NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Darkmoon. Description and removal instructions

 
Title: Darkmoon
Type: Backdoors
Severity scale:Darkmoon severity is 85  (85 / 100)
 
Darkmoon is a dangerous backdoor with keylogging capabilities. The parasite gives the remote attacker full unauthorized access to a compromised computer. Darkmoon allows to manage files and the entire system, download and install additional software, control hardware devices and send e-mail messages. Its keylogging module tracks user activity and records all keystrokes. Gathered data is saved into a file. Darkmoon is able to hide its running processes. The backdoor secretly runs on every Windows startup.

FORUM:
Discuss Darkmoon in
spyware removal forum

Darkmoon properties:
• Allows remote user connection
• Sends out logs by FTP or email
• Logs keystrokes
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Darkmoon removal:

remover for Darkmoon

Darkmoon manual removal:

Kill processes:
win32.exe, mydll.exe, ___.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft=%Windir%\@@@\win32.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmserver\Parameters\ServiceDll=%System%\yxgunlzu.d1l
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Yxgunlzu
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YXGUNLZU
HELP:
how to remove registry entries

Delete files:
win32.exe, mydll.exe, ___.exe, yxgunlzu.sys, yxgunlzu.d1l
HELP:
how to remove harmful files

Delete directories:
C:\Windows\@@@
C:\Winnt\@@@
Misc:
Exact file location:
win32.exe, mydll.exe, ___.exe - C:\Windows\@@@ or C:\Winnt\@@@
yxgunlzu.sys - C:\Windows\System\Drivers, C:\Windows\System32\Drivers or C:\Winnt\System32\Drivers
yxgunlzu.d1l - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32

Other programs to remove Darkmoon:

• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download

Information added: 20/08/05
Information updated: 20/08/05

Additional resources related to Darkmoon:

Attention: If you know or you have a website or page about Darkmoon removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Darkmoon parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.