The methodology behind R.I.D is based on particular events which occur when programs try to
execute or infiltrate your system.
Manually editing the registry or changing program options may not trigger a R.I.D. alert but
infiltrations by 3rd party programs will. This way you'll enjoy optimal
performance during your normal computing tasks but Scotty will still wake up
when significant changes have been made.
To verify that our new methodology was sufficient we
contracted with an independent
tester. Each of the following programs were installed on a fresh machine to
make sure that WinPatrol with R.I.D. would detect the infiltration in real-time. The resulted exceeded
our expectations although we noted that additional instruction and/or help was required
to remove the infiltration. Many of the repeat offenders have been
addressed in the newest version, WinPatrol V32.0.2014.5.
The following programs were installed based on their
popularity or attack frequency and ranking by online Anti-Spyware sites.
We found that many site vary widely on their rankings so we based our list
on the following pages.
| Filename |
Description |
Detected |
Notes |
| cfgmgr52.dll |
BookedSpace malware |
Yes |
|
| exp.exe |
trojan |
Yes |
|
| wintask.exe |
Pop Marketing |
Yes |
|
| VbouncerInner.exe |
Virtual Bouncer |
Yes |
|
| VirtualBouncer.exe |
Virtual Bouncer |
Yes |
|
| BundleOuter.exe |
Virtual Bouncer |
Yes |
|
| AdDestroyer.exe |
Ad Destroyer |
Yes |
|
| ScreenSaversInst.dll |
ScreensaversInstaller Module |
Yes |
|
| Starware.dll |
Starware |
Yes |
|
| MiniBug.exe |
WeatherBug Download Manager |
Yes |
|
| w6bar.dll |
My Web Search Bar for IE and Firefox |
Yes |
Still installs in Firefox |
| EliteSideBar 08.dll |
Elite Sidebar |
Yes |
|
| EliteToolBar version 60.dll |
Elite Toolbar DLL |
Yes |
|
| eliteiuh32.exe |
(unknown) |
Yes |
Tries several times |
| bbsmartstubfal.exe |
BonziBuddy |
Yes |
|
| bonzibdy.exe |
BonziBuddy |
Yes |
|
| ErrorGuard.exe |
Error Guard |
Yes |
|
| GSYUpdater.exe |
GotSmiley |
Yes |
|
| GotSmiley.exe |
GotSmiley |
Yes |
|
| CMESys.exe |
CME (Gator) |
Yes |
|
| SeaWDurlIE.exe |
(unknown) |
Yes |
|
| djtopr1150.exe |
Adware |
Yes |
|
| wupdt.exe |
IMISERV
virus |
Yes |
|
| systb.dll |
Wbho module |
Yes |
|
| [unknown] |
Unknown title (IE helper) |
Yes |
Winpatrol shows “Unknown Title” |
| RegClean.exe |
Registry Cleaner |
Yes |
|
| svcproc.exe |
Trojan.Win32.Stervis.b |
Yes |
Described as “System Startup Service” |
| WebRebates0.exe |
Web Rebates |
Yes |
Tries several times |
| Psof1.exe |
Pacimedia
adware |
Yes |
|
| nvms.dll |
IE BHO, part of NaviSearch |
Yes |
|
| msbe.dll |
Exact Advertising |
Yes |
|
| bargains.exe |
BargainsBuddy ADP module |
Yes |
|
| nls.exe |
NaviSearch Module |
Yes |
|
| aunps2.dll |
adware/spyware |
Yes |
|
| istsvc.exe |
ISTBar |
Yes |
|
| amdnrc.exe |
(unknown) |
Yes |
|
| nem220.dll |
DyFuCA_BH Module |
Yes |
|
| cxtpls.dll |
Apropos Media ContextPlus BHO |
Yes |
|
| sfbho.dll |
SideFind BHO |
Yes |
|
| istbarcm.dll |
ISTBar |
Yes |
|
| sacc.exe |
SurfAccuracy |
Yes |
|
| optimize.exe |
Internet Optimizer |
Yes |
|
| cxtpls_loader.exe |
Apropos Media ContextPlus |
Yes |
|
| ctfcap32.exe |
(unknown) |
Yes |
|
| AutoUpdate.exe |
Apropos Media |
Yes |
|
| PowerScan.exe |
Integrated Search Technologies |
Yes |
|
| Comedy-planet.exe |
Comedy Planet |
Yes |
|
| whiehlpr.dll |
WebHancer Customer Companion |
Yes |
|
| whAgent.exe |
WebHancer Customer Companion |
Yes |
|
| whSurvey.exe |
WebHancer Survey Companion |
Yes |
|
| ieBHOs.dll |
E2G plugin |
Yes |
Tries repeatedly, |
| AuroraHandler.dll |
Aurora Handler |
Yes |
Tries repeatedly |
| stlb2.dll |
BrowserAid Search and Click Toolbar |
Yes |
Tries repeatedly |
| WebCpr0.exe |
Web_CPR/TopMoxie |
Yes |
|
| Wast2.exe |
Twain-Tech |
Yes |
|
| ARUpdate.exe |
AdRoar |
Yes |
|
| TVS_B.exe |
BroadcastPC |
Yes |
|
| Ftkcpy.exe |
XML Extender |
Yes |
|
| AdRoar.dll |
AdRoar |
Yes |
|
| ftk.dll |
XML Extender |
Yes |
Tries repeatedly |
| Ssk.exe |
Surf Sidekick |
Yes |
|
| cashback.exe |
Top Rebates |
Yes |
|
| mscb.dll |
BargainBuddy |
Yes |
|
| VVSN.exe |
WhenU |
Yes |
|
| Save.exe |
WhenU SaveNow |
Yes |
|
| newdotnet6_38.dll |
New.net Domains |
Yes |
|
| Newdotnet6_84.dll |
New.net Domains |
Yes |
|
| sssTbar.dll |
SssTbar module |
Yes |
|
| UCMTSAIE.dll |
UCMore XP Toolbar |
Yes |
|
| ru.exe |
Quicktlme (adult content dialer) |
Yes |
|
| Search.exe |
WhenUSearch |
Yes |
|
| whse.exe |
WhenUSearch |
Yes |
|
| rk.exe |
RelevantKnowledge |
Yes |
|
| rlvknlg.exe |
RelevantKnowledge |
Yes |
|
| search.dll |
WhenUSearch Module |
Yes |
|
| mwsoemon.exe |
My Web Search Bar |
Yes |
|
| mwssrcas.dll |
My Web Search Assistant for IE |
Yes |
|
| mwsbar.dll |
My Web Search Bar |
Yes |
|
| Hyperbar.dll |
Hyperbar |
Yes |
|
| Superbar.dll |
SuperBar |
Yes |
|
| sbhc.exe |
SuperBar |
Yes |
|
| msbb.exe |
Ncase |
Yes |
|
| Weather.exe |
WeatherBug |
Yes |
|
| Sync.exe |
ClockSync |
Yes |
|
| zanu.exe |
Ncase |
Yes |
|
| zanuhook.dll |
Ncase |
Yes |
|
| dkuc.exe |
(unknown) |
Yes |
|
