Windows Startup Programs database
Startup Programs - Dangerous - U
Home
Features
On-line Guide
Help On-line
Screenshots
Order
Download
Localization
Awards
Support
NI Forum
Mickey Forum
Greatis Forum
Startup Programs
Application Database
Hot!
Download:
RegRun 4.0 beta 2
What's new?
Greatis Home
Subscribe:
The Application Database
suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is
RegRun Startup Optimizer
.
www.startupapps.com
Purchase RegRun Suite
Download RegRun Suite
Search Database for:
RegRun
>
Greatis Startup Application Database
> Dangerous >
U
uagent.exe
ubr2.exe
udt31.exe
udt3b.exe
udt4fuk.exe
udtse.exe
uhanfo.exe
uhbg.exe
umg32.exe
umgr32.exe
umgr32~1.exe
umuerte.exe
unicorn.exe
unin0686.exe
uninst32.exe
uninstallms.exe
updata.exe
upgrade.exe
user32.exe
usrinit.exe
uuetobin.exe
uagent.exe
Remote Access
ubr2.exe
Troj/Umbriel-A is a backdoor Trojan for the Windows platform.
Allows a malicious user remote access to an infected computer.
Records keystrokes to the file ubrlg.sys in the Windows system folder and scans various registry entries and configuration files to find passwords.
Stolen information may be sent by email to a predetermined address.
Copies itself to the Windows system folder as ubr2.exe, and creates the two helper DLLs hcsrss.dll and icsrss.dll.
Sets the following registry entry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon\Shell = Explorer.exe ubr2.exe.
The Trojan also edits system.ini in the Windows system folder.
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
udt31.exe
Remote Access / Steals passwords / EXE Binder
May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine.
udt3b.exe
Remote Access / Steals passwords / EXE Binder
May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine.
udt4fuk.exe
Remote Access / Steals passwords / EXE Binder
May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine.
udtse.exe
Remote Access / Steals passwords / EXE Binder
May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine.
uhanfo.exe
Remote Access / Steals passwords
Also has a function called ""Burn Monitor"". This option constantly resets the Screenresolution.
uhbg.exe
Browser Hijack software.
Remove it from startup by RegRun Startup Optimizer.
Also kill these file if they exist:
C:\WINDOWS\system32\Eah1q5.exe
C:\WINDOWS\system32\Ahy0J.exe
C:\WINDOWS\system32\Qnw624T1.exe
C:\WINDOWS\system32\VaydXp.exe
C:\WINDOWS\system32\DiiCc.exe
C:\WINDOWS\system32\WdcOW0.exe
umg32.exe
Remote Access
Runs as a hidden service. Uses encryption.
umgr32.exe
Remote Access
Runs as a hidden service. Uses encryption.
umgr32~1.exe
Remote Access
Runs as a hidden service. Uses encryption.
umuerte.exe
Remote Access / Steals passwords / EXE Binder
May alter Win.ini and/or System.ini. Based on SubSeven. Some of the files are packed with the UPX 1.01. It comes with several different skins and supports plug-ins, so features may change. With Undetected, the hacker is able to write and execute different types of scripts, such as .bat and .vbs files, on the infected machine.
unicorn.exe
Remote Access / Mail bomber / Keylogger
unin0686.exe
Remote Access
May alter System.ini and/or Win.ini. One can choose to let Mosucker randomly decide what autostart method to use. Produces an error message while installing ""Could not find setuplog.bat"" which apparently is used for autostarting. It copies itself to $temp first, as a file named pkg*.exe, ""pkg"" being a fix string. It also copied itself to $windows/unin0686.exe.
uninst32.exe
Remote Access / Downloading trojan
uninstallms.exe
Status: Looks like a APSTrojan.
Read more:
http://www.itd.umich.edu/virusbusters/AP...
Recommendation: Stop its running and test your computer by antiviral software.
updata.exe
W32/Rbot-DJ is a member of the W32/Rbot family of worms with backdoor capabilities.
To run automatically when Windows starts up the worm copies itself to the file updata.exe in the Windows system folder
and adds the following registry entries pointing to this file:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Machine=updata.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Machine=updata.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Machine=updata.exe
When run the worm attempts to connect to a remote IRC server.
This connection is used as a control channel that allows a malicious user access to the infected computer.
Manual removal:
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
and remove any reference to updata.exe.
upgrade.exe
Destructive trojan
Rasmin uses up all the memory and the infected computer crashes regularly.
user32.exe
Remote Access
NetTrash can take up as much memory in RAM as choosen by the remote hacker.
usrinit.exe
W32.Maddis.B is a network-share worm.
The worm opens several ports on an infected computer.
It also operates as a proxy and possibly a spam relay.
Copies itself to %System%\IUsrinit.exe
Creates the file, %Windir%\Temp\Helper.dll.
%Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
Attempts to create the service, "Windows Update," so that the worm is executed any time the process is stopped.
Attempts to inject Helper.dll into various Windows System processes to avoid alerting firewall applications when it accesses the Internet. It also hooks various System APIs.
Attempts to contact the following Web sites, notify them of the attack, and then send them system information:
www.proxylist.ru/control/21/
www.proxylist.com.ua/control/21/
www.proxylist.com.ru/control/21/
www.proxylist.biz/control/21/
66.98.173.166/control/21/
Scans the Local Area Network using NetBIOS.
Attempts to copy itself to any open shares that it finds.
Open several randomly selected high ports. Then, it operates as a proxy for various protocols, including HTTP and SOCKS.
uuetobin.exe
Steals passwords / ICQ trojan
Displays a Firework and simultanlously starts in the backround. Sends the passwords encrypted via e-mail
Copyright © 1998-2004 Greatis Software |
Privacy Policy
|
Recommend to a friend