Find a Partner
This window is encrypted for your security.
Need help? Ask the community or hire an expert.
Go to Avira Answers
I-Worm.Dumaru.c, Pws-Narod, IRC Trojan
Worm/Dumaru.C.3 makes registry entries and tries to send information about the infected computer to its author.
This password stealer Trojan tries to send information about the infected computer to its author by email.
It creates dllreg.exe and sysdrv.exe in %WinDIR%. The worm copies itself in %Systemdir% as load32.exe and vxdmgr32.exe.
This Trojan also terminates some antivirus and firewall programs, using the file sysdrv.exe in %WinDIR%.
For automatic start, the worm is copied in Windows Startup directory as rundllw.exe, and makes the following registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "load32" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices "ZoneAlarm 2.99"
Description inserted by Crony Walker on Tuesday, June 15, 2004