Process File: conime or conime.exe
Process Name: BFGhost 1.0
conime.exe is a process which is registered as the BFGhost 1.0 Remote administration backdoor tool. This backdoor application can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.
I recently changed my Windows XP language settings to Japanese because I have to deal with some files with Japanese encoded filenames. I noticed a process in task manager named conime.exe. I looked it up on Google and a bunch of spyware-cleaning software sites told me it was part of the BFGhost trojan and recommended deleting it. I did a file search and found conime.exe in C:\windows\system32. I looked at the properties and it turns out it’s the Microsoft Console IME (Input Method Editor). It executes whenever a command prompt is opened, so it seems that it’s used for Asian language input support in the command prompt. I searched the Microsoft Knowledge Base and confirmed it came with Windows.
“This entry is used only when the locale of the computer is set to 932 (Japanese), 936 (Chinese), 949 (Korean Unified Hangul), or 950 (Chinese Big5 Extended).”
I actually checked to see if conime.exe was in the system32 folder on my other computers and sure enough, it is. These spyware-finder sites are completely irresponsible in using FUD to sell software and not presenting the fact that every copy of Windows XP, 2000, and 2003 has an innocuous file with the same name as a possible trojan. I guess the lesson learned is to take the advice of anybody trying to sell you something cum grano salis.
These are from a couple of sites, most say it is BFGhost