Over 1 million tech questions and answers.

Solved: HJT log check please (conime.exe trojan?)

Q: Solved: HJT log check please (conime.exe trojan?)

well i just noticed a strange process in task manager (conime.exe) and did a search for it
and found out it could possibly be a trojan. i checked some more and some said that its a
trojan if bfghost.exe editmm.exe were running at the same time as conime.exe. just in case,can anyone please check over my Hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:24:28 AM, on 14/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B386B45-B2CF-4525-82FE-D3489C2D26C9} (ActozWebLauncher Control) - http://www.latale.com/Launcher/ActozWebLauncher.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141273431406
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you very much for your help.

RELEVANCY SCORE 200
Preferred Solution: Solved: HJT log check please (conime.exe trojan?)

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Solved: HJT log check please (conime.exe trojan?)

Conime.exe is a legit file if ran from the C:\Windows\System32 folder. It is the Console IME.

IME stands for MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and Japanese)

Read other 3 answers
RELEVANCY SCORE 68.8

I've got a program called Conime.exe installed on my computer. =/

AVG, Spybot, and Adaware won't detect it so I've ran a HJT log in hopes that someone can tell me what to do. Thanks a lot. here's the log

Logfile of HijackThis v1.99.1
Scan saved at 오전 1:50:00, on 2006-12-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Razer\razerhid.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Razer\razertra.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C... Read more

A:Solved: Conime.exe Trojan (HJT log)

Read other 7 answers
RELEVANCY SCORE 58.8

Posted this thread yesterday.
MSCONFIG. Have unchecked Conime (path: %windir%|System32) several times in MSCONFIG. Have now removed from same using Crap Cleaner.
Done many searches (manual as well) on my PC for Conime.exe with no results.
I know it is a Microsoft file (Conime.exe) for other languages (do not use other languages) and should be in Windows\System32. It is not.
BUT! Have done search in Registry (Regedit) and found Conime in several places. One example System Procs......Load Conime.
Can I safley delete from Registry?
Have read many conflicting reports as to whether Conime is a Trojan or not.
Maybe I sound Paranoid but I do take security seriously.
Can anyone help?

Thank you for the reply Reventon.

Pasted is DDS Report

Downloaded GMER. When tried to run got error message:

Error GMER
C\Windows\System32\Config\System
The system cannot find the file specified.
Ran anyway with no results.

DDS report


DDS (Ver_10-03-17.01) - NTFSX64
Run by TONY at 11:56:33.80 on 12/09/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.4095.2718 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\... Read more

Read other answers
RELEVANCY SCORE 58.8

everytime i turn my comp on I get nonstop pop ups that say "Runtime Error 21 at 00405DCD" Another error pops up that says "mmlucj.exe has encountered a problem and needs to close"Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:09:55 PM, on 9/6/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Norton Internet Security\ISSVC.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exec:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\Program Files\Common Files\Symantec Shared\ccEvt... Read more

A:Trojan Conime.exe

Hello MzUnique,

I apologise for the delay, the forum is busy.

If you still need help, post a new HijackThis log.

Read other 2 answers
RELEVANCY SCORE 51.2

has anyone here encountered with these trojans?
got it from a friends pen drive...deleted them using avast but now ..

1)my msconfig and regedit dont work,i get the 'windows cannot find regedit' error msg.

2)i can never turn on my 'show hidden files' option cuz it keeps reverting back to 'do not show'

3)cant open any other partion other than the one with windows on it....it runs this file n1deiect.com and then nothing happens...

any suggestions would be well appreciated...
 

A:Solved: qvkwjh.exe conime.exe severe.exe {Moved here...still needs help}

and just for the record...i've tried unhooking using unhook.inf....dint work...tried enabling and disabling regedit from gpedit.msc...but only in vain..
 

Read other 3 answers
RELEVANCY SCORE 47.6

would be grateful if someone could check this

was considering a scan with tds3 - recommend i do that ?

Logfile of HijackThis v1.97.7
Scan saved at 10:23:25 AM, on 6/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
c:\winnt\system32\dllcache\FireDaemon.EXE
c:\winnt\system32\dllcache\FireDaemon.EXE
c:\WINNT\system32\dllcache\userlist.exe
c:\WINNT\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
c:\winnt\system32\dllcache\FireDaemon.EXE
c:\WINNT\system32\dllcache\bnc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Expl... Read more

A:[solved]hijack this log check - after trojan

Read other 15 answers
RELEVANCY SCORE 47.6

I have a Win XP Home SP2 been hit with trojan and viruses.
i have run Ewido full scan - log attached and ran HJT, also attached.
I have also ensured Windows update fully ran and updated.
finally ran a full virus scan using AVAST, with updated signatures
PLease advise if all is now ok with the system?
Thanks in advance

Logfile of HijackThis v1.99.1
Scan saved at 19:33:02, on 26/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CT... Read more

A:Solved: Please check out my HJT log - Trojan attack

Add remove programs - remove Logitech Desktop Messenger

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text f... Read more

Read other 3 answers
RELEVANCY SCORE 47.2

I think i have a trojan virus, can someone there help and check this log?

Logfile of HijackThis v1.98.2
Scan saved at 12:22:07 PM, on 12/23/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows\Local Disk\HiJackthis\HijackThis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.szsndqrnpxs.net/1t7jqSOmj0cIWwfiKL56e6PnuqkSo5hoK5zQZ7YNEy7jix3AcnDJByIrTEZlxmUy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - ... Read more

A:Solved: Trojan Virus. Please check this Hijackthis Log

Read other 16 answers
RELEVANCY SCORE 47.2

Since downloading a game from store cd have been getting more junk mail than I ever got since being online.Also it seemed to pick up when I added knujon to my thunderbird.Thanks for your help.Logfile of HijackThis v1.99.1
Scan saved at 11:46:38 AM, on 5/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\POP Peeper\POPPeeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,S... Read more

Read other answers
RELEVANCY SCORE 47.2

Got hit with Exploit-ByteVerify trojan today...McAfee Virus Scan caught and it could not remove..that it could quarantine only...please look at log to see if there is anything suspicious there...Thank you very much..

Logfile of HijackThis v1.99.1
Scan saved at 3:16:57 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\m... Read more

A:Solved: Exploit-ByteVErify trojan - Please check log

Read other 6 answers
RELEVANCY SCORE 46.8

norton keeps detecting a trojan zob virus, but i cant remove it. please advise me how to do it, and also please could you help me with any other problems from my hijackthis log. THANKS
Logfile of HijackThis v1.99.1
Scan saved at 13:39:11, on 02/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5296.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\APPS\OD2\OD2DLEngine.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\apps\ABoard\AOSD.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\BroadJump... Read more

A:Solved: have a trojan zlob virus, please check my hijack log...

Read other 14 answers
RELEVANCY SCORE 46.8

Hi, I ran a scan this evening with my AVG anti virus software and saw that 7 viruses were detected. They were:
GetAccess.class (was found twice)
InsecureClassLoader.class
Installer.class (was also found twice)
classload.jar-dd2361c-51716919.zip
jrl.jar-79aa262e-2682e90f.zip

I entered the files into Google to see if I could find some software to help me delete these files (as AVG didn't give me the option to quarantine) and went to a website that suggested I download CWShredder. I did and ran the program but it said nothing was found.

I have downloaded Hijack This and have a copy of my log file here:

Logfile of HijackThis v1.99.1
Scan saved at 5:32:09 PM, on 04/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIB... Read more

A:Solved: Trojan virus detected - can someone please check this logfile? Thank you!

Read other 14 answers
RELEVANCY SCORE 42.8

Using msconfig I found in startup (Conime.exe %WINDIR%\HKLM\SOFTWARE\Wo) I don't know weather it's good or bad. Run many scans, no problem found. Should I keep it starting up.

A:What is Conime.exe

Yeah it looks like a windows file so keep it, I googled it and found that it is an important windows file. See Here--> http://www.file.net/process/conime.exe.html

Read other 2 answers
RELEVANCY SCORE 42.8

I try to keep my pc lean'n'clean so was checking the list of Start Up programs with my CCleaner earlier today and found a new entry ....

Key .... HKLM:Run
Program .... conime
Publisher ... this is empty
File .... %windir%/system32/conime.exe

I have no idea how recently this has appeared as I last checked the Start Ups several months ago.

Could some kind person please tell me ...
~ if I should keep this as it is?
~ delete or uninstall (don't know how to)?
~ and/or if I should allow it to start with Windows or disable it?

Many thanks for all and any help

A:What is conime.exe and what (if anything) should I do with it please?

Hi Read the Link below ....

I see you use Avast i would also do a scan with Malwarebytes to be on the safe side ...
conime.exe, what is? - Microsoft Community

Read other 9 answers
RELEVANCY SCORE 42.8

MSCONFIG. Have unchecked Conime (path: %windir%|System32) several times in MSCONFIG. Have now removed from same using Crap Cleaner.
Done many searches (manual as well) on my PC for Conime.exe with no results.
I know it is a Microsoft file (Conime.exe) for other languages (do not use other languages) and should be in Windows\System32. It is not.
BUT! Have done search in Registry (Regedit) and found Conime in several places. One example System Procs......Load Conime.
Can I safley delete from Registry?
Have read many conflicting reports as to whether Conime is a Trojan or not.
Maybe I sound Paranoid but I do take security seriously.
Can anyone help?

A:Conime conime conime

Hi,

You might want to try the Virus/Trojan/Spyware Help Forum.
Make sure you follow THESE STEPS carefully before posting in the Security Forum.

Regards,
Reventon

Read other 1 answers
RELEVANCY SCORE 42.8

I found this in startup, conime.exe. Been looking on Google and there are good ones and
backdoor ones. M/S says it's for there Asian version. Can I just remove it. I found 4 of them and
scanned all 4 and found nothing. I use English only.

Read other answers
RELEVANCY SCORE 42.8

i have searched google for what this file is and i get conflicting info on it everything from that its needed for language packs to its 88%dangerous. please can someone clarify this for me and if it is bad give me a walkthrough on how to remove it. thanks
 

A:what is conime

Read other 6 answers
RELEVANCY SCORE 42.8

I have this process running in my laptop called conime.exe (console IME) and I tryed to figure out what it was through google but is quite confusing. some people said it is a virus but other people say is nothing. Any clues? Here is my Hyjackthis log file:
Logfile of HijackThis v1.98.2
Scan saved at 05:35:29, on 28/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Freecom SYNC\FCSYNC.exe
C:\Program Files\Apoint2K\Apnte... Read more

A:conime.exe

I found this:
http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=42492&messageID=498150

Which led me to this:
http://www.pestpatrol.com/pestinfo/b/bfghost_1_0.asp
 

Read other 2 answers
RELEVANCY SCORE 42.8

Hi,

I have this problem... I found out that I got conime.exe in my computer..

conime.exe, 24Kb in C:\WINDOWS\system32

conime.exe, 27Kb in C:\WINDOWS\SoftwareDistribution\Download\23e8e6bc0b81b274a70a0ca1e9854bcc

CONIME.EXE-13EEEA1A.pf, 8Kb in C:\WINDOWS\Prefetch

I figure that out when my cable internet keep cutting off.
I lost connection after my computer turns on for awhile.

I have just run Ad-AdwareSE but doesn't seem removed conime.exe

Here is the HijackThis log. (but i don't know why it didn't pick up conime.exe)

Logfile of HijackThis v1.99.1
Scan saved at 4:13:29 PM, on 30/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.e... Read more

A:Conime.exe... Please help !!

Here is a new Hijackthis log..
and it contains the conime.exe
can anyone help me? and my computer is having trouble getting connection from cable company... anyone know why?

Logfile of HijackThis v1.99.1
Scan saved at 12:19:47 AM, on 31/07/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\SmartDoctor\... Read more

Read other 17 answers
RELEVANCY SCORE 42.8

Again I am having a problem. A bit different this time........randoms shut downs, finding a conime.exe file from unknown author in my startup after I disable. Restore points gone and amount of space for these points back at zero after I set so many gbs. I had several good virus removal tools from you but have changed OS and they are gone now. I went from XP pro to Win7 Ult. I have downloaded what I could locate in downloads and will be running those. I know you have something called Tool Box I have not found yet. Also this last shut down added my keyboard again and 4 "unknown devices" marked with a ! in device manager. Some of the forums I read asked was I rebooting from xp and win7. I deleted the xp backup and emptied my recycle, but when I restart it is still asking me from win7 or older os so it must still be there. I have run malwarebytes, nothing. Going to run TDSS killer and rkill and will be checking back.

Thanks for your time and trouble.

A:Conime.exe

Hello,post the TDDS and RKill logs with these...MiniToolBoxPlease download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.>>>ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.>>>>I'd like us to scan your machine with ESET OnlineScanHold down Control and click on this link to open ESET OnlineScan in a new window.Click the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.Double click on the
icon on your desktop.Check "YES, I accept the Terms of Use."Click the ... Read more

Read other 8 answers
RELEVANCY SCORE 42.4

Hello,
I would like more information on this process after my research is a process that is registered as a backdoor tool. remote administration of BFGhost 1.0.
Is that this process is essential to remove?
 
thank you
Regards
 

A:Processus conime.exe

Hi,
Conime.exe is part of Windows however there is malware that will take its place so best to
check for those. C:\Windows\System32\conime.exe is the location for the legitimate file however
it could also have been replaced by malware.
Conime.exehttp://www.bleepingcomputer.com/startups/conime.exe-18378.html
http://www.bleepingcomputer.com/startups/conime.exe-24783.html
http://www.bleepingcomputer.com/startups/conime.exe-21214.html
If you need to check for malware here are my recommendations - these will allow you to do
a thorough check and removal without ending up with a load of spyware programs running
resident which can cause as many issues as the malware and maybe harder to detect as the
cause.
No one program can be relied upon to detect and remove all malware. Added that often easy
to detect malware is often accompanied by a much harder to detect and remove payload. So
its better to be overly thorough now than to pay the high price later. Check with these to an
extreme overkill point and then run the cleanup only when you are very sure the system is clean
 
 
This is an excerpt from Microsoft Community Forum and a reply from a community moderator. Also included are BC threads.
 
Hope this helps
 
http://answers.microsoft.com/en-us/windows/forum/windows_vista-files/conimeexe-what-is/1c6eaa96-479b-4026-83d6-a2bced9d5dcd

Read other 2 answers
RELEVANCY SCORE 42.4

Hello I was playing a game called Maple Story and then I went to check my processes, and I see a weird process there called conime.exe. I had not seen it there before, and just today, I installed FlashGet and a gunbound world preview thing. My language is currently set to Japanese as well.After doing some searches at google, some say that it is a backdoor, while others say that it is completely safe. I need help to check whether or not it is safe. I have scanned my system32 directory and AVG has not detected anything.
Here is a HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:32:26 PM, on 5/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG... Read more

A:conime.exe problem

conime.exe is normally teh M$ language system for asian language support
 

Read other 2 answers
RELEVANCY SCORE 42.4

Hello, I am new to this forum. I searched the web about this file called "Conime.exe" and many people say that this is malware while the others say it is a Microsoft file. I'm not sure what is it so i have come to this forum for help. I have pasted a copy of my Hijack this log below. Is this file malware or legitimate?Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:20:38 AM, on 25/6/2010Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.18928)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Cyberlink\PowerCinema\PCMAgent.exeC:\Program Files\Cyberlink\PowerCinema\Kernel\CLML\CLMLSvc.exeC:\Program Files\Cyberlink\PlayMovie\PMVService.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Windows Li... Read more

A:Conime.exe malware?

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.I order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is ... Read more

Read other 3 answers
RELEVANCY SCORE 42.4

okay, here's the deal: i had various big bad bugs on my home computer after i transfered data on a thumb drive from a school computer. the university tech guys completely wiped my system clean and i reinstalled my XP SP2. i have AVG running and ccleaner and no longer have performance issues related the virus. what i do have is a notification of "Windows cannot find C:\Windows\System32\drivers\conime.exe. Make sure you typed the name correctly, and then try again. To search for a file, click the start button, and then click search." every time i start my computer. i teach in china and as a result my computer is script (chinese character) capable. i'm perplexed as to how to get my computer to stop looking for this file upon start up as it is obviously no longer there. any help would be just great. thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:52:06 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA... Read more

Read other answers
RELEVANCY SCORE 42.4

I have searched the web and received conflicting info on this file.Here is a copy of my HiJack this log notice line- O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exeShould this file be removed or is it a legitimate file?Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:40:28 PM, on 5/12/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exeC:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exeC:\WINDOWS\VM_STI.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exeC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\Common Files\Logishrd ... Read more

A:Need help with file "conime.exe"

Hello G Dawg131,Are your scans coming up clean? Let's have a look at it:Please navigate to the following file: %windir%\system32\conime.exePlease go to VirusTotal and submit the file for a scan and post the results in your next reply.How is your computer running? Any other problems?Thanks,tea

Read other 4 answers
RELEVANCY SCORE 42.4

well i was browsing my task manager wondering why my computer was acting wierd and i noticed a process i've never seeb before it was conime.exe...and i googled it and it siad that it was a trojan or backdoor...i ran adaware but nothing happened...

heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 2:53:44 AM, on 02/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\Documents and Settings\Ryan\Desktop\Folders\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Acr... Read more

A:conime.exe-hijackthis log

Adaware is Anti-spyware not Anti Virus

Perform an online scan in Internet Explorer with Panda ActiveScan
Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Read other 2 answers
RELEVANCY SCORE 42.4

Hey BleepingComputers. Recently after getting a virus (which I believe is removed) I noticed a process called "conime.exe" running. I had never seen this before. I ran MANY scans using different antivirus/malware detection & removal programs, and they all said my computer is clean, I also ran the scans on the conime.exe itself, and found nothing.I read that this could be part of displaying the Japanese language, but being english, I never needed to use the Japanese language pack, or visit a Japanese website. After finding nothing with the scans I assumed this was a legit conime.exe and went to bed. When I got up in the morning, and woke up my computer from sleep mode, I checked the Task Manager and noticed that multiple (approx. 10) conime.exe's were running. Each using only 56 k or 60 k of memory. I think there is still a virus someone within my system.Here is a HijackThis log with the conime.exe process running. Please try to help, thanks. ---Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:48:53 AM, on 14/12/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16764)Boot mode: NormalRunning processes:C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Java\jre1.6.0_07\... Read more

A:Conime.exe Multiplying? Please Help.

Hello BradFournierWelcome to BleepingComputer ========================Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Read other 1 answers
RELEVANCY SCORE 42.4

Ive noticed I have conime.exe now starting up and Im not sure wher it came from, it's only appeared in the last few weeks.I have read the other reads about it and mine is in C:\Windows\i386 directory and it does say it is from Microsoft. However, I am in the UK and do not use or intend to use any Asian languages.When I run Autoruns it shows in the Logon section as also being in the Windows\System32 folder !I have run hijack this and the file is as below:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 17:22:30, on 21/06/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.17055)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\astsrv.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Kodak\AiO\Center\ekdiscovery.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHo... Read more

A:Do I have conime.exe virus

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 2 answers
RELEVANCY SCORE 42.4

my boyfriends computer has something called conime.exe in the startup. We looked it up and it can be part of a bfghost virus? I tried the "how to remove these infections manually" and couldn't find it with autoruns...also tried Malware bytes and microsoft security essentials as well as registry fix. unsure what else to do.

thanks.

A:conime.exe removal?

Hello,

Conime.exe is a legitimate Windows file and should not be removed. You can find a bit more information here: http://www.bleepingcomputer.com/filedb/conime.exe-711.html

Do you have any problem with your computer that makes you think it is infected?

Read other 4 answers
RELEVANCY SCORE 42

It seems despite my best efforts I cannot remove something that is adding conime.exe to my start up.It keeps appearing. I feel the PC is broadly clean but then something new appears.Probably down to having two boys on miniclip!I have Microsoft essentials Zone alarm I have downloaded and run Malware Bytes antimalware and it cleaned a few things. I also put winpatrol on and it at least alerts me each time conime is being put in my start up!HELP!I can post DDS file and GMER file if needed. Or even a hijack this log!Grrr Conime added everytime to my start up...What is doing this??? A rootkit?See attached hijack this output..My hijack this might be clean as I am stopping conime running..perhaps I will let it run and then the virus will show?EDIT: Posts merged ~Budapest

A:Conime keeps appearing in start up

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. Please take note: If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the '... Read more

Read other 3 answers
RELEVANCY SCORE 42

Hello and thanks. Continuing from topic #479833...

HP Pavillion laptop running Vista 64.
Had massive pop ups flooding screen. They were web browser windows all connecting to a site for a musical celeberty (not porn). Was able to run the usual scans (MBAM, SAS, SPYBOT and AD AWARE SE). Found and deleted a Trojan. I did not note which one - sorry, but it was a 'gen' type.
No more pop ups and everything working EXCEPT I am left with 2 issues (of course). 
1 - SCARY. Something is consistently sending packets to the internet. I had a NetworkMeter on the Sidebar and it would show about 5 spikes 1 second apart and then stop for 5 seconds and then repeat the spikes. This would go on for 20 seconds and then stop for about a minute or 2 and then repeat.

2 - ANNOYING. The Menu Bar (File, Edit, View) keeps stealing focus. It will highlite the File menu and any keystroke will select the appropriate menu command. This happens in ALL windows (IE, WORD, and any EXPLORER windows) and also happens with no windows open at all - the desktop, or icons on the desktop will randomly flash or blink. In a Window, the focus does not stay on the Menu Bar, but goes back and forth randomly from what you were doing - trying to enter text into a search field, or type a web adress or fill out an online form. 
Tried to get rid of this through the usual scans - ESET, RogueKiller, ComboFix (ooops sorry!) HJT... and a few others mentioned in your Forums. Trouble is that I tried to do it ... Read more

A:possible conime - menu bar focus

Greetings ForeverRogue and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance. Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do... Read more

Read other 26 answers
RELEVANCY SCORE 42

I just got a Gateway desktop about a month ago, and today an app showed up on the startup called "Conime". It gave me the option to disable it (which I did). But I couldn't find anything on the computer that matched that name when I did a search on it. When I did an online search, the articles stated that it was possibly a virus.
 
We are running Norton security which came with the PC, which showed no problems. We ran the Malware Bytes program and nothing was flagged there either.
 
I need to know if we are infected or not. We are not very computer literate on Windows8, the last one we had was Windows Vista, so it's a HUGE jump. I took a screen shot of the task manager to show what it says.
 
Thanks.
 

A:Conime app on Start up - Windows8

conime.exe - Microsoft Console IME (Input Method Editor); used for Asian language input support in the command prompt.

Read other 3 answers
RELEVANCY SCORE 42

Hi Peers

Have you got the conime.exe virus

Not even with malwarebytes, Mcafee or combo fix was able to remove
I had it to do a lot of things to remove it, it won't let you install anything, it reproduce ...you may have to stop it from taskmgr and then search at HKLM software/microsoft/windows/current version but it reproduce itself
If someone got another way to remove it please let me know

Cheers

Chriso89

Read other answers
RELEVANCY SCORE 42

Hi , im new to this forum , firstly english is my second language so im sorry for bad english
i'm desperate looking for help for my computer
sometimes svchost.exe process exceed 50% and lagged my computer
and in process explorer there is conime.exe keeps running again even if i kill that process
and there is another random .exe process running from my temp folder that will run again if i kill the process with different names.
also the virus prevent me to open taskmgr and regedit , it says has been disabled by your admin
my avast keeps giving me false alarm and i cant run windows in safe mode it always giving me bluescreen
ill post that screenshot: nevermind with the text in the image , its in another language

and this is my hijack this log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:01 PM, on 6/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\syste... Read more

Read other answers
RELEVANCY SCORE 42

Hi All, Thank you for taking the time to read my post My Daughters laptop is acting up its become real slow and Ive just come across conime.exe would like to know what file is this and is it safe or harmful?....Any replies will be very appreciatedThank You Donnamarie

A:conime,exe is it safe or harmful

is it conime,exe or conime.exe

The process Console IME or conime.exe belongs to the software Microsoft Windows Operating System or conime.exe by Microsoft Corporation (www.microsoft.com).

Description: conime.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 27,648 bytes (58% of all occurrence), 69,120 bytes, 68,608 bytes, 24,576 bytes, 66,048 bytes, 25,600 bytes.
File conime.exe is a Windows system file. The program has no visible window. conime.exe is a Microsoft signed file. Therefore the technical security rating is 4% dangerous.

Source:
http://www.file.net/process/conime.exe.html

Read other 2 answers
RELEVANCY SCORE 42

Hi,

I'm pretty sure I have some kind of virus/some harmful thing on my PC, I'm not so good with computers but usually I keep an eye for processes on Windows Task Manager (take a look every day if everything is normal) and today there appeared conime.exe and in description "Console IME", and csrss.exe and nothing in description. After a while I tried to take them down/shut them or something(following instructions from another forum), I got blue screen of death, and then I was pretty sure it is virus, because it did same again(shut my pc down). I tried to run avast!, didn't find anything. I tried over 5 scans - full scan, quick scan, then 3 times "select folder to scan" and I scanned first C:/Windows folder, then C:/Windows/system32 and last time I scanned whole C disc. Didn't find anything. There still was those programs/something running/showing up at the processes working. Then I searched for more help, I installed SpyBot S-D, it didn't find anything. Then I installed Ad-Aware and it just finished scanning - found anything.
Then I wanted to try HiJackThis program. I installed it, then run it. I got some kinda problem with that too, I guess:
I try to run; "Do a system scan and save a logfile", shows up like this:
http://i50.tinypic.com/sbpsmh.jpg
and when I click "ok", it continues and I got some kinda list:
(doc file)

and after I get the list, shows this:
http://i49.tinypic.com/2rh1zde.jpg
I'm not sure is something wrong? ... Read more

A:conime.exe and csrss.exe problem(s)

Sorry for doublepost, but for some reason I couldn't edit it anymore. Or I'm just so newbie. :)
But, atleast now I'm sure it's not harmless program/whatever. Everytime I try to open folders, first they "crash" (not responding), then wait for a while, windows asks me to close it immediately or wait for it to respond, but the folder never responds. After 2-3 tries I can open the folder. Kinda frustrating.

PS. If I have any "wrong" programs on my PC, just tell me - I get rid of them (if you can't help me if I have some wrong, I'm not sure what's wrong and what's right yet, PC programs always lies :( )

Read other 2 answers
RELEVANCY SCORE 41.6

Hi there,

Please help.

I got a message saying that WRP was unable to fix some of the corrupt files and when I look into the CBS log, I found this:


Code:
POQ 73 ends.
2008-10-21 10:54:53, Info CSI 00000187 [SR] Verify complete
2008-10-21 10:54:53, Info CSI 00000188 [SR] Repairing 1 components
2008-10-21 10:54:53, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2008-10-21 10:54:53, Info CSI 0000018a [SR] Cannot repair member file [l:20{10}]"conime.exe" of Microsoft-Windows-ConsoleIME, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2008-10-21 10:54:53, Info CSI 0000018b [SR] Cannot repair member file [l:20{10}]"conime.exe" of Microsoft-Windows-ConsoleIME, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing
2008-10-21 10:54:53, Info CSI 0000018c Hashes for file member \??\C:\windows\System32\conime.exe do not match actual file [l:20{10}]"conime.exe" :
Found: {l:32 b:47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=} Expected: {l:32 b:eBIYSvwk96JF09FA6wwaSiPnOzS8CowVVnFTaAhvA3Y=}
2008-10-21 10:54:53, Info CSI 0000018d [SR] Could not reproject corrupted file [ml:520{260},l:46{2... Read more

A:SFC found corrupted conime.exe file?

Hello Booqwer,

If you are not having any problems with anything, then I would not worry to much about it.

I have attached a copy of the C:\windows\System32\conime.exe file in a ZIP file below from my system that you can use to replace yours with a clean copy of it. I would make a backup copy of your file to keep just in case my file will not work for you so you can restore it if needed. You may need to Take Ownership of your C:\windows\System32\conime.exe file before it will let you Copy and Replace it with the new one.

conime.zip < Click to Download


Hope this helps,
Shawn

Read other 3 answers
RELEVANCY SCORE 41.6

Ok so... I have been having some computer problems (Listed Below) and am doing a very rare for me computer security sweep. I am running AVG Free, A full scan, I have a HijackThis! log (Also posted below) I know I have something called conime.exe which I have read is bad so I am working on removing it.

Important Computer Specs
OS: Windows 7 Pro
Anything else you wish to know just ask and I will supply

Computer Problems

Slowness
When attempting to test my microphone in teamviewer my entire computer crashes
Other general problems I have been living with for months now I was just too lazy to remove (Sorry)

Hijack This Log

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:37 PM, on 6/20/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\AVG\AVG9\avgui.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [URL]http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html[/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL]http://us.rd.yahoo.com/customize/ie/defaul... Read more

Read other answers
RELEVANCY SCORE 41.6

Hi folks... I've read up on the Conime malware but mine seems to be acting strange. Ever since it appeared my computer takes about 3 to five minutes to shut down. Also I was prompted yesterday to add Amazon to my Google Chrome even though I never requested it.Today when I'm online my computer just hangs in 'working mode' and there is lots of activity on the Network of Resource Monitor. 
 
I have done a DDS and had a look but nothing jumps out. 
 
What do I do next?
 
Thanks, you guys are great!
 
Allan

A:Conime, Amazon, Slow to Shutdown,

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/523206 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 2 answers
RELEVANCY SCORE 41.6

Hi,

My kids computer is running 64-bit windows vista.

It was running exceptionally slow so I attempted to run Malwarebytes but was unable to update definitions. Went to safe mode and ran rkill before attempting to use malwrebytes again. Rkill said it stopped conime.exe in memory. Started Malwarebytes and again was still unable to update. Started scan which then froze after a few minutes. Restarted computer. It now does not allow any browsers (ie explorer, firefox or chrome)or anti virus (Kasperskey, Malwarebytes, Spybot)to open. I also cannot now get Rkill to run (it says another program is using the file). When I try to open any executables I get the following error message: This came up when I tried to run DDS - DDS.SCR - Bad Image - C:\Windows\system32\version.dll is either not designed to run on windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

As I said, I was unable to run DDS.scr.

I also tried running hijackthis and got a could not load version.dll message as well.

fwiw the file conime.exe is located at C:\windows\syswow64\conime.exe. If you look at the file in that location it has a microsoft icon that is unlike any other I have seen. It actually looks fake. I tried to rename, move, or delete the file but received a message saying It cannot be deleted.
Help! We need this computer because some of my kids... Read more

A:Computer Hijacked- is conime.exe the culprit?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/433485 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 4 answers
RELEVANCY SCORE 41.6

Hi friends,
Every time i start my pc it gives me an error that it cannot find this particular file. Can you please help me with it. I tried installing xp repair pro 2007 but it did not help. Also i m not a pro at using the computer so please explain me in simple terms what all i need to do to get rid of it. Any help will be appreciated.
 

A:C:\WINDOWS\system32\drivers\conime.exe

Read other 16 answers
RELEVANCY SCORE 41.6

Sometimes I got conime.exe on my task manager, even if I'm using AVG & ComodoI don't know why & I google that it's a backdoor or somethingI also got this kind of error:http://i12.tinypic.com/6higkg5.pngIt's not only winmugen.exe, but some other program (I forgot what else), also sometimes I got that error & after that my services.exe gone from my task manager & I need to restart my computerSome other event: I restart my computer, got that debugging, and my services.exe down & need to restart again& I want to remove this:http://img230.imageshack.us/img230/5716/84086383ri2.pngI already uninstall it, but there's a problem when I uninstall SQL & those are still on my servicesI can't remove it using "sc delete SQL Server Browser & sc delete [SQL Server Browser]"I type those on start-> run -> cmdIt gives me:[SC] OpenService FAILED 1060:The specified service does not exist as an installed service. This is my log:Logfile of HijackThis v1.99.1Scan saved at 10:46:12, on 2007/06/20Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\P... Read more

A:Error On Sql/visual Studio & Conime.exe

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis LogPlease also post the problems you are having.

Read other 6 answers
RELEVANCY SCORE 41.2

Hi, I keep receiving the error c:\windows\system32\drivers\conime.exe when I start up my computer. It tells me it cannot find the file.
 

A:c:\windows\system32\drivers\conime.exe error

Read other 8 answers
RELEVANCY SCORE 41.2

Hi, I hope that someone familiar with trojans, viruses, etc could help me out.

Using mconfig.exe I found two entries of conime.exe located in %windir%\system32.

After doing a couple of google searches. I quickly found out that it is an exe used for gaining remote access to a pc.

One is active, and one is disabled.

The one that has been disabled has a modified date of 4/24/2012. So whoever these guys are, have had access to my system for months now.

For now, I'm going to wipe my system using gparted after backing up anything worth saving.

My question is, how can something like this get copied onto a system when an antivirus and noscript is enabled?

My WPA password has always been weak, so maybe that's how?

Thanks. I would greatly appreciate the help.

A:I think my computer has been remotely accessed for months using conime.exe

Do you use or have you installed Emule or any other P2P software?

Read other 4 answers
RELEVANCY SCORE 40.4

Yeah, hi i have this same virus from this thread http://www.bleepingcomputer.com/forums/topic425468.html

they're in the exact same locations as stated in the tread, i was wondering if you can help me remove it ive tried everything symantec couldnt detect it (cause it's disguised as a rundll32.exe file which is apperentally trusted by windows QQ) but what ive noticed. when it replicates it's self, a quick cmdprompt window appears and disssappears and the files are back. i havent checked the registry to see if those items listed in the thread above where there, im just aassuming they are. and also. i'm just scared to delete any registry thing i dont know fearing that i'll just make my pc explode.

any help would be lovely.

A:eMuleMorphXT (conime. exe); Shareaza (cftmon); Ares (ctflr)

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 16 answers
RELEVANCY SCORE 40.4

hi guys, i must commend this life-saving service u r rendering.
i followed the instruction given someone on this topic up to a point where one is to copy and paste a log. My log is thus:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:20 AM, on 7/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.... Read more

A:error message:C:\WINDOWS\system32\drivers\conime.exe

Hi and welcome to TSG,

Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.

Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other wi... Read more

Read other 1 answers