Programs in %appdata%\Microsoft\Windows

A

andis59

New member
Member
Local time
4:23 AM
Messages
77
Location
Mora, Dalicarlia, Sweden
I have just found two programs in my %appdata%\Microsoft\Windows directory
dmview.exe
wshom.exe

They are started at boot/login but I can't find from where...

Anyone knows what they are?

Should there ever be a program in %appdata%\Microsoft\Windows ?

// Anders
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Vostro 1720, HP 7300 elite mt
OS
Microsoft Windows 7 Ultimate 32-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2 cores
Motherboard
Dell Inc. 0J056T
Memory
4GB
Graphics Card(s)
NVIDIA GeForce 9600M GS, 512 Mb
Sound Card
High Definition Audio Device
Screen Resolution
1440 x 900 x 59 hertz
Hard Drives
ST750LX003-1AC154 ATA Device 698,64 GB
Keyboard
Standard Keyboard - PS/2
Mouse
Microsoft Wireless Notebook Presenter Mouse 8000 (IntelliPoi
Internet Speed
14 - 20 Mb/s
Antivirus
AVG Free
Browser
Chrome
Other Info
Bios: Dell Inc. A08, 2010-03-05
Some clues would be nice - like the filenames? :) Duh! sorry.


Please downloadand install Malwarebytes Anti-malware(free version) from http://www.malwarebytes.org/products/malwarebytes_free/- UNtick 'Enable free trial of MBAM PRO' at the end of the installation - and update it, then run a full scan in your main account, and Quick scans in anyother user accounts.



Delete everythingit finds
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
I do agree with Noel.
Could you please put what anti virus programs you have installed in your System Specs?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.
I have added Microsoft Security Essentials to the System Spec.

I'm running Malwarebytes Anti-Malware as we speak. Been running for 3 hours now...

I ran Spybot - Search & Destroy and it couldn't find anything

I run MSE every night and it has not found anything


To my second question: Should there be any programs (*.exe) in the directory %appdata%\Microsoft\Windows or can I add a Local Security Policy disallowing programs to start from this directory?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Vostro 1720, HP 7300 elite mt
OS
Microsoft Windows 7 Ultimate 32-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2 cores
Motherboard
Dell Inc. 0J056T
Memory
4GB
Graphics Card(s)
NVIDIA GeForce 9600M GS, 512 Mb
Sound Card
High Definition Audio Device
Screen Resolution
1440 x 900 x 59 hertz
Hard Drives
ST750LX003-1AC154 ATA Device 698,64 GB
Keyboard
Standard Keyboard - PS/2
Mouse
Microsoft Wireless Notebook Presenter Mouse 8000 (IntelliPoi
Internet Speed
14 - 20 Mb/s
Antivirus
AVG Free
Browser
Chrome
Other Info
Bios: Dell Inc. A08, 2010-03-05
Some programs will legitimately run from this folder - I wouldn't block it completely.

A quick Google for wshom.exe shows that it may be part of a Trojan - dmview.exe may be an associated backdoor.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
At last the scan finished. Six and a half hours and 1267696 objects scanned...

It found this:

Folders Detected: 1
C:\Users\ame\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\ame\AppData\Roaming\dclogs\2013-10-26-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\ame\AppData\Roaming\dclogs\2013-10-27-1.dc (Stolen.Data) -> Quarantined and deleted successfully.

Nothing about dmview.exe or wshom.exe

Any ideas on how to proceed?
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Vostro 1720, HP 7300 elite mt
OS
Microsoft Windows 7 Ultimate 32-bit 7601 Multiprocessor Free Service Pack 1
CPU
Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz, 2 cores
Motherboard
Dell Inc. 0J056T
Memory
4GB
Graphics Card(s)
NVIDIA GeForce 9600M GS, 512 Mb
Sound Card
High Definition Audio Device
Screen Resolution
1440 x 900 x 59 hertz
Hard Drives
ST750LX003-1AC154 ATA Device 698,64 GB
Keyboard
Standard Keyboard - PS/2
Mouse
Microsoft Wireless Notebook Presenter Mouse 8000 (IntelliPoi
Internet Speed
14 - 20 Mb/s
Antivirus
AVG Free
Browser
Chrome
Other Info
Bios: Dell Inc. A08, 2010-03-05

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Built
OS
Windows 10 Pro
CPU
AMD Ryzen 5 2400G Processor with Radeon RX Vega 11 Graphics
Motherboard
ASRock X470 Master SLI/AC AM4 AMD Promontory X470 SATA 6Gb/s
Memory
G.SKILL Ripjaws V Series 16GB (2 x 8GB) 288-Pin DDR4 SDRAM D
Graphics Card(s)
2047MB NVIDIA GeForce GTX 1060 6GB (EVGA)
Sound Card
Motherboard Built in
Monitor(s) Displays
Acer R240HY bidx 23.8-Inch IPS HDMI DVI VGA (1920 x 1080) Wi
Screen Resolution
1920 x 1080
Hard Drives
1TB Sandisk SSD PLUS (Main drive)
500 GB Seagate 7200 RPM (Games)
500 GB Western Digital 7200 RPM (Virtual Machines)
PSU
CORSAIR TX Series TX650M 650W 80+ Gold Modular Power Supply
Case
CORSAIR CARBIDE SPEC-02 Mid-Tower Gaming Case, Red LED Fan
Cooling
220mm, two 120mm, and four 60mm fans
Keyboard
Wired Dell keyboard
Mouse
Wireless Logitech mouse
Internet Speed
250mb down, 30mb up
Antivirus
Panda Cloud Antivirus
Browser
Chrome-ish x64
Other Info
Your awesome for reading this.
I agree - there is enough ther to warrant further investigation.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
Asus K52F or Lenovo B51-80
OS
Win 7 x64 Home Premium (and x86 VirtualBox VM)/Win10
CPU
i3 370M/i7 6500U
Motherboard
Asus/Lenovo
Memory
8GB - finally :)/8GB
Graphics Card(s)
it's an i3, dude!/dual Intel&nVidia
Sound Card
onboard
Monitor(s) Displays
15.6" built-in
Screen Resolution
1366x768/1920x1080
Hard Drives
750GB Seagate internal
Sundry external drives attached to other computers on the local network
1TB SSD on the Lenovo
PSU
n/a
Internet Speed
as much as I can get - usually on a dongle/phone, so <1MB/s
Antivirus
MSE/Defender
Browser
IE11/12/Edge/Chrome/FF(if I must)
You must log in or register to reply here.
Back
Top