Possible security threat? 'Comine'

spirit

spirit

Moderator
Staff member
I was just having a look through my msconfig as I wanted to disable Skype from starting up when Windows does, and I noticed this entry called 'Comine' from an uknown publisher and it was installed in some weird directory.

uhoh.png


I Googled for 'Comine' and it would appear that it could be a Trojan Horse or something dangerous like that http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Trojan:Win32/Comine.A and http://greatis.com/appdata/d/c/_comine.exe.htm

I'm running a scan with my AV at the moment (Trend Micro Worry Free Business Security) and I will run a scan with Malwarebytes afterwards, but does anybody out there (John?) know exactly what this is? I've never come across it before.
 
Problem solved! Scanned with Malwarebytes, threats removed! :)

Edit: it would appear the threats are not entirely removed, so I'm going to reinstall my PC.
 
Last edited:
It can be malware but usually only when other files are present on your system. I've seen this on systems but its never been malware. What was your malware scanners detecting?
 
johnb35 said:
It can be malware but usually only when other files are present on your system. I've seen this on systems but its never been malware. What was your malware scanners detecting?
Click to expand...

Thanks for the reply John. I scanned with Malwarebytes this morning and it detected 24 pieces of malware, all PUP.Riskware, a bit of Googling shows that it was 'potentially unwated software'. I reinstalled Windows anyway, and I've noticed Conime is back in the msconfig like it was earlier. I haven't installed the software which I believed to causing the infection however. I did some more Googling and I found it is usually only a problem when the process 'bfghost.exe' is running, which it is not on my new installation so I think it's fine.

I'm on my brother's PC at the moment which also has Windows 7. I had a look in his msconfig and found Conime was also starting up, but the software which I think caused my infections hasn't gone anywhere near his machine.

So I think I am safe.
 
I've seen this file startup with windows on a few machines I've worked on. To be sure it wasn't malware, I always scanned them and it never came back as being bad. When conime is actually in the system32\drivers folder, its a worm.
 
OK, I'll have a look in the drivers folder, thanks for the heads up there! I'll also scan with Malwarebytes too once I have finished reinstalling. Trend didn't pick up any of the infections by the way.
 
Checked the drivers folder and there is no 'Conime' file and I've just done a scan with MWB and my system came out clean - no malicious items detected.

Thanks for your help John. I think it's all good now. :)
 
You must log in or register to reply here.
Back
Top