Common Spyware Application Processes

In the past we have covered what are the essential processes needed to run Windows which is useful for allowing you to spot adware/spyware and viruses because you know which ones should be running and which ones shouldnt. We have compiled a list for your convenience of common Adware/Spyware applications and the name of the processes they run allowing you to identify them without the use of scanners.

If any of those processes are spotted on a PC, they should be removed immediately. Luckily alot of them have an install program in Add/Remove Programs under Control Panel.

For example, if you find mwsoemon.exe on your/your clients computer you should look for “MyWebSearch Toolbar” in the Add/Remove Programs list. If it is not there it can be removed with applications such as Hijack This!.

Process Name Adware/Spyware Product
mwsoemon.exe MyWebSearch toolbar
wtoolsa.exe HuntBar
wsup.exe HuntBar spyware
cxtpls.exe AproposMedia
autoupdate.exe Apropos Media adware
wtoolss.exe HuntBar
istsvc.exe IST adware/hijacker
optimize.exe MoneyTree Dialer
gmt.exe Gator adware
cmesys.exe Gator adware
tbps.exe Neo Toolbar
pib.exe PIB Toolbar
gah95on6.exe ShopAtHome Select
tbpssvc.exe Neo Toolbar
bargains.exe Bargain Buddy
save.exe WhenU SaveNow adware
salm.exe 180Search Assistant
rk.exe Marketscore "monitoring"
webrebates0.exe TopRebates hijacker/adware
webrebates1.exe TopRebates hijacker/adware
vmss.exe Delfin Media Viewer

Bryce Whitty

About the Author

Bryce Whitty
More articles by me...
Bryce is an Australian computer technician and the founder of Technibble. He started his computer repair business when he was 17 years old and is still running it 9 years later. He is an avid traveller and spends at least a month of the year in another country.

Comments (3)

  • the says:

    i have the my web search toolbar, it dosent do anything, 4 viruses or contain any!!

  • Anton says:

    Another spyware application process is foool.exe. This spyware hide itself by using the explorer.exe name.

  • Josh says:

    the names explorer.dll, explorer.ex_ and regsvc32x.dll are all spyware/adware, as well as imnotspyware.ex_ and apacheservconnect.exe are spyware, and i’ve tracked all connections from realplay.exe and several datasends are my web history. so realplayer and realone are spyware. i also suspect the government is involved with realplayer’s spying as it atttempted to send my entire browsing history to which is nonexistent in the browser…