Dumaru Removal Tool

Dumaru Removal Tool crack / serial

Dumaru Removal Tool is a lightweight application that can completely erase the Win32.Dumaru worm in all its variants.

[email protected] arrives as a fake email from Microsoft:

Dumaru Removal Tool

Download Dumaru Removal Tool crack and serial

 

From: "Microsoft" [email protected]

Subject: Use this patch immediately !

Body:

Dear friend , use this Internet Explorer patch now!

There are dangerous virus in the Internet now!

More than 500.000 already infected!

Attachment: patch.exe

When executed, the virus will do the following:

Copy itself as:

%SYSTEM%load32.exe

%WINDOWS%dllreg.exe

%SYSTEM%vxdmgr32.exe

Drops and executes a backdoor component

%WINDOWS%windrv.exe (8192 bytes)

which connects to a IRC server and joins a password protected channel, sends a login notice and waits for the author to issue commands.

Creates the value

"load32"="%SYSTEM%load32.exe"

in the registry key

[HKLMSoftwareMicrosoftWindowsCurrentVersionRun]

On Windows 9x/Me systems, it does the following:

uses RegisterServiceProcess to hide its presence;

modifies system.ini by adding the entry in the [Boot] section:

shell=explorer.exe %System%vxdmgr32.exe

modifies win.ini by adding the following entry in the [Windows] section:

run=C:WINDOWSdllreg.exe

Harvests e-mail addresses from files matching

*.htm

*.wab

*.html

*.dbx

*.tbb

*.abd

and stores them in %WINDOWS%winload.log file.

It uses it's own SMTP engine and sends itself to the e-mails harvested in winload.log file (see above for the infected e-mail format).

It searches for *.exe files belonging to several antivirus/security products and attempts to overwrite them with copies of the virus.

Win32.Dumaru.B/[email protected] is a mass mailer that has backdoor abilities (listens on TCP ports 1001, 2283, 10000) and also comes with a keylogger.

Attempts to terminate processes belonging to several security and antivirus programs.

On NTFS partitions, it may overwrite .exe files with copies of the virus.

It spreads using this format:

From:

[email protected]

Subject:

Use this patch immediately !

Body:

Dear friend , use this Internet Explorer patch now!

There are dangerous virus in the Internet now!

More than 500.000 already infected!

Attachment:

patch.exe

Once run, the virus does the following:

1. Creates the aforementioned files and registry keys/entries.

2. Attempts to terminate processes:

ZAUINST.EXE

ZAPRO.EXE

ZONEALARM.EXE

ZATUTOR.EXE

MINILOG.EXE

VSMON.EXE

LOCKDOWN.EXE

ANTS.EXE

FAST.EXE

GUARD.EXE

TC.EXE

SPYXX.EXE

PVIEW95.EXE

REGEDIT.EXE

DRWATSON.EXE

SYSEDIT.EXE

NSCHED32.EXE

MOOLIVE.EXE

TCA.EXE

TCM.EXE

TDS-3.EXE

SS3EDIT.EXE

UPDATE.EXE

ATCON.EXE

ATUPDATER.EXE

ATWATCH.EXE W

GFE95.EXE

POPROXY.EXE

NPROTECT.EXE

VSSTAT.EXE

VSHWIN32.EXE

NDD32.EXE

MCAGENT.EXE

MCUPDATE.EXE

WATCHDOG.EXE

TAUMON.EXE

IAMAPP.EXE

IAMSERV.EXE

LOCKDOWN2000.EXE

SPHINX.EXE

WEBSCANX.EXE

VSECOMR.EXE

PCCIOMON.EXE

ICLOAD95.EXE

ICMON.EXE

ICSUPP95.EXE

ICLOADNT.EXE

ICSUPPNT.EXE

FRW.EXE

BLACKICE.EXE

BLACKD.EXE

WRCTRL.EXE

WRADMIN.EXE

WRCTRL.EXE

PCFWALLICON.EXE

APLICA32.EXE

CFIADMIN.EXE

CFIAUDIT.EXE

CFINET32.EXE

CFINET.EXE

TDS2-98.EXE

TDS2-NT.EXE

SAFEWEB.EXE

NVARCH16.EXE

MSSMMC32.EXE

PERSFW.EXE

VSMAIN.EXE

LUALL.EXE

LUCOMSERVER.EXE

AVSYNMGR.EXE

DEFWATCH.EXE

RTVSCN95.EXE

VPC42.EXE

VPTRAY.EXE

PAVPROXY.EXE

APVXDWIN.EXE

AGENTSVR.EXE

NETSTAT.EXE

MGUI.EXE

MSCONFIG.EXE

NMAIN.EXE

NISUM.EXE

NISSERV.EXE

3. On Windows 9x/Me systems, alters win.ini and system.ini in order to run at startup.

[windows]

run=%WINDOWS%dllreg.exe

[boot]

shell=explorer.exe %SYSTEM%vxdmgr32.exe

4. Harvests e-mail addresses by searching inside:

.htm

.wab

.html

.dbx

.tbb

.abd

and attempts to send itself using the e-mail format described above, using it's own SMTP engine and the default SMTP address.

5. Attempts to infect .exe files on NTFS partitions, but due to a bug in the search, it will only infect .exe file on the root of drives.

6. Connects to an IRC server, and joins a channel, listens on ports 1001, 10000 (TCP) for commands from an attacker. Also, port 2283 (TCP) is used as a send through (like a proxy).

7. Captures and logs the clippboard to %WINDOWS% undllx.sys

8. Captures and logs keystrokes (but also program name) to %WINDOWS%vxdload.log

9. Attempts to connect to a ftp server and upload a .eml file that contains passwords and other informations.

[email protected] is a worm that comes by mail in the following message:

From: "Elene"

Subject: Important information for you. Read it immediately !

Body:

Hi !

Here is my photo, that you asked for yesterday.

Attachment: MYPHOTO.JPG .EXE

The worm copies itself to Windows System folder with names L32X.EXE and VXD32V.EXE and in the StartUp folder with the name DLLXW.EXE, adds the registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunload32 = L32X.EXE

Also it adds to the shell line (in SYSTEM.INI on Windows 95, 98 and Me, or in the registry on Windows NT, 2000 and XP):

Shell = %SYSTEMDIR%vxd32.exe

A keylogger and clipboard monitor is also installed, and the worm listens for commands on port 2283 and opens a FTP server on port 10000.

The mass-mailing component collects e-mail addresses from files with extensions .htm, .wab, .html, .dbx, .tbb, .abd and sends e-mails using its own sending engine.

Released: Jul 30th 2010 Rating: 4.3
Size: 58 KB Downloads: 4629
Systems: Win All

User replies

17 November 2018, George said:

muito obrigado pela keygen do Dumaru Removal Tool

04 November 2018, Anthony said:

grazie mille per il keygen del Dumaru Removal Tool

Leave a reply

Your email will not be published. * Required fields

Website search

Recently updated

Aurora Malware Removal Tool Aurora Malware Removal Tool Scan your computer for Aurora malware, a virus which uses Internet Explorer vulnerability for stealing private data, and remove the infected files
Zlob Removal Tool Zlob Removal Tool Remove Zlob Trojan infection from your computer in order to keep personal files and photos protected from any intrusions or theft
Security Tool Removal Tool Security Tool Removal Tool Remove the fake Security Tool from your Computer.

Software News

Nov 14
In a world of novice photographers and videographers, capturing a deluge of content via their smartphones and handheld devices, there is a need for an intelligent, easy-to-use tool for automating the creation of movies and ...
Nov 14
Look up the word "enigma" in the dictionary and you'll find a picture of "Death Stranding." Since it was revealed in 2016, the game raised more questions than answers. The project seemed like an amalgamation of random images ...
Nov 14
Walkable cities reduce traffic congestion, which causes around 3.3 million deaths and $121 billion in economic losses every year. But when architects are developing pedestrian-friendly neighborhoods, they often rely on trial ...
Nov 13
A new video game framework brings together two well-studied approaches to educational software in order to keep multiple players engrossed in the learning experience while fostering collaboration and problem solving. The ...
Nov 12
No bullets, no bombs. Players of the hugely popular online game Fortnite were encouraged to pause for a moment of silence Monday to commemorate the armistice that ended the First World War.
Nov 11
What, it's that easy to grasp machine learning basics? Good news from Google's Teachable Machine crew. Previously, the Teachable Machine provided lessons on how AI works but a new 2.0 puts you to work in making your machine ...

About us

Welcome to new crack resource CrackDownloadz.com! Our service can generate cracks, keygens and serials for your software to unlock it. CrackDownloadz provides a lot of popular cracks and keygens. No spyware and adware at all, just download new cracks, keygens and serials. If you have a software that needs a crack feel free to contact us.

Also you may contact us if you have software that needs to be removed from our website.