I have a strange process

[McSeven]

that I disabled. It's name is 'bcfcabcedfbedc.exe'.

Could this be a trojan or keylogger or something else bad?

How can I delete this process entry? I can't find it in 'msconfig'.

Thanks.

Windows 7 Prof x64

 

[nate42nd]

I don't see it here.

ProcessLibrary.com - The online resource for process information!

Double check the spelling and try it again. There is usually some information here.

Hope this helps a little.

 

[jav]

Try right clicking the process and go to properties.

Find where it is located.
Check spelling and post back.

 

[neoasr]

that I disabled. It's name is 'bcfcabcedfbedc.exe'.

Could this be a trojan or keylogger or something else bad?

How can I delete this process entry? I can't find it in 'msconfig'.

Thanks.

Windows 7 Prof x64

use ccleaner to delete entry.. must scan with malwarebytes

 

[McSeven]

I have Avira and it had caught a Trojan. But this entry in the Process table is there and Disabled. I can not find the file on my computer. I had send the file to Avira and they are checking it out. But I don't think my computer currently at risk.

 

[neoasr]

I have Avira and it had caught a Trojan. But this entry in the Process table is there and Disabled. I can not find the file on my computer. I had send the file to Avira and they are checking it out. But I don't think my computer currently at risk.

hopefully.. but if i were u.. then i must do scan with malwarebytes..

 

[McSeven]

Got rid of this bugger using Registry Crawler.

 

[richc46]

that I disabled. It's name is 'bcfcabcedfbedc.exe'.

Could this be a trojan or keylogger or something else bad?

How can I delete this process entry? I can't find it in 'msconfig'.

Thanks.

Windows 7 Prof x64

Whatever it is not too common. I put it into google and only one hit, guess what its your post. Anyway, Happy New Year.

 

[McSeven]

that I disabled. It's name is 'bcfcabcedfbedc.exe'.

Could this be a trojan or keylogger or something else bad?

How can I delete this process entry? I can't find it in 'msconfig'.

Thanks.

Windows 7 Prof x64

Whatever it is not too common. I put it into google and only one hit, guess what its your post. Anyway, Happy New Year.

lololol

 

[Jacee]

I would suggest running Malwarebytes' Anti-Malware, just to make sure you got all the malware off your machine.
Chances are, this file didn't come by itself.

download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.43 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

 

[drazenn]

I would suggest deleting withou thinking about it twice.
I would be dumb(and every body else too) if you even think about believing that process with name such abcdbcdefgabc.exe could be legit process.
Try to remember did you visit one of the "black" sites(maybe unintentionally) with keygens,cracked apps,etc.,cause I remember that I get process named abcd.exe once,from that kind of site.

 

[TaraSWinTeam]

Make sure you are keeping up security to prevent malware: Security checklist for Windows 7.

Cheers,
Tara
Windows Outreach Team

 

[McSeven]

I would suggest running Malwarebytes' Anti-Malware, just to make sure you got all the malware off your machine.
Chances are, this file didn't come by itself.

download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.43 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

Ok, I ran it and it found the following ...

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

But I don't know what it really means.

 

[Dinesh]

I would suggest running Malwarebytes' Anti-Malware, just to make sure you got all the malware off your machine.
Chances are, this file didn't come by itself.

download Malwarebytes' Anti-Malware to your desktop
|MG| Malwarebytes Anti-Malware 1.43 Download
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.

Ok, I ran it and it found the following ...

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

But I don't know what it really means.

Your system is clean

 

[McSeven]

Ok, I guess all is well for now, so I thank everyone's help!

 

[jav]

Ok, I ran it and it found the following ...

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

But I don't know what it really means.

Don't worry, false Positive.
more info: (Hijack.DisplayProperties) - Malwarebytes Forum

Hello

It is not an actual infection, but instead a non-default setting that is often altered by actual infections, however, in Windows Vista and Windows 7 Microsoft changed the default setting to the opposite of what it was in XP so on Vista and Windows 7 systems (such as your own) this detection should be ignored .

If you need anything else please post.

Thanks

McSeven From your log I can see that it was quarantined and deleted. You should fix it as it's Windows native component.
And then run quick scan and when it finds it tell it to ignore it.

How to fix it: (Hijack.DisplayProperties) - Malwarebytes Forum

 

[Jacee]

It looks to be clean ... set a fresh restore point, so you don't accidently go back to the bad one.

http://www.sevenforums.com/tutorials/494-system-restore-point-shortcut.html