File description |
Mdm.exe with description Machine Debug Manager is a process file from company Microsoft Corporation belonging to product Microsoft® Visual Studio .NET.
The file is
digitally signed from Microsoft Corporation - VeriSign Time Stamping Service
We do not recommend removing digitally signed files from Microsoft Corporation
What is mdm.exe?
Mdm.exe is the Windows Machine Debug Manager. It is used for debugging scripts in Internet Explorer, as well as debugging code in Microsoft Visual Studio and other Microsoft development environments.
This process is a nonessential process and can safely be killed and disabled. By killing the machine debug manager, however, you will lose the ability to debug scripts in Internet Explorer. The screenshot below illustrates how this process should appear in the task manager:
In the above screenshot, mdm.exe is running as the current user (Mike); however, it can be run as any user.
Dangers of mdm
As this is a relatively common legitimate process with a cryptic name, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as mdm.exe:
- W32.Sdbot.APE (%SystemRoot%)
- Sdbot is an IRC backdoor Trojan that spreads via common buffer overlow vulnerabilities.
- W32.Unubot.B (%SystemRoot%)
- This is an IRC backdoor Trojan that allows a remote attacker to take over an infected system.
- W32.Bckdr-QJR (%SystemRoot%)
- This is an IRC backdoor Trojan that allows a remote attacker to take over an infected system.
- W32.Agobot.AQ (%SystemRoot%\System32\mdm32.exe)
- W32.Rbot.AIJ (%SystemRoot%\System32\mdm32.exe)
There is often only one instance of this process running at a given time; however, the presence of multiple instances is not necessarily an indicator of a malware infection.
Common problems
- You are prompted to debug when browsing some web pages
- This is normal behavior. If you do not do any debugging, you can safely uninstall the Machine Debug Manager.
- This process uses 100% CPU time
- According to Microsoft, this is a known issue. Kill any instances of mdm.exe and delete all TMP files from your Windows directory.
- If the problem persists, it is safe to uninstall or kill the Machine Debug Manager.
|
Automatic startup locations |
 |
001 Running Processes |
 |
002 Autorun registry entries local machine |
|
003 Autorun registry entries Current User |
|
008 Autorun registry entries Default user |
|
009 Autorun registry entries SYSTEM user |
 |
010 Installed services |
|
012 Autorun registry entries S-1-5-XX users |
|
191 Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run |
|
Digital signatures found for this file |
| |
Signer of certificate |
Issuer of certificate |
 |
Microsoft Corporation |
VeriSign Time Stamping Service |
|
Microsoft Windows Publisher |
VeriSign Time Stamping Services Signer |
|
|
MD5 security rating in our database |
 |
 |
|
1595 |
files (Not yet rated
and
not
signed) |
 |
|
4 |
files (Safe
and
not
signed) |
|
|
25 |
files (Safe
and
digitally
signed) |
|
|
|
Some versions of this filename have not yet been checked for safety.
|
| Warning: Some malware might rename itself to mdm.exe. Always make sure that your file is from a verified publisher. |
|
Application errors |
|
| User comments. |
 |
Microsoft Visual Studio |
|
This was installed when I installed Office 2003. It is part of the Microsoft Script Editor installation. More info can be found at http://support.microsoft.com/kb/321410/en-us |
|
|
Database statistics
Top process list
