BCDBOOT.EXE is worm Rebhip
The file BCDBOOT.EXE is a computer worm.
The worm BCDBOOT.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the BCDBOOT.EXE problem as soon as possible!
Delete the file BCDBOOT.EXE from all infected computers in your network.
Set up your network firewall against BCDBOOT.EXE intervention.
Malware Analysis of BCDBOOT.EXE
Full path on a computer: %Program Files%\Microsoft Corporation\bcdboot.exe
Detected by UnHackMe:
Item Name: Policies
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: Explorer Run
Item Name: {S3V21DS2-N1XI-YHD2-NPEP-V4U06385636N}
Author:
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: ActiveSetup
Item Name: {UQ671J03-67B6-HS15-8862-52C0177MNL74}
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: ActiveSetup
Item Name: HKCU
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: Registry Run
Item Name: bcdboot.exe
Author: Microsoft Corporation
Related File: %STARTUP%\BCDBOOT.EXE
Type: Startup Folder
Removal Results: Success
Number of reboot: 1
BCDBOOT.EXE is known as:
Trojan.Stealer, Virus.Dracur, Worm.Rebhip
BCDBOOT.EXE hash:
- MD5: d4bfc39f4f0fbcf66b07ba7e01b21b9f
- SHA1: bf7adc3ba8bcad4cc32befa387eb1ddeaaa74ebc
Registry:- HKLM\Software\Microsoft\Active Setup\Installed Components\{S3V21DS2-N1XI-YHD2-NPEP-V4U06385636N}\StubPath: “%Program Files%\Microsoft Corporation\bcdboot.exe”
- HKLM\Software\Microsoft\Active Setup\Installed Components\{UQ671J03-67B6-HS15-8862-52C0177MNL74}\StubPath: “%Program Files%\Microsoft Corporation\bcdboot.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: “%Program Files%\Microsoft Corporation\bcdboot.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: “%Program Files%\Microsoft Corporation\bcdboot.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU: “%Program Files%\Microsoft Corporation\bcdboot.exe”
Folders:- %Common Appdata%\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
- %Program Files%\Microsoft Corporation
Files:- %Appdata%\Administratorv1.18.0.vbs
- %Appdata%\Administratorv1.18.0log.dat
- %Appdata%\TuneUpUtilities2011_en-US.exe
- %Appdata%\winloader.exe
- %Temp%\12267.dmp
- %Temp%\1829_appcompat.txt
- %Temp%\bcdboot.exe
- %Temp%\downloaded.exe
- %Startup%\bcdboot.exe
- %Common Appdata%\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
- %Program Files%\Microsoft Corporation\bcdboot.exe
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
