PENWES re appeared

Discussion in 'Malware Help (A Specialist Will Reply)' started by davidm_uk, Mar 7, 2015.

  1. davidm_uk

    davidm_uk Private E-2

    While creating a new job in Task Scheduler to copy some files around I noticed that there's a job called PENWES scheduled to run at the logon of any user.

    Back in January I had an infection problem which I reported here and ran the whole cleanup process:

    http://forums.majorgeeks.com/showthread.php?t=290437&highlight=PENWES

    There's also a folder C:\Program Files (x86)\PenWes with dnshelper.exe and DNSService.exe in it, the folder is dated 23/01/2015 which is before I ran the cleanup, which I thought inculded removing PENWES.

    So either it didn't, or I've been reinfected somehow, although I haven't knowingley accepted an install of this thing.

    Should I be concerned about it, if so do I need to run the cleanup procedure again?

    (running W7 64b Prof, all updates installed, W7 firewall and Avast AV).
     
    davidm_uk, Mar 7, 2015
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You can just delete the below leftover folders if they still exist.

    C:\Windows\system32\tasks\PenWes
    C:\ProgramData\Penwes
    C:\Program Files (x86)\PenWes
     
    chaslang, Mar 7, 2015
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds