 Remove Der Spaeher. Description and removal instructions
From the publisher: "COMMANDS: [OUT] = the commands you must send! [IN] = the commands you get from the server! TO CONNECT TO VICTIM: ************************************ Ok, now connect to the IP and Port (2001). You are now connected, but you are not able to use functions because a Passwort is required! [OUT] PasswortAbfrage [IN] PassJetzt [OUT] 'Passwort' or [OUT] KeinPasswort (if there is no password!) [IN] PasswortOK (Passwort is OK, ready to use the functions) [IN] PasswortNichtOK (Passwort is NOT OK, type another) ************************************ HERE ARE THE FUNCTIONS: ************************************ FILEMANAGER: First you must type: [OUT] DateiManager [IN] 'getdrives' then you are able to use the other functions of the filemanager. getdrives = [OUT] DateiManager show file = [OUT] DAnzeigen [IN] DAnzeigen [OUT] 'FilePath' copy file = [OUT] KopieDatei [IN] KopieOK [OUT] 'Path of the file wich you will copy' [IN] KopieDatei1 [OUT] 'Path of the new file' [IN] DateiKopieOK (file coped) kill file = [OUT] DLoeschen [IN] DLoeschen [OUT] 'Path of the file' [IN] DateiLoeschen (file is now killed) rename file= [OUT] RenDatei [IN] RenOK [OUT] 'Path of the file' [IN] [OUT] 'Path of the "new" file' Path! not only the filename c:\a.bat --> c:\b.bat not b.bat! [IN] DateiRenOK (file has been renamed) file typ = [OUT] DateiTyp [IN] DateiTyp [OUT] 'file typ' [IN] DateiTypOk (new file typ has been set) (type) path= [OUT] VerzOKK [IN] VVV [OUT] 'Path' [IN] 'Lists directory and files' start file = [OUT] DStartenU = Invisible [OUT] DSTarten = visible [IN] DStarten [OUT] 'path of file' (*.exe, *.com, *.bat) [In] DateiStarten (file started) ************************************ REGISTRY: Registry: GET Note: abbb = HKEY_LOCAL_MACHINE bbbb = HKEY_CURRENT_USER cbbb = HKEY_USERS dbbb = HKEY_CLASSES_ROOT ebbb = HKEY_DYN_DATA fbbb = HKEY_CURRENT_CONFIG [OUT] Registrierung [IN] Reg1 [OUT] abbbSOFTWARE\Microsoft\Windows\CurrentVersion (NOT: abbbSOFTWARE\Microsoft\Windows\CurrentVersion\) [IN] Reg2 [OUT] 'value' (examble: Version) Registry: SET [OUT] RegSetzen [IN] RegSuper [OUT] abbbSOFTWARE\Microsoft\Windows\CurrentVersion (NOT: abbbSOFTWARE\Microsoft\Windows\CurrentVersion\) [IN] RegSuper2 [OUT] 'value' (examble: Version) [IN] RegSuper3 [OUT] 'data' [IN] RegSS (Reg has been Set) ************************************ WINDOWS: Current User = [OUT] WelcherUser minimize all = [OUT] AllesMinimieren [IN] AllesMinimieren (yeah) maximize all = [OUT] AllesMaximieren [IN] AllesMaximieren (yeah) scale down all = [OUT] AllesVerkleinern [IN] AllesVerkleinern (yeah) close all = [OUT] AllesBeenden [IN] ----------------------------------NOCH NICHT!-------------------------- ************************************ SHOW WINDOWS: 'shut down window' = [OUT] EWinBeenden [IN] EWinBeenden (yeah) 'clock setting' = [OUT] EUhr [IN] EUhr (yeah) 'taskbar setting' = [OUT] ETaskleiste [IN] ETaskleiste (yeah) 'find' = [OUT] ESuchen [IN] ESuchen (yeah) 'start' = [OUT] EAus [IN] EAus (yeah) ************************************ WINDOW MANAGER: show all windows = [OUT] AlleFensterErmitteln close window = [OUT] WindowsEnde'window name' (examble: WindowsEndeSendOnlineMessage) [IN] FensterZU (window has been closed) bring to top = [OUT] 'window name' (only type the window name) [IN] FensterTop (window is top now) hide window = [OUT] FensterHide'window name' (examble: FensterHideSendOnlineMessage) [IN] FensterHide (window is now hidden) maximize window = [OUT] FensterMax'window name' (examble: FensterMaxSendOnlineMessage) [IN] FensterMax (window is now maximized) minimize window = [OUT] FensterMin'window name' (examble: FensterMinSendOnlineMessage) [IN] FensterMin (window is now minimized) refresh window = [OUT] AlleFensterErmitteln ************************************ COOL STUFF: shut down computer = [OUT] ComputerAusschalten restart computer = [OUT] ComputerNeuStarten shut down windows = [OUT] WindowsAbmelden shut down screen = [OUT] BildschirmAbsturz tile windows = [OUT] ZweiSpalten [IN] ZweiSpalten (windows has been tiled) clear clipboard = [OUT] ZwischenLeeren [IN] ZwischeLeer (clipboard is cleared) ************************************ MOUSE: Set Cursor = [OUT] MausBewegen [IN] MausBewegenOK (Cursor has been set) swap buttons = [OUT] MausVertauschen [IN] MausVertauschen (buttons swaped) restore buttons = [OUT] MausRichtig [IN] MausRichtig (buttons restored) ************************************ PLAY SOUNDS: to activate playing sound: [OUT] SoundAbSpielen [IN] SoundAbSpielen system question = [OUT] a [IN] SoundWurdeAbGespielt (Sound has been played) system exclamation = [OUT] b [IN] SoundWurdeAbGespielt (Sound has been played) system asteriks = [OUT] c [IN] SoundWurdeAbGespielt (Sound has been played) system hand = [OUT] d [IN] SoundWurdeAbGespielt (Sound has been played) system default = [OUT] e [IN] SoundWurdeAbGespielt (Sound has been played) ************************************ PING PONG VIRUS: on: [OUT] PingPongan [IN] PingPongan (on) off: [OUT] PingPongaus [IN] PingPongan (off) ************************************ MSGMANAGER: to activate the Msg-Manager: [OUT] MSG [IN] (There is no server command, please wait 1-2 sec. and then put the commands) msg typ: (there are no server command too [IN] ) (standart is ok) ok = [OUT] vbOK error = [OUT] vbKritisch info = [OUT] vbInfo send message = [OUT] = 'text' [IN] Msgboxx (message has been send) ************************************ SEND KEYS: send key = [Out] SendKey [In] SendKeyJetzt [Out] 'key' [In] SendKeyOK (key has been send) ************************************ KEY LOGGER: on = [OUT] KeySpy off = [OUT] KeySpyAus [IN] KeySpyAus (Key Logger is now off) ************************************ SYSTEN INFOS: [OUT] SysInfo ************************************ MS-DOS SCRIBT: [OUT] msdosskribt [IN] no server command (wait 1-2 sec then send the next commands) [OUT] 'scribt' [IN] msdosOK (MS-DOS scribt has" Der Spaeher properties: • Allows remote user connection • Logs keystrokes • Hides from the user • Stays resident in background Automatic Der Spaeher removal:remover for Der Spaeher
Der Spaeher manual removal:Kill processes:-1718302892.exe, -182618650.exe, derspaeher.exe, ds3.exe, ds3-mini.exe, hallo.exe, [system, root]\\command\\mome.exe, [system, root]\\system\\dkbdll.exe Unregister DLLs: [system root]\\system\\gci32q.dll Delete files: !wichtig!.txt, -1718302892.exe, -182618650.exe, bittewartenderspaeher3.frm, chatme.frm, cqapi2.frm, derspaeher.exe, derspaeher3server.frm, ds3.exe, ds3.txt, ds31.cls, ds32.cls, ds3english!.frm, ds3english!.frx, ds3-mini.exe, ds3statusfenster.frm, fchrspace.frm, fchrspace.frx, hallo.exe, icqap.frm, icqapi.bas, icqapi2.bas, mm.bas, modulfuerspaeher.bas, project1.vbp, project1.vbw, screen.frm, splashscreenderspaeher3.frm, splashscreenderspaeher3.frx, [system root]\\command\\mome.exe, [system root]\\system\\aboota.bat, [system root]\\system\\dkbdll.exe, [system root]\\system\\gci32q.dll, video.frm, virus.frm Other programs to remove Der Spaeher:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 18/03/05 Information updated: 18/03/05 Additional resources related to Der Spaeher:Attention: If you know or you have a website or page about Der Spaeher removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Der Spaeher parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 75 percent of online banking websites are insecure Malware rates keep rising up Switzerland is the most spammed country in a world What could happen if you’d replied to every single spam message? Is your web browser safe? Supervisor of the newest Nigerian scam gets punished MySpace spammer sentenced to pay $6 million Security experts are worried about home computers France and Japan combines efforts to fight cyber crimes Why can’t spam say goodbye?Subscribe to news 
Similar parasites:
|
FORUM:
HELP:
