Dangerous File Processes In Windows - Part 4

Service.exe (W32.Randex.R Trojan)
services.exe is a part of the Microsoft Windows Operating System and manages the operation of starting and stopping services. This process also deals with the automatic starting of services during the comptuers boot-up and the stopping of servicse during shut-down. This program is important for the stable and secure running of your computer and should not be terminated.
Note: services.exe is also a process which is registered as the W32.Randex.R Trojan. This Trojan allows attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
Damage Level : Very Low
Distribution Level: Very Low

Sndconfg16.exe (Worm)
This file is a worm! It is the WORM_SHAREBOT.A worm which uses P2P networks to infect users. This worm, when executed will dump a bunch of files in random folders (usually shared folders) with names.
Damage Level : High
Distribution Level: High

Sysconf32.exe (NOOMY.A WORM/W32/Agobot-FP Trojan)
Windows HTML file reader should not be running at startup. It is likely a virus, spyware, trojan, or some other sort of malicious program. Use a virus scanner, and/or spyware removal tool to remove it.
sysconf.exe is a process which is registered as W32/Agobot-FP Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system.
Damage Level : High
Distribution Level: Unknown


Syshosts.exe (W32.MyDoom.Y/Worm)
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Damage Level : Low/Medium
Distribution Level: Unknown

Tkbellexe.exe (W32.Lovgate/Worm)
W32.Lovgate is a Trojan that spreads through email and exploits buffer overrun vulnerability in the system. Once executed, Lovgate can allow unauthorized remote access to infected systems.
TkBellExe.exe is a mass-mailing worm Worm.Win32.LovGate.
TkBellExe.exe opens a back door on TCP port 6000.
TkBellExe.exe spreads via open network shares.
TkBellExe.exe tries to terminate antiviral programs installed on a user computer.
Related files:
%windir%\CDPlay.exe
%system%\Update_OB.exe
%system%\TkBellExe.exe
%system%\spollsv.exe
%system%\Kernel66.dll
Damage Level : Low/Medium
Distribution Level: Unknown