Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: DeviiceEject.exe

15 May 2011   #1
Elixxir

Windows 7 professional 32 bit
 
 
DeviiceEject.exe

There is DeviceEject.exe, with one - i -

Then there is DeviiceEject.exe, with two - ii -

Both programs are in C:\Windows\System32

MSE removed a Trojan, and traced it to DeviiceEject.exe, the one with two - ii -

I tried to get information about DeviiceEject.exe , the one with two - ii -. But nothing exists.

Can someone, please tell me if this is a legit program. I am about to delete it!


My System SpecsSystem Spec
.
16 May 2011   #2
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Elixxir as I replied in the other thread, this is likely one of many files. Suggest running MalwareBytes from safe mode. It would be wise to scab with a bootable AV program as well. These trojans are insidious, and can hide numerous files.

See this thread:

virus removal from within safe mode

A Guy
My System SpecsSystem Spec
17 May 2011   #3
Elixxir

Windows 7 professional 32 bit
 
 

Quote   Quote: Originally Posted by A Guy View Post
Elixxir as I replied in the other thread, this is likely one of many files. Suggest running MalwareBytes from safe mode. It would be wise to scab with a bootable AV program as well. These trojans are insidious, and can hide numerous files.

See this thread:

virus removal from within safe mode

A Guy
I scanned with MalwareBytes in Safe Mode as you suggested, and followed it up with MSE scan. But everything was clean.

However, I was stilled troubled that I could not find any information about DeviiceEject.exe (two - ii -). I went ahead and renamed the file DeviiceEject.bak. Since, I renamed the file, I have not experienced any problems at all. In fact, it seems as if internet no longer lags; there used to be a split second lag, but now there is instant response.

Should I go ahead and delete the file?

(I must also report that people have responded to e-mails which I did not send, but seemed to originate from my e-mail address)
My System SpecsSystem Spec
.

17 May 2011   #4
fimble

windows 7 ultimate
 
 

I'd give it a couple of days + just to make sure nothing is broken. But to be honest, with a typo like that in its name, I would probably ignore my own advice and just bin it!
My System SpecsSystem Spec
17 May 2011   #5
A Guy

Microsoft Community Contributor Award Recipient

Windows 7 Home Premium x64 SP1
 
 

Files such as this, with just slightly altered names of legit files are a common method used by Trojans. They use an extra letter, or a capital instead of the legit files lower case (svchost legit, svcHost not legit, etc.). You can upload any of these suspect files to Virus Total A fake file will not have the correct md5 sum, and it will not say the file has already been scanned, but instead will make a new scan.

I think you are safe to rename, and eventually delete, but you want to make sure you are no longer infected. Emails being sent is another telltale sign of infection. Often sending an attached file to spread the infection, or even spam if your system has been taken over by a bot.

Scanning with a bootable AV disk is suggested, as it runs outside of windows, and will not let these files load. A rootkit scan would also be wise

Panda Anti-Rootkit - Free software downloads and software reviews - CNET Download.com

for instance is free, and does run fine on my x64 Home Premium.

A Guy
My System SpecsSystem Spec
Reply

 DeviiceEject.exe




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 18:59.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App