I'm getting a startup error message that module ch810.exe can't be found in c:\users\myusername\AppData\Local\Temp\.
I've seen some refs to this in German forums but don't have enough German to understand. Is this evidence of a trojan infection? If so, how do I deal with it?
The error message indicate that the c:\users\myusername\AppData\Local\Temp\ch810.exe doesn't exist on your system anymore, if the executable file is a virus it could not do any harm to your system. I do believe that the file was removed but the entry created in your startup program list remains. Kindly check and remove the entry from the Registry Editor.
1. Start > Run or "Winkey+R", type "regedit".
2. Check and remove the entry contain value of "c:\users\myusername\AppData\Local\Temp\ch810.exe" from location below:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupfolder
- HKEY_LOCAL_MACHINE\Software\Microsoft\Shared Tools\MSConfig\startupreg
3. Restart your computer and test.
Thanks very much for responding. It's encouraging to learn that the error message means that the dodgy file is probably no longer there. However, I can find no registry entry corresponding to the error message. I looked in the locations you identified and then did a registry search on a variety of strings, all without success.
Any further suggestions would be welcomed. Should I just put up with the error message? F-Secure scan returns no bad file and MalWareBytes found two which I have deleted. They were to do with firewall disabling.
Try to search in these 2 locations:
1. Start > Run or "Winkey+R", type "msconfig".
2. Start > All Programs > Startup.
There's an entry in the startup folder for CH810.exe. It's a shortcut to C:\Windows\System32\rundll32
I'm happy deleting the shortcut. What should I do about rundll32?
Many thanks in advance.
Rundll32.exe is an important process of your windows operating system. The process rundll32.exe executes dll files and puts their libraries into your system's memory. The Rundll32.exe located in C:\Windows\System32 should be genuine. What you have in Startup folder is just a shortcut, you may proceed to detele it.
This topic has been closed due to inactivity. If you would like to discuss this topic further, please start a new post.
You can reference this topic in your post by adding this link:
Visit the Community
Check our Forums or How-to & FAQs for advice or answers
View User Guides
Refer to our getting started guides and product manuals
Talk to our Support agents and get answers to your questions