Solved

PC DM Files Legit or Malware???

Posted on 2010-08-16
7
979 Views
Last Modified: 2013-11-22
In the directory C:\Users\Public\Documents\PC DM Files:

There are hundreds of folders which present as some type of backup; however, I suspect malware.

The C: Drive is completely full from these files!

Please advise and include a removal tool suggestion.

Thanks Much!

0
Comment
Question by:kboles101
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:brettkm
ID: 33451418
I would scan your computer with Malwarebytes' Anti-Malware.  It's probably worthwhile installing/updating the software in normal mode, reboot into safe mode, do a full scan, boot back into normal mode and do another full scan.
0
 
LVL 38

Expert Comment

by:younghv
ID: 33453190
MBAM - is always a good starting point.
"Malwarebytes' Anti-Malware" (http://www.malwarebytes.org/mbam.php)

Please note that it is NOT to be run in Safe Mode - if your system will boot to Normal Mode.
From the MBAM Member Forum - a good discussion about how MBAM works and why "Normal Mode" is recommended:
http://www.malwarebytes.org/forums/index.php?showtopic=17334&st=0&p 
0
 

Accepted Solution

by:
kboles101 earned 0 total points
ID: 33453526
Yes...I am familiar and have used with MBAM; thanks both. It turned out to be a "riskware" program installed by the owner: DRPU PC Data Manager.   http://www.f-secure.com/sw-desc/monitoring-tool_w32_pcdm_a.shtml perhaps to monitor teens' activities. They were unaware the logging (over a million files in the span of 4 months) exhausted the hard drive space.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 7

Expert Comment

by:brettkm
ID: 33453561
younghv:  There's plenty of reasons in that forum you posted as to why it's a good idea to scan in safe mode.  As long as you DO do a scan in mormal mode you're fine.
0
 
LVL 38

Expert Comment

by:younghv
ID: 33454021
brettkm,
Actually there isn't - as explained by one of the actual creators of MBAM (nosirrah).
Let's continue the conversation here: http://www.experts-exchange.com/Q_24860646.html
0
 
LVL 38

Expert Comment

by:younghv
ID: 33454049
kboles101,
Glad you solved it.
Is there some kind of simple clean-up function within "DRPU..." or can you do a simple DOS delete command for that particular extension?

If you post the solution you use, one of your options for closing questions is to "Accept as Solution" your own comment.

Doing so will save the answer in our searchable database of "PAQ" (Previously Answered Questions).

Thanks
0
 

Author Comment

by:kboles101
ID: 33534471
Closing comments / thoughts:

This program does appear to barley meet the definition of "legitimate" application and perhaps could have been removed using conventional methods. However, by the time I received the laptop, it was very crippled. Also, the stated purpose of the program is key and user activity logging...AKA spying. To ensure all traces of the spying application were removed, I opted for an HP F11 system restore from scratch.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now