TC installs under 'Any User' ? (malware ''Redirect Virus'')

[Phred]

I've noticed that TC is now, more or less by default, installing in the User chain of folders, under the apparently new phantom user 'Any User', rather than under the more traditional \Program Files folder.
I'm wondering why that is.

I'm also wondering whether its being installed there could have implications for security - putting an executable in an arguably insecure location.

Out of curiosity, I ran a search, using TC, for other executables under Users, and found 903 other exe's on this machine for this login.
It gave me pause when it produced results like this:

c:\Users\LimUser\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe

I ran the search again using Windows Explorer (W7/32), yielding 201 items.
A lot of these can be explained by the presence of PortableApps and items under Downloads; I can't use TC's NOT exclusion to search because of its recursive behaviour.
Some programs found include Chrome, AutoHotkey, SkyDrive [sic], RadioSure, Dropbox, Wavepad, Flux - relatively good company.

Nevertheless, questions are prompted:

1. Who is 'Any User' and what is he doing here?
2. Are there security implications in placing insecure executables in insecure loactions?
3 ...as a rider - is TC's recursive searching natural, and can it be eliminated? (Probably deserving of a separate thread.)

Help appreciated.

[ghisler(Author)]

Hmm, no idea - there is no "Any user" on my Windows 7. There is a folder "All Users", though.

Regarding the "Application Data" infinite loop, this happens because your user account doesn't have the rights to read the target of the folder, but you are allowed to follow it.

[white]

I've noticed that TC is now, more or less by default, installing in the User chain of folders, under the apparently new phantom user 'Any User', rather than under the more traditional \Program Files folder.
I'm wondering why that is.

It isn't. The default install folder is "c:\totalcmd". The program must have been installed there once before by someone.

I'm also wondering whether its being installed there could have implications for security - putting an executable in an arguably insecure location.

Sure. The executable could be replaced or infected.

..is TC's recursive searching natural, and can it be eliminated? (Probably deserving of a separate thread.)

Yes, recursive searching is the default. In newer versions you can set the maximum recursion level in the search dialog. Searching in a separate thread is also available in newer versions (see menu Commands, hotkey Alt+Shift+F7)

[Stance]

This is not related to Total Commander
You have malware on the system ("Google Redirect Virus").

TDSS rootkit infection - How to remove:

1. Download the TDSSKiller from KasperskyLabs.
http://support.kaspersky.com/viruses/disinfection/5350?qid=208280684

2. Click on the TDSSKiller.exe icon and rename it to xxx.com (The virus appears not to block ".com").

3. Start the program by double-clicking the icon and select "Run".

4. The TDSSKiller should find the TDSS infection and delete it. Restart your computer by clicking the "Restart Now" button and exit the removal process.

Never use Cracks, Serials und Keygens because it is often malware infested.

If I were you, I would consider to reinstall windows, preferably the 64-bit Windows.

Hth