This forum software has now been archived into static HTML page (i.e. it does not function as a working forum anymore, so you cannot login.)
In due course a new forum will be available to help support newer CamStudio versions.
Sorry for the inconvenience and thank you for your patience.
In due course a new forum will be available to help support newer CamStudio versions.
Sorry for the inconvenience and thank you for your patience.
C:\Windows\Desktop Manager\dwm.exe
Hi,
Have very recently installed Camstudio and it seems to be very good.
There is one thing, though.
A security notification concerning "C:\Windows\Desktop Manager\dwm.exe" appeared, asking for internet access. The file and its folder appear to have been installed at the same time as Camstudio, so I assumed that there might be a connection. After 'googling', it appears that others have the same question.
The concern is that 'dwm.exe' is a system file that should be in the "C:\Windows\System32" folder, and that any alternative placement gives rise to suspicions of malware.
Some clarification about the nature of this file, and its connection to Camstudio, if any, would be welcome.
Thank you.
Have very recently installed Camstudio and it seems to be very good.
There is one thing, though.
A security notification concerning "C:\Windows\Desktop Manager\dwm.exe" appeared, asking for internet access. The file and its folder appear to have been installed at the same time as Camstudio, so I assumed that there might be a connection. After 'googling', it appears that others have the same question.
The concern is that 'dwm.exe' is a system file that should be in the "C:\Windows\System32" folder, and that any alternative placement gives rise to suspicions of malware.
Some clarification about the nature of this file, and its connection to Camstudio, if any, would be welcome.
Thank you.
Comments
Where did you get your version of CamStudio? We have a "rogue" file out there lately.
The one here is known to work well. http://sourceforge.net/projects/camstudio/files/stable/
Use r294. I would suggest un-installing CamStudio first.
Terry
I'm pretty sure I got it from here: http://camstudio.org/
The installation file is "CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe".
The "C:\Windows\Desktop Manager\dwm.exe" is still there. My security software is blocking it from the internet, though.
Is the file meant to be there? If not, I can delete it.
I can send the installation file, if necessary.
Uninstall that copy and go get a fresh copy here: http://sourceforge.net/projects/camstudio/files/stable/ ... and delete that odd file, or at least rename it to something so it cannot be found.
That one should work OK. If needs be, right-click on the CamStudio icon and select "Run as an Administrator"
Terry
If you are running Windows Vista / Windows 7, there is a dwm.exe desktop window manager that is part of the operating system. It is unlikely that commercial AV would warn against files that exist on factory fresh installations of windows. It is also suspicious because dwm.exe should be in system32, not Desktop Manager.
My gut feeling is that you are dealing with a piece of malware. I just verified the CamStudio_Setup_v2.6b_r294_(build_24Oct2010).exe currently on sourceforge does not install any rogue software (specifically nothing by the name of dwm.exe). If you got Cam Studio from another website its possible that our installer has been troganized. Its also possible that you were infected by some other means at approximately the same time you installed CamStudio.
I would recommend following your AV products recommendations to quarantine / remove the offending dwm files. If you have further issues with it, its probably best to contact your AV vendor directly.
I've checked my browser history and I can confirm that I have downloaded camstudio installer using the link given on the "download" page of the official camstudio site.
That download link was directing to a fake project site on sourceforge named "camstudios" (note the extra "s") . I've been able to find the link in my browser history
More details in the following thread:
http://camstudio.org/forum/discussion/697/another-project-on-sourceforge-with-a-similar-name/p1
I think than Camstudio team should give better information on that problem, maybe via an announce on the home page of the site: It's pretty possible that number of people have installed this malware without notice
It has started to be detected by MSAV only since yesterday, and at that time *no others* anti-virus vendors (apart from McAfee-GW-Edition, according to Virustotal site) were detecting it. This mean that me (and probably many others) have this threat running in background for around 4 weeks.
So every one having downloaded Camstudio around middle to end of June should be advised to scan their PC (maybe by downloading and running "Microsoft safety scanner" which is now able to remove this threat).
[EDIT] Microsoft detect the malware as "TrojanDownloader:Win32/Deewomz.A"
Some analysis of the malware involved:
http://www.threatexpert.com/report.aspx?md5=f8248796d64a7ecb3e6942cdbdec94d8
http://www.virustotal.com/file-scan/report.html?id=910287bf82fb51f53ed6cbb83b7c91ffffd8e09172e1dfdc45c0164c3b14d765-1311101968
For the moment, folks who accidentally installed this malware version should of course uninstall CamStudio. And also do these changes:
1 - Open Task Manager (Ctrl - Alt - Delete), and if dwm.exe shows under the Processes tab, right click it and End Process.
2 - Open a command prompt (Start - Run, type cmd and press OK), type the following at the prompt and press Enter after each:
sc config USmsServ start= disabled
sc delete USmsServ
Then type exit and press Enter to close that.
3 - Locate the following file, and delete it:
C:\Windows\Desktop Manager\dwm.exe
Then delete the Desktop Manager folder.
Infected persons should assume their personal data may have been compromised, and should consider changing all secure login passwords.
I wrote Nick about your findings immediately upon reading the above, and he posted a link in the yellow "support" box on the main page leading to the following blog post:
http://camstudio.org/blog/removing-malware-camstudio
Please keep us informed of anything else you discover about this! So sorry you had to go through that - my laptop was infected as well from testing the wrong program installation.
Terry