NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Danrit. Description and removal instructions

 
Title: Danrit
Type: Backdoors
Severity scale:Danrit severity is 81  (81 / 100)
 
Danrit is a dangerous backdoor that provides the attacker with unauthorized remote access to a compromised computer. The parasite arrives in executable file, which has the icon of Adobe Acrobat document. Once the user runs such file, the backdoor installs itself to the system and attempts to launch Adobe Acrobat and open a predetermined local document in order to trick the user into thinking that a valid PDF file was opened. Then Danrit runs a payload. It opens a back door, which allows the intruder to run programs on a compromised computer, and starts logging all user keystrokes. Gathered data is sent to a predefined e-mail address every day from Monday to Thursday. The backdoor also creates a user account with the administrator's privileges. Danrit can automatically uninstall itself and remove all traces of its presence in the system. Every Friday it will terminate own processes, delete all related objects, created scheduled tasks and added user account. Danrit automatically runs on every Windows startup.

FORUM:
Discuss Danrit in
spyware removal forum

Danrit properties:
• Allows remote user connection
• Sends out logs by FTP or email
• Logs keystrokes
• Hides from the user
• Stays resident in background

Automatic Danrit removal:

remover for Danrit

Danrit manual removal:

Kill processes:
notesweb.exe, win052.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Public Domain\Blat
HELP:
how to remove registry entries

Delete files:
notesweb.exe, win052.exe, se.bat, sos0.bat, sos1.bat, sos2.bat, sos3.bat, sos4.bat, symantecav.lnk
HELP:
how to remove harmful files

Misc:
Exact file location:
notesweb.exe, symantecav.lnk - C:\Documents and Settings\All Users\Start Menu\Programs\Startup
win052.exe - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
se.bat, sos0.bat, sos1.bat, sos2.bat, sos3.bat, sos4.bat, sos5.bat - C:\Windows\Temp or C:\Winnt\Temp

The backdoor also drops blat.exe and ntrights.exe files, which are legitimate applications used to send e-mail messages and manage Windows user accounts. They can be found in C:\Windows\Temp or C:\Winnt\Temp folder.

Danrit creates several scheduled tasks.

The threat opens TCP port 49495.

Other programs to remove Danrit:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 16/11/05
Information updated: 16/11/05

Additional resources related to Danrit:

Attention: If you know or you have a website or page about Danrit removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Danrit parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.