how to detect and remove infected desktop windows manager (dwm.exe ) ?

Nelson123
Nelson123
edited January 2021 in Protection

current using Bitdefender total security : 

i found out dwm.exe is connecting to 94.130.164.163:7777 and using 2 gb ram, high cpu usage

i suspect is bitcoin miner trojan

Currently using firewall to block dwm.exe connecting to internet for around 3 months but now its manage to auto add rule to access back to internet

Need help how to remove this infected dwm.exe

Tagged:

Answers

  • garioch7
    garioch7 Defender of the month ✭✭✭✭✭

    @Nelson123

    DWM.exe is known to consume considerable RAM, at times. See this link for more information.

    If you have any concerns about DWM.exe being possibly infected, then please upload the file to VirusTotal for analysis. If it comes back clean, then the file is not infected.

    Personally, I would be surprised if BD was failing to detect a bitcoin minor trojan.

    Let us know what you find out. Have a great day.

    Regards,

    -Phil

    Former Bleeping Computer Malware Response Instructor

  • Nelson123
    Nelson123
    edited January 2021

    The file i upload is clean, after i unblock the dwm.exe from firewall, its ram and cpu usage increase back, here is what i found

  • garioch7
    garioch7 Defender of the month ✭✭✭✭✭

    @Nelson123

    Thank you for your post. Only 3 of 83 anti-virus programs, according to VirusTotal, which are not that popular, are detecting the URL: 88.99.193.240.

    This link may be of assistance. If the dwm.exe file is located in the Windows\System32 folder, and VirusTotal has reported it as clean, your computer is not infected by that file.

    Have a great day.

    Regards,

    -Phil

    Former Bleeping Computer Malware Response Instructor

  • hmmm...Maybe putting up a search on your pc could help right away. Sometimes the tricky part of this is that most of these malwares are hiding in plain sight, so it is easy to pass them by. The best thing to do is to get at least an antivirus going and make it search for that specific file. That way it cannot pass by the eyes of the antivirus and kill it as soon as it is spotted. This works well when it comes to the biggest files in the computer and it is easy to get it removed too.