I happened to drop by the CamStudio website http://camstudio.org/ and found this link on their page stating that there are fake versions of Cam Studio running around with malware due to a recent hacking of their page and sourcefourge which is re-directing users to download infected software, http://camstudio.org/blog/removing-malware-camstudio, well i downloaded camstudio from portable apps, so I dont know if by chance i would be infected with this malware, but part of identifying the malware is to uninstall the software and bring up your task manager and search for dwm.exe which is present in my running processes.
I also saw in the cam studio forums if we downloaded the software (camstudio) from another site there may be a chance you were infected with the malware. please say this isnt so with portable apps.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
is Windows 7's Desktop Window Manager. It's part of the system (if running from C:\Windows\System32\DWM.exe — in the Task Manager, click Show → Select Columns… → Image Pathname).
Previously known as kAlug.
They're referring to fake sites... like when you search for CamStudio in Google and there's an ad for "Get CamStudio Free" and it turns out it goes to a site where it's a fake or malware version. There are actually malware-infected versions of pretty much every app in the world somewhere out there.
What they're not referring to is a site like PortableApps.com. We're the only fully legal portable software site. We've never distributed malware. We scan releases from 3rd party publishers before posting them. And we even have file verification abilities built right into the PortableApps.com Platform so if a file is altered after we've verified it, it will be rejected.
Sometimes, the impossible can become possible, if you're awesome!
ohh man, i didnt know that dwm.exe was part of the OS, so if i took the necessary steps to disabling this "malware dwm.exe" how do i reverse them.
1. You have replied to the wrong comment.
2. Just reboot. And kill/delete any dwm.exe that's not from that folder (C:\Windows\System32).
Previously known as kAlug.
but i followed the command prompt on camstudio website to disable dwm.exe, to reverse that all i have to do is re-boot? and dwm.exe is in my system 32 folder, i see the malware they're talking about is in C:\Windows\Desktop Manager\dwm.exe
That service (USmsServ) doesn't exists on standard Windows. Rebooting will bring the system's DWM back.
Previously known as kAlug.
thanks a lot guys, i freaked out when i saw that file in my process running and didnt know it was part of the system.
You are always welcome to verify any file you are concerned about yourself, using something like jotti or virustotal. For more information on this, see our little blurb about false positives: https://portableapps.com/support#false_positive
Note that as a result of our packaging process, the MD5 for the package as released by the publisher and released by us WILL be different.
Windows has a small(ish) number of files that it guards very closely if you decide/get tricked into disabling them during your next bootup those files will be restored from a semi-secure backup.
Hi,
I am concerned as at my work, we scanned the installer from the official site http://camstudio.org/ (V2.7 md5 388ffa9cb19b85bd507ec85bc4a2ab2e sha1 673efd9452ce70c50f6bce8198b2261dc910302e) and found it has a trojan/adware
https://www.metadefender.com/#!/results/file/f835bc25f3954324adbf593eca3...
https://www.virustotal.com/en/file/2e0ba0c587b15335752a3ff55d2282b446a8e...). The author admits his website has been hijacked in 2014 and that the installer has been compromised (https://sourceforge.net/p/camstudio/discussion/447910/thread/3aa44d33/). But today it seems the installer is still infected.
I scanned the installer from portableapps, V2.7.2, and there is no alert. So I would like to know how are the binary packaged in this portableapps V2.7.2? Does it come from recompilation, a decompression of the installer, or a copy-paste from an installed version? Thank you.