DeviiceEject.exe

Elixxir · May 16, 2011

There is DeviceEject.exe, with one - i -

Then there is DeviiceEject.exe, with two - ii -

Both programs are in C:\Windows\System32

MSE removed a Trojan, and traced it to DeviiceEject.exe, the one with two - ii -

I tried to get information about DeviiceEject.exe , the one with two - ii -. But nothing exists.

Can someone, please tell me if this is a legit program. I am about to delete it!

A Guy · May 16, 2011

Elixxir as I replied in the other thread, this is likely one of many files. Suggest running MalwareBytes from safe mode. It would be wise to scab with a bootable AV program as well. These trojans are insidious, and can hide numerous files.

See this thread:

http://www.sevenforums.com/system-security/160570-virus-removal-within-safe-mode.html

A Guy

Elixxir · May 17, 2011

A Guy said:
Elixxir as I replied in the other thread, this is likely one of many files. Suggest running MalwareBytes from safe mode. It would be wise to scab with a bootable AV program as well. These trojans are insidious, and can hide numerous files.

See this thread:

http://www.sevenforums.com/system-security/160570-virus-removal-within-safe-mode.html

A Guy

I scanned with MalwareBytes in Safe Mode as you suggested, and followed it up with MSE scan. But everything was clean.

However, I was stilled troubled that I could not find any information about DeviiceEject.exe (two - ii -). I went ahead and renamed the file DeviiceEject.bak. Since, I renamed the file, I have not experienced any problems at all. In fact, it seems as if internet no longer lags; there used to be a split second lag, but now there is instant response.

Should I go ahead and delete the file?

(I must also report that people have responded to e-mails which I did not send, but seemed to originate from my e-mail address)

fimble · May 17, 2011

I'd give it a couple of days + just to make sure nothing is broken. But to be honest, with a typo like that in its name, I would probably ignore my own advice and just bin it!

A Guy · May 17, 2011

Files such as this, with just slightly altered names of legit files are a common method used by Trojans. They use an extra letter, or a capital instead of the legit files lower case (svchost legit, svcHost not legit, etc.). You can upload any of these suspect files to Virus Total A fake file will not have the correct md5 sum, and it will not say the file has already been scanned, but instead will make a new scan.

I think you are safe to rename, and eventually delete, but you want to make sure you are no longer infected. Emails being sent is another telltale sign of infection. Often sending an attached file to spread the infection, or even spam if your system has been taken over by a bot.

Scanning with a bootable AV disk is suggested, as it runs outside of windows, and will not let these files load. A rootkit scan would also be wise

Panda Anti-Rootkit - Free software downloads and software reviews - CNET Download.com

for instance is free, and does run fine on my x64 Home Premium.

A Guy

DeviiceEject.exe

Elixxir

Banned

My Computer

A Guy

Righteous Dude

My Computer

Elixxir

Banned

My Computer

fimble

New member

My Computer

A Guy

Righteous Dude

My Computer

Similar threads