Conime.exe: A trojan or not? Options

[JoeAverage]

According to some sources on internet conime is a trojan. I found it on my computer and looks like a MS application of some kind (Console IME). I checked it with Kaspersky on line scanner, which didn't find anything wrong. I also checked it with Lavasoft Ad Aware, MS Antispyware and NOD32 antivirus (I plan to switch to Kaspersky 6 very soon ), but again found nothing wrong.

Can anyone explain me if this is actually a real trojan or just a application that could be potentially harmfull?

Thanks in advance.

[Phoenix]

Send it to newvirus@kaspersky.com for check.

[JoeAverage]

Send it to newvirus@kaspersky.com for check.

Thanks. Done that.

[JoeAverage]

Response I got from Kaspersky:

No malicious software was found in the attached file.

Must be some application, which can be misused for gaining remote access to the computer.

[p2u]

Response I got from Kaspersky:
Must be some application, which can be misused for gaining remote access to the computer.

This is BFGhost, it's a Remote Administration Tool and it's dangerous. If you haven´t been administrating your computer remotely and find it on your computer, somebody has been using it to control your machine and could be spying on you. If that's the case you should take counter-measures immediatedly.

You can either download SpySweeper (which is the safest option if you're not a power user).

http://www.download.com/Webroot-Spy-Sweepe...4-10562248.html

OR

Follow the following instructions for manual removal:

1. Kill the following processes in the Task Manager:
bfghost.exe, editmm.exe, conime.exe

2. Unregister service.dll in Windows\system\

How? Start - Run - copy and paste:

REGSVR32 /u C:\Windows\System\service.dll

Press Enter and REBOOT.

3. Remove the following files
bfghost.exe, editmm.exe, read it.txt.
conime.exe in Windows\
regsys.vxd, service.dll in Windows\system\

Paul Wynant
Moscow, Russia

This post has been edited by p2u: 17.08.2006 19:02

[Don Pelotas]

Easy does it Paul, i have that one too and no app detects it including Spy Sweeper & SUPERAntiSpyware. As long as he doesn't have bfghost.exe.

[p2u]

Easy does it Paul, i have that one too and no app detects it including Spy Sweeper & SUPERAntiSpyware. As long as he doesn't have bfghost.exe.

Ok. Well, in that case, if JoeAverage doesn't want to see it and it starts up with Windows, then he could try Startup Control Panel (34 KB):

http://www.mlin.net/StartupCPL.shtml

Pick the Standalone verision. No install needed. Uncheck 'conime.exe' and done...

Paul

This post has been edited by p2u: 17.08.2006 19:38

[JoeAverage]

Thanks to all for your replies, I really appreciate it. I installed and run Spy Sweeper, which found nothing with the exception of 4 cookies. I have checked my hard disk with Windows Seach feature and with dir /s command from root folder, but didn't find any bfghost.exe, editmm.exe, system.dll or read it.txt files. I have found conime.exe file in Windows\system32 and Windows\system32\dllcache folder. I don't have any bfghost.exe, editmm.exe, conime.exe active processes in Task Manager. I did a quick reseach on Microsoft's site and conime.exe looks like a legit OS file. I don't know if this has some relevance, but I'm using IE7 latest beta, with Office 2007 beta and WMP 11 beta. I use NOD32, but like I said before I'm planning to switch to Kaspersky 6 soon , MS Antispyware, Lavasoft Ad Aware Personal, now also Spy Sweeper , Windows Firewall and I'm behind a hardware firewall.

Can anyone tell me which port does BFGhost use for its activity?

So there's a trojan that uses conime.exe OS file to function properly?

This post has been edited by JoeAverage: 17.08.2006 20:07

[p2u]

Thanks to all for your replies, I really appreciate it. I installed and run Spy Sweeper, which found nothing with the exception of 4 cookies.    I have checked my hard disk with Windows Seach feature and with dir /s  command from root folder, but didn't find any bfghost.exe, editmm.exe or read it.txt files. I have found conime.exe file in Windows\system32 and Windows\system32\dllcache folder. I don't have any bfghost.exe, editmm.exe, conime.exe active processes in Task Manager. I did a quick reseach on Microsoft's site and conime.exe looks like a legit OS file. I don't know if this has some relevance, but I'm using IE7 latest beta, with Office 2007 beta and WMP 11 beta.

So there's a trojan that uses conime.exe OS file to function properly?

No. You're only in trouble if the mentioned combination (with bfghost.exe, editmm.exe) is present on your computer. You can relax.

Paul Wynant
Moscow, Russia