anti spyware,remove Spyware,spyware remove, free spyware removal,free spyware software

W32/Dumaru.Z@mm myphoto.zip Removal

Posted by admin on March 13, 2008
Worm

[#: The article W32/Dumaru.Z@mm myphoto.zip Removal is an article in Spyware Removal Instructions, the original author is admin .you can read more articles at Worm,the next article:mrofinu1188.exe mrofinu1000106.exe Removal Instructions.#]

MSN worm variant still keeps updating  after “imageXX.zip“.

It may also called Win32.IRCBot.gen.

The worm will auto send a message to your friend with Attachment: “myphoto.zip” file,the message maybe will one of this:

checkout my newest pic before I upload!!
  hey over there… check out my new photo!
  when youre around accept.. its my new default pic.
  u seen this crazy shit?
  holy shit this new pic is hot as fuck!
  I just made this design for a friend. U like it?
  I think I had sex with them :X What should i do?
  You don’t think I had sex with them… rite?
  Is it horrible if I only remember the sex?
  Is this really a pic of you?
  Would you have had a threesome with them?
  Wow! I can’t believe I had a threesome with them!
  You see these crazy people? Almost havin sex on the dance floor!
  u want to see something really funny? Take a look!
  I cant stop laughing!

Creation of these files -
  %Startup Folder%\dllxw.exe
  %Windows%\rundllx.sys
  %Windows%\winload.log
 %System%\l32x.exe
 %System%\vxd32v.exe
 %Temp%\zip.tmp
%System%\msthost.exe
%System%\rdshost.dll

The virus may also steal password information for e-gold and other data, then send this information to the hard-coded email address
‘anyname2@btw.egold-hosting.com’

The virus will auto run at Windows startup after modifying the registry as in this example -

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
load32 = C:\WINNT\System32\l32x.exe

The virus will load a second time as an accomplice to the Windows shell as in this example -

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Winlogon\
“Shell” = explorer.exe C:\WINNT\System32\vxd32v.exe

How to remove?

download SREng:
http://www.kztechs.com/sreng/sreng2.zip
Extract it to the Desktop
Double click SREng.exe to run it
Select: Smart Scan
Then, click the [Scan] buttonWhen finished, click on the [Save Reports] button
Save the log to the Desktop,and send me a email with the log as Attachment.mailto:egomoo#gmail.comI would be glad to help you to removal this worm.

Tags: , , ,

No comments yet.

Leave a comment

WP_Big_City


 Powered by Max Banner Ads