I have just found two programs in my %appdata%\Microsoft\Windows directory
dmview.exe
wshom.exe
They are started at boot/login but I can't find from where...
Anyone knows what they are?
Should there ever be a program in %appdata%\Microsoft\Windows ?
// Anders
Some clues would be nice - like the filenames? :)Duh! sorry.
Please downloadand install Malwarebytes Anti-malware(free version) from http://www.malwarebytes.org/products/malwarebytes_free/- UNtick 'Enable free trial of MBAM PRO' at the end of the installation - and update it, then run a full scan in your main account, and Quick scans in anyother user accounts.
Delete everythingit finds
I do agree with Noel.
Could you please put what anti virus programs you have installed in your System Specs?
I have added Microsoft Security Essentials to the System Spec.
I'm running Malwarebytes Anti-Malware as we speak. Been running for 3 hours now...
I ran Spybot - Search & Destroy and it couldn't find anything
I run MSE every night and it has not found anything
To my second question: Should there be any programs (*.exe) in the directory %appdata%\Microsoft\Windows or can I add a Local Security Policy disallowing programs to start from this directory?
Some programs will legitimately run from this folder - I wouldn't block it completely.
A quick Google for wshom.exe shows that it may be part of a Trojan - dmview.exe may be an associated backdoor.
At last the scan finished. Six and a half hours and 1267696 objects scanned...
It found this:
Folders Detected: 1
C:\Users\ame\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Users\ame\AppData\Roaming\dclogs\2013-10-26-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ame\AppData\Roaming\dclogs\2013-10-27-1.dc (Stolen.Data) -> Quarantined and deleted successfully.
Nothing about dmview.exe or wshom.exe
Any ideas on how to proceed?
Visit the malware removal forum and make sure your clean. :)
System Security - Windows 7 Help Forums
Quote