Unknown program found in services


  1. Posts : 14
    Windows 10 Pro
       #1

    Unknown program found in services


    I have a service that I dont understand. I was wondering if anyone else has it in their services list. It's called PAExec.

    Unknown program found in services-paexec.png

    When I search the internet for PAExec that it's a program by Power Admin. Well what the heck is it doing installed on my machine and why? Please someone tell me that this isn't a standard Windows 10 Pro Anniversary service. I never installed the service and need to know what I should do if it doesn't belong there.
      My Computer


  2. Posts : 5,478
    2004
       #2

    craazziee8 said:
    Please someone tell me that this isn't a standard Windows 10 Pro Anniversary service.
    I don't have it on any of my machines so no I guess it isn't.

    You could download autoruns and see what program it is starting (click on the services tab and look under image path). That might give you some clue. If you wanted you could then delete the .exe and delete the service (right click on it in autoruns and select "delete").

    From Google though I'd at least disable (probably delete) it as it seems to be designed to allow remote commands to run.

    PAExec from Power Admin LLC?
      My Computer


  3. Posts : 14
    Windows 10 Pro
    Thread Starter
       #3

    Hey thanks for the quick reply. So I did what you said. Wasnt even showing up in Autoruns but the program was in the C:Windows section of my computer. And when I looked at my services.msc panel it was there plain as day. So what I did was deleted the service via cmd.exe and then deleted the executable. I noticed on Autoruns that when I unhid Microsoft Entries that my Browser service is missing from it's regular placement %systemroot% \system32.

    I dont know how this happened or how to even start looking for this but I really do apprectiate someone helping me so thanks lx07.
      My Computer


  4. Posts : 14
    Windows 10 Pro
    Thread Starter
       #4

    I have noticed I have a lot of weird applications and .dll's in my C:\Users\"Username"\AppData\Local\Temp.
    I have to be honest with you this isnt the 1st time I have noticed some weird things going on with my computer and I guess I really could use some help or some direction in some help. I have windows defender on malwaremalbytes installed and windows firewall on but they must have admin rights or something for this to happen.
    Help.
      My Computer


  5. Posts : 5,478
    2004
       #5

    You can delete everything that is in %localappdata%\temp that is for sure. If you haven't already run a full scan with Malwarebytes and defender.

    I don't know much about cleaning malware though. Hopefully someone else can chip in.
      My Computer


  6. Posts : 14
    Windows 10 Pro
    Thread Starter
       #6

    Okay so I have one file that I'm not able to delete. It's called ~DF02A41D51CF43FB4B.tmp and when I tried to delete it....it said that the file was open in Internet Download Manager, a download manager. Also was wondering if anyone or if you lx07 knows what
    PsProtectedSignerWinTcb-Light on the Protection tab of Process Explorer means. Here's a pic of it.

    Unknown program found in services-process-explorer.png
      My Computer


  7. Posts : 14
    Windows 10 Pro
    Thread Starter
       #7

    Just in case anyone wants to know. the PA Exec spyware slash malware was being installed everytime i used the program DDU diplay driver uninstaller. I dont know if that's part of his program or if someone injected pa exec into it EVERY time I downloaded it but it was from that.
      My Computer


  8. Posts : 1
    Windows 10
       #8

    craazziee8 said:
    Just in case anyone wants to know. the PA Exec spyware slash malware was being installed everytime i used the program DDU diplay driver uninstaller. I dont know if that's part of his program or if someone injected pa exec into it EVERY time I downloaded it but it was from that.
    Same here.
      My Computer


  9. Posts : 4,224
    Windows 10
       #9

    I don't think it's malware. Looks like it's a remote program launch facility from poweradmin.com: PAExec | Server Monitoring Software | Monitor Storage - Power Admin. It could be that a network admin or somebody doing remote support on your PC installed it at some time or another. Read the instructions on the afore-linked page that start with the heading "How to Remove PAExec" to get it off your PC, if you like.
    HTH,
    --Ed--
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:35.
Find Us




Windows 10 Forums