Donald Dick. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Remote Administration Tools

This RAT is a powerful hacking tool, used to control victim’s PC remotely and collect vital user info by logging all keystrokes. The origination place is Russia. The client is written in Delphi programming language and the server in C. Many variants appeared from August 1999 to July 2004. The author of this pest is Badman Forever. The infection peaked in such countries as China, Italy, Portugal, Turkey, United Kingdom and United States. It affects Windows 9x, NT operating systems. Other versions can be found under such names as Donald Dick 1.5 Beta 3, Donald Dick 1.52, Donald Dick 1.53, Donald Dick 1.54, Donald Dick 1.55.

From the publisher:

” * under Windows95/98: HKLM\System\CurrentControlSet\Services\VxD\VMLDR
* under WindowsNT: HKLM\System\CurrentControlSet\Control\\Session Manager


When distribution file is launched:
1. kills existing Dick server
2. extracts the following files into system directory:
under Windows95/98:
under WindowsNT:
3. modifies registry
under Windows95/98:
creates VMLDR subkey in HKLM\System\CurrentControlSet\Services\VxD;
creates necessary values in that subkey to load vmldr.vxd when
the system starts up;
under WindowsNT:
adds string “bootexec.exe” to the BootExecute value in the subkey
HKLM\System\CurrentControlSet\Control\\Session Manager
4. creates PData0 and PData1 parameters with values
‘D’,0,’0′,’x’,’9′,’0′,’1′,’5′ and
5. extracts plugins:
jpegcomp.dll (full version only)
6. spawns oleproc.exe


1. Dick loader is launched by windows:
bootexec.exe, at the blue screen time
loader creates the service to be launched later;
the executable file of the service is oleproc.exe
vmldr.vxd, init order is SHELL_INIT_ORDER+10
loader calls Win32 ShellExecute service to spawn oleproc.exe;
this VxD also may be loaded dynamically to perform thread management
2. oleproc.exe (launched by loader, installer or manually) kills
existing Dick server, copies itself to:
under WindowsNT:
under Windows95/98:
and launches it;
this is done to keep executable file closed to allow upgrades;
during upgrade oleproc.exe is replaced by the new file and that file
is launched immediately
3. pmss.exe under WindowsNT:
stops oleproc.exe service and removes it (unfortunately, you may see
this service for a short time if you quickly log on and open ‘services’
applet in the control panel)
pnpmgr.pci under Windows95/98:
hides itself

at the end of this process pmss.exe or pnpmgr.pci is the Donald Dick server”

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Donald Dick you agree to our privacy policy and agreement of use.
do it now!
Reimage (remover) Happiness
Reimage (remover) Happiness
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is recommended to uninstall Donald Dick. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.

Donald Dick manual removal:

Kill processes:

Unregister DLLs:
[system root]\system\jpegcomp.dll

Delete files:
!exedef \system\otl32.exe,array.c,array.h,backdoor.donalddick.153.exe,chat.c,client.exe,clmain.c,,,ddc152.exe,ddc153.exe,ddc15a.exe,ddcg152.exe,ddcw.exe,ddick.exe,dds153.exe,ddsetup.c,ddsetup.exe,ddsetup.ini,ddsetup.lnk,ddsetup.rc,ddsfind.c,ddsfind.exe,ddsfind.lnk,ddsl15a.exe,dick.c,dick.diz,dick.lnk,dick.rc,executive.c,executive.h,executive_shots.c,executive_sysspec.c,file_id.diz,funccodes.h,hddkill.asm,install.c,install.exe,installer.c,,jpegcomp.c,keycode.txt,lzwcomp.c,makefile mem.c,more msaver.c,msaver.exe,mssupd.c,mssupd.exe,multiple156.exe,network.c,network.h,network2.c,options.c,paths.c,paths.h,pe.c,pe.h,peloader.asm,rand.c,rand.c1,readme.txt,readme_c.txt,readme_s.txt,recover.c,recover.exe,registry.c,registry.h,rsa.h,rsa.obj,sm.c,sm.c1,sm.h,,sm2.c,smdata.c,smdebug.c,smint.h,smloader.asm,smtables.asm,stdlib.c,stdlib.h,stringlist.c,switches.h,syslogsender.c,[system root]\system\jpegcomp.dll,[system root]\system\oleproc.exe,[system root]\system\pnpmgr.pci,[system root]\system\vmldr.vxd,toolhelp.c,vxxxd.asm

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author