropriate command from a remote user.

It copies itself to the Windows system folder as TASKMAN.EXE and creates entries in the registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Task Manager = taskman.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Task Manager = taskman.exe

Automatic removal: Use RegRun Startup Optimizer.

tasknet.exe
Remote Access / Exe-infector
The whole package comes with a server, an exe infector, a remover and two jokes. The first joke program, Californ.exe makes all the windows on the screen shake and move around. The second program, gravedad.exe displays a picture of the screen flipped.

tclient.exe
Remote Access

tconf.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

tconfig.exe
Mail trojan / Autodialer / ICQ trojan / Steals passwords
It deletes the two system files Regedit.exe and Msconfig.exe.

tcp.exe
Remote Access
Disguised as a TCP/IP booster.

tcpload.exe
Remote Access / Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.

tcpproxy.exe
Remote Access / Steals passwords
The client also drops a server! The hacker could choose to log passwords only or all text written. One of the functions is to kill antivirus software.

tcv.exe
Remote Access / ICQ trojan
Sockets des Troie is French for Trojan Sockets and was one of the very first Remote Access trojans being published.

teekids.exe
Lovesan worm.
This worm scans several IP networks (randomly choosen) to get access to port 135 (COM).
The worm sends a buffer-overrun request to vulnerable computers. The newly infected machine then initiates the command shell on TCP port 4444.
Lovesan runs the thread that opens the connection on port 4444 and waits for FTP 'get' request from the victim machine. The worm then forces the victim machine to sends the 'FTP get' request. Thus the victim machine downloads the worm from the infected machine and runs it. The victim machine is now also infected.
Removal:
remove it from startup by RegRun Startup Optimizer.

teleclient.exe
Remote Access

teleserv.exe
Remote Access

telnet.bat
Backdoor.IRC.Aladinz.R is a backdoor server that allows a remote attacker to obtain access to your computer.
The backdoor server uses an mIRC client and client scripts to communicate with a remote attacker.
It also creates a FTP server.

Creates the following folder: %System%\CatRoot.
Creates some files in the CatRoot folder, such as: update.bat; ServUDaemon.exe; dcom.reg; patch.reg; tar.exe etc.
Connects to a remote IRC server and waits for commands.
Listens on TCP ports 3422 and 43958.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Microsoft Office"="%system%\telnet.bat"
Delete the following keys:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Security
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\SystemManagementys2

telnet23.exe
Steals passwords
At first Ring0 came as an attached file to Winsock Version Checker. When itīs active and the computer is connected to the Internet, the trojan searches for proxyservers and tries to send the collected information to an FTP server in Russia.

temp#01.exe
Steals passwords / Trojan dropper / ICQ trojan
Drops the trojan The Thing 1.6.

temp$01.exe
Steals passwords / Trojan dropper / ICQ trojan
Drops the trojan The Thing 1.6.

temp$1.exe
Steals passwords

temp.exe
Remote Access / Destructive trojan / Virus dropper
It copies itself to c:\recycled to avoid detection by some antivirus programs.

tempinetboost.exe
Remote Access / Downloading trojan

tesk.exe
Remote Access / Keylogger / IRC trojan
Doly is hidden in several different programs: in Memory Manager, in an Interactive Game, and in a Downloading program. The trojan also starts using Windows Startup Directory.

th3tr41t0r.exe
Worm / IRC trojan

theobbq.exe
Worm / Mail trojan
Uses several different names to name the attachement, which can be mailed by either Netscape Mail, MS Outlook or MSOutlook Express.

thespy.exe
Keylogger
Logs all keys typed on the server computer

thing.exe
Remote Access / ICQ trojan
Version 1.6 autoloads through changes in System.ini and Win.ini. 1.5 uses Registry and System.ini to autoload.

tiles.exe
Remote Access / Trojan dropper
Alters Win.ini and System.ini. A game hiding and dropping the SubSeven 2.0 server.

tinurak.exe
Remote Access

tloader1.exe
Steals passwords

tloader2.exe
Steals passwords

tloader3.exe
Steals passwords

tmp.ini
Opaserv dangerous trojan. Alters registry Run and win.ini under Windows 9X.
Kill it!

tnsrv.exe
Steals passwords / Remote Access
Steals all cached passwords.

tour98.exe
Remote Access
Modified Acid Shiver Server.

trance.exe
Shadow Phyre
Remote Access / IRC trojan

transscout.exe
Remote Access / Steals passwords / Keylogger

trjp.exe
Remote Access

trojan.exe
Senna Spy Trojan Generator
Trojan constructor / Remote Access
Has the ability to kill Firewall and Antivirus software from Memory.

trojanhrs.exe
Remote Access

trojspirit2001.exe
Remote Access / Steals passwords
Also has a function called ""Burn Monitor"". This option constantly resets the Screenresolution.

tryit.exe
Worm / Mail trojan
Alters Win.ini. The worm is encrypted. It propagates to users who earlier has mailed the user of the infected computer.

ts5602.exe
Keylogger / Remote Access

tskmngr.exe
Remote Access

tsserv.exe
For years you have been able to test your virus scanner with the harmless "Eicar" test file.
Using the just released "Trojan Simulator" you can now test your trojan scanner in the same
manner, using a harmless demonstration trojan. This is a risk-free way to see how your security
software behaves in a real-world situation.

More info -
http://www.trojanhunter.com/trojansimula...

tutgvcn.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.

twink64.exe
Troj/Dloader-BW.
Attempts to download and execute EXE files from remote websites to the Windows system folder as intron.exe, ir.exe, lpt.exe and usb.exe.
Copies itself to the Windows system folder as twink64.exe and creates the following registry entry to run itself on system logon:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ControlPanel = \twink64.exe internat.dll,LoadKeyboardProfile

Use RegRun Startup Optimizer to automatically remove it from startup.

Copyright © 1998-2004 Greatis Software | Privacy Policy | Recommend to a friend