# Terminal Server wum.exe



## wand (Aug 9, 2011)

What is it? Can't find any info anywhere. Is this Windows Update Manager? Causing problems on our win 2003 Terminal Server. Any help would be appreciated.


----------



## Rockn (Jul 29, 2001)

Does it have anything to do with user profiles?


----------



## wand (Aug 9, 2011)

Malwarebytes reports the Windows/System32/wu/wum.exe is a trojan. There were about 20 items found by Malwarebytes related to this program and registry entries. They apparently have something to do with "Perfect Keylogger." I'm still researching for more information about this program/malware and trying to find out why it is there. So far it doesn't exist anywhere else on our systems. I don't know yet if this means that anything has been compromised, but we are checking as there were credit cards processed by the two workstations that accessed this terminal server. I don't understand the lack of information about this program since it seems to have been around for a long time. I suspect it was picked up because the terminal server sessions also had access to the internet, which I will be disabling for these applications/workstations.


----------



## Firebreather (Jul 8, 2011)

Check these links:

http://www.cheapfreevirusscan.com/t/twum.exe.html
http://www.removefakesoftware.com/remove-Downloader.Generic4.WUM.html


----------

