Jump to content

DMW.exe, Shell.exe, and SVCHOST.exe. What the heck are they?

Recommended Posts

Hello everyone! I had unfortunately run aground of these malware the other day on my laptop, much to my chagrin, considering how paranoid I am about the safety of my computers...

Anyway, I was kind of curious about what the DMW.exe, SVCHOST.exe, and Shell.exe malware trio actually DO. Mostly because the only noticeable thing I could tell that they did was change peoples' internet proxies (and general internet settings) to a different one to shut it off. I was curious if that was all that these 3 did. Supposedly they are rootkits or something of the like, but I am still kind of curious as to whether or not someone can tell me what they do in the way of like... password stealing or anything like that. I had a sort of thought that they might be keyloggers, but then it occurred to me that they shut off internet use, and therefore people couldn't even get to the sites they use to put in their passwords anyway, so I put that thought aside. Anyway, I reformatted my laptop, because I felt it needed it despite the fact that it seemed I had cleaned my system, so cleaning it now is no longer my goal. I'm just searching for information to sate my curiosity. Anything anyone can tell me is greatly appreciated! Thank you for your time and attention!

(Also, forgive me if this isn't the right board for this, I tried checking other boards and this seemed the most appropriate for some reason)

Link to post
Share on other sites

Hi -

This is only a very brief outline of the items that you have selected - I think you missed the first one backwards - All of these items are recognised as regular processes , however they can become infected and cause problems as most processes can -

I would say your best idea is to enter each item into a Google search box , and then you will find the normal process that each item is designed for and what can occur if each one becomes infected - As space is limited , I have just selected 1 quote from each item for you -


dwm.exe is a Desktop Window Manager from Microsoft Corporation belonging to Microsoft

Link to post
Share on other sites

Er, no, I looked into it. I knew that NORMALLY those are files that are a part of Windows. However, DNW is a part of either Vista, or Windows 7, neither of which I have. Shell.exe running under my username doesn't seem right, nor does the SVCHOST.exe running under my user name either. (I had looked up this problem when it occurred.) These are viruses that are named the same as very valid windows programs, but are actually just posing as them. They change the person's internet into a proxy, and in many cases reappear. I was just curious if anyone knew anything about the viruses that pose as these files. I know that normally they are very valid files, however. (I have MANY cases of SVCHost running on my desktop, but none under my username, and no shell or DWM)

Link to post
Share on other sites

Hi again -

If these listed infections do exist on your system , please let our experts review your system and fully clean it -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow ->What do I do now? , skipping any steps you are unable to complete.

The next step is post a ->New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 24-48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :lol:

Link to post
Share on other sites

Hi -

I know my reply was a bit vague , but so are the types of items you listed - These are "places" rather than actual "infections" that you refer to -

Each item you list can be infected by several processes so it was hard to give a direct response except for what they should be -

Glad that you have no infections at this time , however remember we are always here to help -

Thank You -

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.