Help - Search - Members
Full Version: Conime.exe: A trojan or not?
Kaspersky Lab Forum > English User Forum > Virus-related issues
JoeAverage
According to some sources on internet conime is a trojan. I found it on my computer and looks like a MS application of some kind (Console IME). I checked it with Kaspersky on line scanner, which didn't find anything wrong. I also checked it with Lavasoft Ad Aware, MS Antispyware and NOD32 antivirus (I plan to switch to Kaspersky 6 very soon tongue.gif ), but again found nothing wrong.

Can anyone explain me if this is actually a real trojan or just a application that could be potentially harmfull?

Thanks in advance.
Phoenix
Send it to newvirus@kaspersky.com for check.
JoeAverage
QUOTE(Phoenix @ 17.08.2006 15:36)
Send it to newvirus@kaspersky.com for check.
*


Thanks. smile.gif Done that.
JoeAverage
Response I got from Kaspersky:

QUOTE
No malicious software was found in the attached file.


Must be some application, which can be misused for gaining remote access to the computer.
p2u
QUOTE(JoeAverage @ 17.08.2006 18:54)
Response I got from Kaspersky:
Must be some application, which can be misused for gaining remote access to the computer.
*


This is BFGhost, it's a Remote Administration Tool and it's dangerous. If you havenĀ“t been administrating your computer remotely and find it on your computer, somebody has been using it to control your machine and could be spying on you. If that's the case you should take counter-measures immediatedly.

You can either download SpySweeper (which is the safest option if you're not a power user).

http://www.download.com/Webroot-Spy-Sweepe...4-10562248.html

OR

Follow the following instructions for manual removal:

1. Kill the following processes in the Task Manager:
bfghost.exe, editmm.exe, conime.exe

2. Unregister service.dll in Windows\system\

How? Start - Run - copy and paste:

REGSVR32 /u C:\Windows\System\service.dll

Press Enter and REBOOT.

3. Remove the following files
bfghost.exe, editmm.exe, read it.txt.
conime.exe in Windows\
regsys.vxd, service.dll in Windows\system\

Paul Wynant
Moscow, Russia
Don Pelotas
Easy does it Paul, i have that one too and no app detects it including Spy Sweeper & SUPERAntiSpyware. As long as he doesn't have bfghost.exe.
p2u
QUOTE(Don Pelotas @ 17.08.2006 20:31)
Easy does it Paul, i have that one too and no app detects it including Spy Sweeper & SUPERAntiSpyware. As long as he doesn't have bfghost.exe.
*


Ok. Well, in that case, if JoeAverage doesn't want to see it and it starts up with Windows, then he could try Startup Control Panel (34 KB):

http://www.mlin.net/StartupCPL.shtml

Pick the Standalone verision. No install needed. Uncheck 'conime.exe' and done... smile.gif

Paul
JoeAverage
Thanks to all for your replies, I really appreciate it. I installed and run Spy Sweeper, which found nothing with the exception of 4 cookies. tongue.gif I have checked my hard disk with Windows Seach feature and with dir /s cool.gif command from root folder, but didn't find any bfghost.exe, editmm.exe, system.dll or read it.txt files. I have found conime.exe file in Windows\system32 and Windows\system32\dllcache folder. I don't have any bfghost.exe, editmm.exe, conime.exe active processes in Task Manager. I did a quick reseach on Microsoft's site and conime.exe looks like a legit OS file. I don't know if this has some relevance, but I'm using IE7 latest beta, with Office 2007 beta and WMP 11 beta. I use NOD32, but like I said before I'm planning to switch to Kaspersky 6 soon smile.gif , MS Antispyware, Lavasoft Ad Aware Personal, now also Spy Sweeper smile.gif , Windows Firewall and I'm behind a hardware firewall.

Can anyone tell me which port does BFGhost use for its activity?

So there's a trojan that uses conime.exe OS file to function properly? wacko.gif
p2u
QUOTE(JoeAverage @ 17.08.2006 21:00)
Thanks to all for your replies, I really appreciate it. I installed and run Spy Sweeper, which found nothing with the exception of 4 cookies.  tongue.gif  I have checked my hard disk with Windows Seach feature and with dir /s  cool.gif command from root folder, but didn't find any bfghost.exe, editmm.exe or read it.txt files. I have found conime.exe file in Windows\system32 and Windows\system32\dllcache folder. I don't have any bfghost.exe, editmm.exe, conime.exe active processes in Task Manager. I did a quick reseach on Microsoft's site and conime.exe looks like a legit OS file. I don't know if this has some relevance, but I'm using IE7 latest beta, with Office 2007 beta and WMP 11 beta.

So there's a trojan that uses conime.exe OS file to function properly? wacko.gif
*


No. You're only in trouble if the mentioned combination (with bfghost.exe, editmm.exe) is present on your computer. You can relax. smile.gif

Paul Wynant
Moscow, Russia
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.