BCDBOOT.EXE is worm Rebhip

Dmitry Sokolov recommends UnHackMe!


UnHackMe quickly removes pop-up ads, search redirecting, browser hijack, spyware, keyloggers, PC slowdown issues. Download Now!

Download step by step PDF manual

Join us on Facebook
Click to Download
Solved! The issue has been fixed!
5 Stars (5 / 5)


Share This:

The file BCDBOOT.EXE is a computer worm.
The worm BCDBOOT.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the BCDBOOT.EXE problem as soon as possible!
Delete the file BCDBOOT.EXE from all infected computers in your network.
Set up your network firewall against BCDBOOT.EXE intervention.

Malware Analysis of BCDBOOT.EXE
Full path on a computer: %Program Files%\Microsoft Corporation\bcdboot.exe

Detected by UnHackMe:

Item Name: Policies
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: Explorer Run


Your Vote?
0 0

Item Name: {S3V21DS2-N1XI-YHD2-NPEP-V4U06385636N}
Author:
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: ActiveSetup

Item Name: {UQ671J03-67B6-HS15-8862-52C0177MNL74}
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: ActiveSetup

Item Name: HKCU
Author: Microsoft Corporation
Related File: %PROGRAM FILES%\MICROSOFT CORPORATION\BCDBOOT.EXE
Type: Registry Run

Item Name: bcdboot.exe
Author: Microsoft Corporation
Related File: %STARTUP%\BCDBOOT.EXE
Type: Startup Folder

Removal Results: Success
Number of reboot: 1

BCDBOOT.EXE is known as:

Trojan.Stealer, Virus.Dracur, Worm.Rebhip

BCDBOOT.EXE hash:

  • MD5: d4bfc39f4f0fbcf66b07ba7e01b21b9f
  • SHA1: bf7adc3ba8bcad4cc32befa387eb1ddeaaa74ebc
How to quickly detect BCDBOOT.EXE presence? 

Registry:
  • HKLM\Software\Microsoft\Active Setup\Installed Components\{S3V21DS2-N1XI-YHD2-NPEP-V4U06385636N}\StubPath: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKLM\Software\Microsoft\Active Setup\Installed Components\{UQ671J03-67B6-HS15-8862-52C0177MNL74}\StubPath: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\Policies: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Policies: “%Program Files%\Microsoft Corporation\bcdboot.exe”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HKCU: “%Program Files%\Microsoft Corporation\bcdboot.exe”
Folders:
  • %Common Appdata%\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
  • %Program Files%\Microsoft Corporation
Files:
  • %Appdata%\Administratorv1.18.0.vbs
  • %Appdata%\Administratorv1.18.0log.dat
  • %Appdata%\TuneUpUtilities2011_en-US.exe
  • %Appdata%\winloader.exe
  • %Temp%\12267.dmp
  • %Temp%\1829_appcompat.txt
  • %Temp%\bcdboot.exe
  • %Temp%\downloaded.exe
  • %Startup%\bcdboot.exe
  • %Common Appdata%\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi
  • %Program Files%\Microsoft Corporation\bcdboot.exe

1. Download UnHackMe free 30-day version

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

2. Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed has installed the first Scan will start automatically

Review the detected threats

3. Carefully review the detected threats!

Click Remove button or False Positive.

What to do if you are unable to solve a problem?

UnHackMe Remote Assistant
  1. Open UnHackMe main screen.
  2. Click on a Remote Assistant button.
  3. Follow instructions on a screen.
  4. We will contact you and send a solution of your problem.
  5. Remote assistance is free during trial period.

Enjoy!

Dmitry Sokolov - author of UnHackMe