ch810.exe

Cornhillfarm

I'm getting a startup error message that module ch810.exe can't be found in c:\users\myusername\AppData\Local\Temp\.

 

I've seen some refs to this in German forums but don't have enough German to understand.  Is this evidence of a trojan infection?  If so, how do I deal with it?

 

Iain Lowson 

[Deleted User]

Hi Cornhillfarm,

The error message indicate that the c:\users\myusername\AppData\Local\Temp\ch810.exe doesn't exist on your system anymore, if the executable file is a virus it could not do any harm to your system. I do believe that the file was removed but the entry created in your startup program list remains. Kindly check and remove the entry from the Registry Editor.

1. Start > Run or "Winkey+R", type "regedit".
2. Check and remove the entry contain value of "c:\users\myusername\AppData\Local\Temp\ch810.exe" from location below:

- HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupfolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg

3. Restart your computer and test.

Thanks.


Best Regards,
Jayson

Cornhillfarm

Jayson

 

Thanks very much for responding.  It's encouraging to learn that the error message means that the dodgy file is probably no longer there.  However, I can find no registry entry corresponding to the error message.  I looked in the locations you identified and then did a registry search on a variety of strings, all without success.

 

Any further suggestions would be welcomed.  Should I just put up with the error message?  F-Secure scan returns no bad file and MalWareBytes found two which I have deleted.  They were to do with firewall disabling.

 

Thanks again

 

Iain 

[Deleted User]

Hi Cornhillfarm,

Try to search in these 2 locations:

1. Start > Run or "Winkey+R", type "msconfig".
2. Start > All Programs > Startup.


Best Regards,
Jayson

Cornhillfarm

Jayson

 

There's an entry in the startup folder for CH810.exe.  It's a shortcut to  C:\Windows\System32\rundll32

 

I'm happy deleting the shortcut.  What should I do about rundll32?

 

Many thanks in advance.

 

Iain 

[Deleted User]

Hi Iain,

Rundll32.exe is an important process of your windows operating system. The process rundll32.exe executes dll files and puts their libraries into your system's memory. The Rundll32.exe located in C:\Windows\System32 should be genuine. What you have in Startup folder is just a shortcut, you may proceed to detele it.

Thanks.


Best Regards,
Jayson

Cornhillfarm

Jayson

 

I'm very grateful to you for your prompt resolution of my problem.  Thanks very much.

 

Best wishes.

 

Iain