Dumaru Removal Tool

Dumaru Removal Tool crack / serial

Dumaru Removal Tool is a lightweight application that can completely erase the Win32.Dumaru worm in all its variants.

[email protected] arrives as a fake email from Microsoft:

Dumaru Removal Tool

Download Dumaru Removal Tool crack and serial

 

From: "Microsoft" [email protected]

Subject: Use this patch immediately !

Body:

Dear friend , use this Internet Explorer patch now!

There are dangerous virus in the Internet now!

More than 500.000 already infected!

Attachment: patch.exe

When executed, the virus will do the following:

Copy itself as:

%SYSTEM%load32.exe

%WINDOWS%dllreg.exe

%SYSTEM%vxdmgr32.exe

Drops and executes a backdoor component

%WINDOWS%windrv.exe (8192 bytes)

which connects to a IRC server and joins a password protected channel, sends a login notice and waits for the author to issue commands.

Creates the value

"load32"="%SYSTEM%load32.exe"

in the registry key

[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]

On Windows 9x/Me systems, it does the following:

uses RegisterServiceProcess to hide its presence;

modifies system.ini by adding the entry in the [Boot] section:

shell=explorer.exe %System%vxdmgr32.exe

modifies win.ini by adding the following entry in the [Windows] section:

run=C:WINDOWSdllreg.exe

Harvests e-mail addresses from files matching

*.htm

*.wab

*.html

*.dbx

*.tbb

*.abd

and stores them in %WINDOWS%winload.log file.

It uses it's own SMTP engine and sends itself to the e-mails harvested in winload.log file (see above for the infected e-mail format).

It searches for *.exe files belonging to several antivirus/security products and attempts to overwrite them with copies of the virus.

Win32.Dumaru.B/[email protected] is a mass mailer that has backdoor abilities (listens on TCP ports 1001, 2283, 10000) and also comes with a keylogger.

Attempts to terminate processes belonging to several security and antivirus programs.

On NTFS partitions, it may overwrite .exe files with copies of the virus.

It spreads using this format:

From:

[email protected]

Subject:

Use this patch immediately !

Body:

Dear friend , use this Internet Explorer patch now!

There are dangerous virus in the Internet now!

More than 500.000 already infected!

Attachment:

patch.exe

Once run, the virus does the following:

1. Creates the aforementioned files and registry keys/entries.

2. Attempts to terminate processes:

ZAUINST.EXE

ZAPRO.EXE

ZONEALARM.EXE

ZATUTOR.EXE

MINILOG.EXE

VSMON.EXE

LOCKDOWN.EXE

ANTS.EXE

FAST.EXE

GUARD.EXE

TC.EXE

SPYXX.EXE

PVIEW95.EXE

REGEDIT.EXE

DRWATSON.EXE

SYSEDIT.EXE

NSCHED32.EXE

MOOLIVE.EXE

TCA.EXE

TCM.EXE

TDS-3.EXE

SS3EDIT.EXE

UPDATE.EXE

ATCON.EXE

ATUPDATER.EXE

ATWATCH.EXE W

GFE95.EXE

POPROXY.EXE

NPROTECT.EXE

VSSTAT.EXE

VSHWIN32.EXE

NDD32.EXE

MCAGENT.EXE

MCUPDATE.EXE

WATCHDOG.EXE

TAUMON.EXE

IAMAPP.EXE

IAMSERV.EXE

LOCKDOWN2000.EXE

SPHINX.EXE

WEBSCANX.EXE

VSECOMR.EXE

PCCIOMON.EXE

ICLOAD95.EXE

ICMON.EXE

ICSUPP95.EXE

ICLOADNT.EXE

ICSUPPNT.EXE

FRW.EXE

BLACKICE.EXE

BLACKD.EXE

WRCTRL.EXE

WRADMIN.EXE

WRCTRL.EXE

PCFWALLICON.EXE

APLICA32.EXE

CFIADMIN.EXE

CFIAUDIT.EXE

CFINET32.EXE

CFINET.EXE

TDS2-98.EXE

TDS2-NT.EXE

SAFEWEB.EXE

NVARCH16.EXE

MSSMMC32.EXE

PERSFW.EXE

VSMAIN.EXE

LUALL.EXE

LUCOMSERVER.EXE

AVSYNMGR.EXE

DEFWATCH.EXE

RTVSCN95.EXE

VPC42.EXE

VPTRAY.EXE

PAVPROXY.EXE

APVXDWIN.EXE

AGENTSVR.EXE

NETSTAT.EXE

MGUI.EXE

MSCONFIG.EXE

NMAIN.EXE

NISUM.EXE

NISSERV.EXE

3. On Windows 9x/Me systems, alters win.ini and system.ini in order to run at startup.

[windows]

run=%WINDOWS%dllreg.exe

[boot]

shell=explorer.exe %SYSTEM%vxdmgr32.exe

4. Harvests e-mail addresses by searching inside:

.htm

.wab

.html

.dbx

.tbb

.abd

and attempts to send itself using the e-mail format described above, using it's own SMTP engine and the default SMTP address.

5. Attempts to infect .exe files on NTFS partitions, but due to a bug in the search, it will only infect .exe file on the root of drives.

6. Connects to an IRC server, and joins a channel, listens on ports 1001, 10000 (TCP) for commands from an attacker. Also, port 2283 (TCP) is used as a send through (like a proxy).

7. Captures and logs the clippboard to %WINDOWS% undllx.sys

8. Captures and logs keystrokes (but also program name) to %WINDOWS%vxdload.log

9. Attempts to connect to a ftp server and upload a .eml file that contains passwords and other informations.

Win32.[email protected] is a worm that comes by mail in the following message:

From: "Elene"

Subject: Important information for you. Read it immediately !

Body:

Hi !

Here is my photo, that you asked for yesterday.

Attachment: MYPHOTO.JPG .EXE

The worm copies itself to Windows System folder with names L32X.EXE and VXD32V.EXE and in the StartUp folder with the name DLLXW.EXE, adds the registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunload32 = L32X.EXE

Also it adds to the shell line (in SYSTEM.INI on Windows 95, 98 and Me, or in the registry on Windows NT, 2000 and XP):

Shell = %SYSTEMDIR%vxd32.exe

A keylogger and clipboard monitor is also installed, and the worm listens for commands on port 2283 and opens a FTP server on port 10000.

The mass-mailing component collects e-mail addresses from files with extensions .htm, .wab, .html, .dbx, .tbb, .abd and sends e-mails using its own sending engine.

Released: Jul 30th 2010 Rating: 4.3
Size: 58 KB Downloads: 4147
Systems: Win All

User replies

17 November 2018, George said:

muito obrigado pela keygen do Dumaru Removal Tool

04 November 2018, Anthony said:

grazie mille per il keygen del Dumaru Removal Tool

Leave a reply

Your email will not be published. * Required fields

Website search

Recently updated

Aurora Malware Removal Tool Aurora Malware Removal Tool Scan your computer for Aurora malware, a virus which uses Internet Explorer vulnerability for stealing private data, and remove the infected files
Zlob Removal Tool Zlob Removal Tool Remove Zlob Trojan infection from your computer in order to keep personal files and photos protected from any intrusions or theft
Security Tool Removal Tool Security Tool Removal Tool Remove the fake Security Tool from your Computer.

Software News

Jul 11
Online virtual worlds can help social movements raise awareness and create safe spaces for their members, according to a new study by an academic at the University of East Anglia (UEA).
Jul 8
The core idea of the team headed by Magdeburg project leader, Professor Dr. Mesut Güne is to develop the self-organizing migration of services. This means that the services-such as home automation, data management, and ...
Jun 27
Video game publisher Electronic Arts has tightened some openings cybersleuths found in its Origin online network that could have exposed more than 300 million video game players to identity theft and account losses.
Jun 26
Achieving a good signal-to-background ratio in neutron scattering experiments is a crucial factor in instrument and sample environment design. However, in current Monte Carlo simulation software, not all neutron interactions ...
Jun 25
Apple will unveil new iPhones in September, assuming the company sticks to its usual playbook. The fall timeframe is also when Apple officially releases the latest flavor of iOS, the software that will not only be at the ...
Jun 19
How would you and your neighbours triple the number of households in your street block in order to keep your cherished suburb thriving and do your bit to tackle urban sprawl? You have a number of choices to make. Where do ...
Jun 16
From the Zen capital of LA to the Champs Elysees comes the calming voice of a British Buddhist monk-turned entrepreneur, introducing American-style online mindfulness to the stressed-out French.

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.