BCDBOOT.EXE is worm Rebhip

Dmitry Sokolov recommends his nice removal tool: UnHackMe


UnHackMe quickly removes rootkits/malware/adware/browser hijack issues!

: Solved!
5 Stars (5 / 5)


The file BCDBOOT.EXE is a computer worm.
The worm BCDBOOT.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the BCDBOOT.EXE problem as soon as possible!
Delete the file BCDBOOT.EXE from all infected computers in your network.
Set up your network firewall against BCDBOOT.EXE intervention.

Malware Analysis of BCDBOOT.EXE
Full path on a computer: %Program Files%\Microsoft Corporation\bcdboot.exe

Detected by UnHackMe:

Item Name: Policies
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: Explorer Run

Item Name: {S3V21DS2-N1XI-YHD2-NPEP-V4U06385636N}
Author:
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: ActiveSetup

Item Name: {UQ671J03-67B6-HS15-8862-52C0177MNL74}
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: ActiveSetup

Item Name: HKCU
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: Registry Run

Item Name: bcdboot.exe
Author: Microsoft Corporation
Related File: %STARTUP%\BCDBOOT.EXE
Type: Startup Folder

Removal Results: Success
Number of reboot: 1

BCDBOOT.EXE is known as:

Trojan.Stealer, Virus.Dracur, Worm.Rebhip

BCDBOOT.EXE hash:

  • MD5: d4bfc39f4f0fbcf66b07ba7e01b21b9f
  • SHA1: bf7adc3ba8bcad4cc32befa387eb1ddeaaa74ebc
How to quickly detect BCDBOOT.EXE presence? 

Registry:
  • HKLM\Software\Microsoft\Active Setup\Installed Components\{S3V21DS2-N1XI-YHD2-NPEP-V4U06385636N}\StubPath: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKLM\Software\Microsoft\Active Setup\Installed Components\{UQ671J03-67B6-HS15-8862-52C0177MNL74}\StubPath: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU: “%Program Files%\Microsoft Corporation\bcdboot.exe”
Folders:
  • %Common Appdata%\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
  • %Program Files%\Microsoft Corporation
Files:
  • %Appdata%\Administratorv1.18.0.vbs
  • %Appdata%\Administratorv1.18.0log.dat
  • %Appdata%\TuneUpUtilities2011_en-US.exe
  • %Appdata%\winloader.exe
  • %Temp%\12267.dmp
  • %Temp%\1829_appcompat.txt
  • %Temp%\bcdboot.exe
  • %Temp%\downloaded.exe
  • %Startup%\bcdboot.exe
  • %Common Appdata%\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
  • %Program Files%\Microsoft Corporation\bcdboot.exe

UnHackMe removes malware invisible for your antivirus!

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1. UnHackMe uses minimum of computer resources.

Testimonials:

Simon:
UnHackMe is a success where others have failed. We have used the software for sometime. Thank you for a great product, which actually works and we believe in the developers.

Bob:
The UnHackMe is a real program, no spyware or phish and works great and is easy to use. Enjoy!

Leave a Reply