|
Title: Der Spaeher
Remove Der Spaeher. Removal instructions
Severity scale:
 (70 / 100)
From the publisher: "COMMANDS: [OUT] = the commands you must send! [IN] = the commands you get from the server! TO CONNECT TO VICTIM: ************************************ Ok, now connect to the IP and Port (2001). You are now connected, but you are not able to use functions because a Passwort is required! [OUT] PasswortAbfrage [IN] PassJetzt [OUT] 'Passwort' or [OUT] KeinPasswort (if there is no password!) [IN] PasswortOK (Passwort is OK, ready to use the functions) [IN] PasswortNichtOK (Passwort is NOT OK, type another) ************************************ HERE ARE THE FUNCTIONS: ************************************ FILEMANAGER: First you must type: [OUT] DateiManager [IN] 'getdrives' then you are able to use the other functions of the filemanager. getdrives = [OUT] DateiManager show file = [OUT] DAnzeigen [IN] DAnzeigen [OUT] 'FilePath' copy file = [OUT] KopieDatei [IN] KopieOK [OUT] 'Path of the file wich you will copy' [IN] KopieDatei1 [OUT] 'Path of the new file' [IN] DateiKopieOK (file coped) kill file = [OUT] DLoeschen [IN] DLoeschen [OUT] 'Path of the file' [IN] DateiLoeschen (file is now killed) rename file= [OUT] RenDatei [IN] RenOK [OUT] 'Path of the file' [IN] [OUT] 'Path of the "new" file' Path! not only the filename c:\a.bat --> c:\b.bat not b.bat! [IN] DateiRenOK (file has been renamed) file typ = [OUT] DateiTyp [IN] DateiTyp [OUT] 'file typ' [IN] DateiTypOk (new file typ has been set) (type) path= [OUT] VerzOKK [IN] VVV [OUT] 'Path' [IN] 'Lists directory and files' start file = [OUT] DStartenU = Invisible [OUT] DSTarten = visible [IN] DStarten [OUT] 'path of file' (*.exe, *.com, *.bat) [In] DateiStarten (file started) ************************************ REGISTRY: Registry: GET Note: abbb = HKEY_LOCAL_MACHINE bbbb = HKEY_CURRENT_USER cbbb = HKEY_USERS dbbb = HKEY_CLASSES_ROOT ebbb = HKEY_DYN_DATA fbbb = HKEY_CURRENT_CONFIG [OUT] Registrierung [IN] Reg1 [OUT] abbbSOFTWARE\Microsoft\Windows\CurrentVersion (NOT: abbbSOFTWARE\Microsoft\Windows\CurrentVersion\) [IN] Reg2 [OUT] 'value' (examble: Version) Registry: SET [OUT] RegSetzen [IN] RegSuper [OUT] abbbSOFTWARE\Microsoft\Windows\CurrentVersion (NOT: abbbSOFTWARE\Microsoft\Windows\CurrentVersion\) [IN] RegSuper2 [OUT] 'value' (examble: Version) [IN] RegSuper3 [OUT] 'data' [IN] RegSS (Reg has been Set) ************************************ WINDOWS: Current User = [OUT] WelcherUser minimize all = [OUT] AllesMinimieren [IN] AllesMinimieren (yeah) maximize all = [OUT] AllesMaximieren [IN] AllesMaximieren (yeah) scale down all = [OUT] AllesVerkleinern [IN] AllesVerkleinern (yeah) close all = [OUT] AllesBeenden [IN] ----------------------------------NOCH NICHT!-------------------------- ************************************ SHOW WINDOWS: 'shut down window' = [OUT] EWinBeenden [IN] EWinBeenden (yeah) 'clock setting' = [OUT] EUhr [IN] EUhr (yeah) 'taskbar setting' = [OUT] ETaskleiste [IN] ETaskleiste (yeah) 'find' = [OUT] ESuchen [IN] ESuchen (yeah) 'start' = [OUT] EAus [IN] EAus (yeah) ************************************ WINDOW MANAGER: show all windows = [OUT] AlleFensterErmitteln close window = [OUT] WindowsEnde'window name' (examble: WindowsEndeSendOnlineMessage) [IN] FensterZU (window has been closed) bring to top = [OUT] 'window name' (only type the window name) [IN] FensterTop (window is top now) hide window = [OUT] FensterHide'window name' (examble: FensterHideSendOnlineMessage) [IN] FensterHide (window is now hidden) maximize window = [OUT] FensterMax'window name' (examble: FensterMaxSendOnlineMessage) [IN] FensterMax (window is now maximized) minimize window = [OUT] FensterMin'window name' (examble: FensterMinSendOnlineMessage) [IN] FensterMin (window is now minimized) refresh window = [OUT] AlleFensterErmitteln ************************************ COOL STUFF: shut down computer = [OUT] ComputerAusschalten restart computer = [OUT] ComputerNeuStarten shut down windows = [OUT] WindowsAbmelden shut down screen = [OUT] BildschirmAbsturz tile windows = [OUT] ZweiSpalten [IN] ZweiSpalten (windows has been tiled) clear clipboard = [OUT] ZwischenLeeren [IN] ZwischeLeer (clipboard is cleared) ************************************ MOUSE: Set Cursor = [OUT] MausBewegen [IN] MausBewegenOK (Cursor has been set) swap buttons = [OUT] MausVertauschen [IN] MausVertauschen (buttons swaped) restore buttons = [OUT] MausRichtig [IN] MausRichtig (buttons restored) ************************************ PLAY SOUNDS: to activate playing sound: [OUT] SoundAbSpielen [IN] SoundAbSpielen system question = [OUT] a [IN] SoundWurdeAbGespielt (Sound has been played) system exclamation = [OUT] b [IN] SoundWurdeAbGespielt (Sound has been played) system asteriks = [OUT] c [IN] SoundWurdeAbGespielt (Sound has been played) system hand = [OUT] d [IN] SoundWurdeAbGespielt (Sound has been played) system default = [OUT] e [IN] SoundWurdeAbGespielt (Sound has been played) ************************************ PING PONG VIRUS: on: [OUT] PingPongan [IN] PingPongan (on) off: [OUT] PingPongaus [IN] PingPongan (off) ************************************ MSGMANAGER: to activate the Msg-Manager: [OUT] MSG [IN] (There is no server command, please wait 1-2 sec. and then put the commands) msg typ: (there are no server command too [IN] ) (standart is ok) ok = [OUT] vbOK error = [OUT] vbKritisch info = [OUT] vbInfo send message = [OUT] = 'text' [IN] Msgboxx (message has been send) ************************************ SEND KEYS: send key = [Out] SendKey [In] SendKeyJetzt [Out] 'key' [In] SendKeyOK (key has been send) ************************************ KEY LOGGER: on = [OUT] KeySpy off = [OUT] KeySpyAus [IN] KeySpyAus (Key Logger is now off) ************************************ SYSTEN INFOS: [OUT] SysInfo ************************************ MS-DOS SCRIBT: [OUT] msdosskribt [IN] no server command (wait 1-2 sec then send the next commands) [OUT] 'scribt' [IN] msdosOK (MS-DOS scribt has" Der Spaeher properties: • Allows remote user connection • Logs keystrokes • Hides from the user • Stays resident in background Automatic Der Spaeher removal: 
We are testing STOPzilla's efficiency at removing Der Spaeher
(2005-03-18 08:09:44)
We are testing Malwarebytes Anti Malware's efficiency at removing Der Spaeher
(2005-03-18 08:09:44)
We are testing Spyware Doctor's efficiency at removing Der Spaeher
(2005-03-18 08:09:44)
Der Spaeher manual removal:Kill processes:-1718302892.exe, -182618650.exe, derspaeher.exe, ds3.exe, ds3-mini.exe, hallo.exe, [system, root]\\command\\mome.exe, [system, root]\\system\\dkbdll.exe Unregister DLLs: [system root]\\system\\gci32q.dll Delete files: !wichtig!.txt, -1718302892.exe, -182618650.exe, bittewartenderspaeher3.frm, chatme.frm, cqapi2.frm, derspaeher.exe, derspaeher3server.frm, ds3.exe, ds3.txt, ds31.cls, ds32.cls, ds3english!.frm, ds3english!.frx, ds3-mini.exe, ds3statusfenster.frm, fchrspace.frm, fchrspace.frx, hallo.exe, icqap.frm, icqapi.bas, icqapi2.bas, mm.bas, modulfuerspaeher.bas, project1.vbp, project1.vbw, screen.frm, splashscreenderspaeher3.frm, splashscreenderspaeher3.frx, [system root]\\command\\mome.exe, [system root]\\system\\aboota.bat, [system root]\\system\\dkbdll.exe, [system root]\\system\\gci32q.dll, video.frm, virus.frm 
Information added: 2005-03-18 05:32:29
Information updated: 2005-03-18 05:32:29 Additional resources related to Der Spaeher:Attention: If you know or you have a website or page about Der Spaeher removal, feel free to add a link to this list: add url |
Latest spyware news:
Subscribe to news
Similar parasites:
|
FORUM:
HELP:
Spreading the knowledge:
It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your
visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
Post Comment: