the Dumaru.Y Virus?
|The Dumaru.Y virus is a
mass-mailing worm that emails copies of itself to email addresses found
on the infected machine. It uses its own SMTP engine to send these
emails and has backdoor capabilities that allow it to gather keystroke
and system information.
Dumaru.Z virus is almost identical to the Dumaru.Y virus, however it
has backdoor capabilities. It downloads a component detected as
BKDR_IROFFER12.B by Trend
runs on Windows 95, 98, ME, NT, 2000 and XP.
has the following characteristics:
Important information for you. Read it immediately !
Here is my photo, that you asked for yesterday.
Does the Dumaru.Y Worm Do?
itself as the following:
is a variable. The worm locates the System folder and copies itself to
that location. By default, this is C:\Windows\System (Windows
95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32
is the Windows default startup folder
- Adds a
"load32" = ”%System%\l32x.exe"
to the registry key:
so that the worm runs when you start Windows.
the windows section of system.ini file
Windows NT machines, it also modifies the following registry key
shell = explorer.exe %System%\vxd32v.exe
email addresses from files with the following extensions:
- Uses its
own SMTP engine to email itself.
program logs keystrokes and gathers information from the infected
system. This information is sent to the malcious user through email. It
logs the gathered data to the following files:
gathers clipboard data and protected storage data, as well as user
information related to E-gold bank accounts.
- It then
listens to the following ports for commands coming from the remote host
This port acts as a TCP proxy that can be used by malicioius users to
connect to other hosts.
This port is used to setup a remote File Transfer Protocol (FTP) server
that allows full access to all files on the infected system.
connection to the host is established, it sends an email containing the
stolen system information using the infected machine’s
default SMTP server. It finds the said data from the following registry
The Dumaru.Z variant of this virus has backdoor capabilities. It
downloads a component detected as BKDR_IROFFER12.B from the following
Can I Remove the Dumaru.Y worm?
these steps in removing the Dumaru.Y worm
1) Start Windows in Safe Mode
by pressing F8 as the computer is booting and choosing Safe Mode
the Registry entries
- Click on
Start, Run, Regedit
- In the
left panel go to
- In the
right panel, right-click and delete the following entry
Windows XP or NT change the following key as well
In the left panel, double-click the following:
- In the
right panel, locate and change the entry from:
Shell = explorer.exe %System%\vxd32v.exe
Shell = explorer.exe
the Registry Editor
entries in the System.ini file
- Open the
SYSTEM.INI file. click Start>Run, type SYSTEM.INI, then press
Enter. This should open the file in your default text editor (usually
the [boot] section, locate the line that begins with:
- From the
same line, delete the malware path and file name:
the SYSTEM.INI file and click Yes when prompted to save.
the additional entry in the Startup group
Startup Group delete the file:
the infected files (for Windows ME and XP
remember to turn
off System Restore before searching for and
deleting these files to remove infected backed up files as well)
Start, point to Find or Search, and then click Files or Folders.
sure that "Look in" is set to (C:\WINDOWS).
- In the
"Named" or "Search for..." box, type, or copy and paste, the file names:
l32x.exe (in the Windows\System directory)
vxd32v.exe (in the Windows\System directory)
winload.log (in the Windows directory)
Find Now or Search Now.
the displayed files.
the computer and run a thorough virus scan using your favorite
Tools for Removing Spyware, Adware, and Malware
Spyware/Adware Removal Help
MSBlast.exe Worm Removal
Welchia (Dllhost.exe and SVCHost.exe) Worm Removal
Uninstall McAfee Instructions
Uninstall Norton Instructions
Uninstall Avast Instructions
Uninstall AVG Instructions
Uninstall Antivir Instructions
Uninstall Panda Instructions
How to Manually Run the Microsoft Malicious Software Removal Tool
Bloodhound.Exploit.6 Virus Removal
MyDoom Virus Removal
MiMail.C Virus Removal
Swen Worm Virus Removal
SoBig.F Worm Removal
Dumaru Virus Removal
BugBear.B Worm Removal
SoBig.E Worm Removal
Pop Up Ad Removal Info
KAK Worm Removal
MiMail.A Worm Removal
W95.MTX Virus Removal
Snow White Virus Removal
BadTrans Trojan Removal
Wininit Virus (Bymer Trojan)
Happy99 Worm Removal
VBS Netlog Worm Removal
Pretty Park Worm Removal
Sasser Worm Virus Removal
Backdoor SDBot.H Trojan Removal
Computer Security Information
Back Orifice Information
PC HELL Main Page
iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad
Download Hoyle Games
including Casino 3D, Card, Board, and Solitaire games.