Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I Have A Backdoor


  • Please log in to reply

#1
cleverboy12

cleverboy12

    Member

  • Member
  • PipPipPip
  • 687 posts
Hi There,

I was just looking through my System and Windows Files and Under System 32 I found something a little suspicious there. I decided to google it and I couldnt believe it. I have a BackDoor.

The Backdoor files name is conime and I am really not sure what I can Now Do.

Please Help :tazz:
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Post a HiJackThis log to the malware forum. :tazz:
  • 0

#3
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
I have already it seems clean. :tazz:
  • 0

#4
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Have you got winks installed
  • 0

#5
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
No I have nothing installed apart from a few security programs eg AVG etc. ( which are cleanr of viruses.)

I Am A Little confused here. :tazz:
  • 0

#6
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Process File: conime or conime.exe
Process Name: BFGhost 1.0

Description:
conime.exe is a process which is registered as the BFGhost 1.0 Remote administration backdoor tool. This backdoor application can allow attackers to access your computer, stealing passwords and personal data. It is a registered security risk and should be removed immediately.

I recently changed my Windows XP language settings to Japanese because I have to deal with some files with Japanese encoded filenames. I noticed a process in task manager named conime.exe. I looked it up on Google and a bunch of spyware-cleaning software sites told me it was part of the BFGhost trojan and recommended deleting it. I did a file search and found conime.exe in C:\windows\system32. I looked at the properties and it turns out it’s the Microsoft Console IME (Input Method Editor). It executes whenever a command prompt is opened, so it seems that it’s used for Asian language input support in the command prompt. I searched the Microsoft Knowledge Base and confirmed it came with Windows.

“This entry is used only when the locale of the computer is set to 932 (Japanese), 936 (Chinese), 949 (Korean Unified Hangul), or 950 (Chinese Big5 Extended).”

I actually checked to see if conime.exe was in the system32 folder on my other computers and sure enough, it is. These spyware-finder sites are completely irresponsible in using FUD to sell software and not presenting the fact that every copy of Windows XP, 2000, and 2003 has an innocuous file with the same name as a possible trojan. I guess the lesson learned is to take the advice of anybody trying to sell you something cum grano salis.

These are from a couple of sites, most say it is BFGhost
  • 0

#7
cleverboy12

cleverboy12

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 687 posts
OK thanks so im clena because when i click on it it is console ime from microsoft.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP