Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Possible virus/hacker attack?

vince150

By vince150
in Software Chat

Recommended Posts

vince150

vince150

Posted
Posted

Every once in awhile I find a process called conime.exe running, which is a Windows remote access tool. I looked it up and a couple of sites/forums I found said it's only dangerous with bfghost.exe and/or editmm.exe running. I ran NOD32 and it didn't find anything but I definitely didn't execute it and I don't want it running on my computer. Are there any programs out there that can block processes from starting because it's a Windows app and it won't let me delete it. >.<

Link to comment
Share on other sites
  • Replies 7
  • Views 1.3k
  • Created
  • Last Reply
LoKz

LoKz

Posted
Posted

Restart Windows all over delete evrything.. only back up the things you really need and things that you have like pictures and so on... but i would scan it in safe mode

Link to comment
Share on other sites
Marik

Marik

Posted
Posted

do you know the exact location of the process ?

If so then you can easily delete it using a cmd command

x:\xxx\xxx\nameoftheprocess.exe -remove

example ?

C:\WINDOWS\explorer.exe -remove

with this command you can safely detele it's service :P

then restart your computer and you can safely delete it without worries :fear:

another way is to go to Start -> Run and type "msconfig" (without the quotes)

then go to startup and uncheck the box of the particular service

Link to comment
Share on other sites
myidisbb

myidisbb

Posted
Posted
Every once in awhile I find a process called conime.exe running, which is a Windows remote access tool. I looked it up and a couple of sites/forums I found said it's only dangerous with bfghost.exe and/or editmm.exe running. I ran NOD32 and it didn't find anything but I definitely didn't execute it and I don't want it running on my computer. Are there any programs out there that can block processes from starting because it's a Windows app and it won't let me delete it. >.<

http://://://://www.liutilities.com/products/...library/conime/

(dont click on the other links on this page for they are basically ads for products)

conime.exe is a process which is registered as the BFGhost 1.0 Remote administration backdoor tool. This backdoor application can allow attackers to access your computer, stealing passwords and personal data. This process is a security risk and should be removed from your system.

Note! If your system is using a non western language this can be a legitimate entry.

Note: conime.exe is a part of the BFGhost 1.0 and is essential for the secure and safe operation of your computer.

so basically if you do not have BFGhost 1.0 install then its BFGhost 1.0 Remote crap.

This is BFGhost, it's a Remote Administration Tool and it's dangerous. If you haven´t been administrating your computer remotely and find it on your computer, somebody has been using it to control your machine and could be spying on you. If that's the case you should take counter-measures immediatedly.

You can either download SpySweeper (which is the safest option if you're not a power user).

http://forum.kaspersky.com/lofiversion/index.php/t19964.html

http://www.download.com/Webroot-Spy-Sweepe...4-10562248.html

OR

Follow the following instructions for manual removal:

1. Kill the following processes in the Task Manager:

bfghost.exe, editmm.exe, conime.exe

2. Unregister service.dll in Windows\system\

How? Start - Run - copy and paste:

REGSVR32 /u C:\Windows\System\service.dll

Press Enter and REBOOT.

3. Remove the following files

bfghost.exe, editmm.exe, read it.txt.

conime.exe in Windows\

regsys.vxd, service.dll in Windows\system\

Paul Wynant

Moscow, Russia

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...