 Remove Donald Dick. Description and removal instructions
From the publisher: " * under Windows95/98: HKLM\System\CurrentControlSet\Services\VxD\VMLDR * under WindowsNT: HKLM\System\CurrentControlSet\Control\\Session Manager Installation: When distribution file is launched: 1. kills existing Dick server 2. extracts the following files into system directory: under Windows95/98: oleproc.exe pnpmgr.pci vmldr.vxd under WindowsNT: oleproc.exe pmss.exe bootexec.exe 3. modifies registry under Windows95/98: creates VMLDR subkey in HKLM\System\CurrentControlSet\Services\VxD; creates necessary values in that subkey to load vmldr.vxd when the system starts up; under WindowsNT: adds string "bootexec.exe" to the BootExecute value in the subkey HKLM\System\CurrentControlSet\Control\\Session Manager 4. creates PData0 and PData1 parameters with values 'D',0,'0','x','9','0','1','5' and 'D',0','2','3','4','7','7' 5. extracts plugins: jpegcomp.dll (full version only) 6. spawns oleproc.exe Loading: 1. Dick loader is launched by windows: NT: bootexec.exe, at the blue screen time loader creates the service to be launched later; the executable file of the service is oleproc.exe 95/98: vmldr.vxd, init order is SHELL_INIT_ORDER+10 loader calls Win32 ShellExecute service to spawn oleproc.exe; this VxD also may be loaded dynamically to perform thread management functions 2. oleproc.exe (launched by loader, installer or manually) kills existing Dick server, copies itself to: under WindowsNT: pmss.exe under Windows95/98: pnpmgr.pci and launches it; this is done to keep executable file closed to allow upgrades; during upgrade oleproc.exe is replaced by the new file and that file is launched immediately 3. pmss.exe under WindowsNT: stops oleproc.exe service and removes it (unfortunately, you may see this service for a short time if you quickly log on and open 'services' applet in the control panel) pnpmgr.pci under Windows95/98: hides itself at the end of this process pmss.exe or pnpmgr.pci is the Donald Dick server" Donald Dick properties: • Allows remote user connection • Hides from the user • Stays resident in background Automatic Donald Dick removal:remover for Donald Dick
Donald Dick manual removal:Kill processes:\\system\\otl32.exe, backdoor.donalddick.153.exe, client.exe, ddc152.exe, ddc153.exe, ddc15a.exe, ddcg152.exe, ddcw.exe, ddick.exe, dds153.exe, ddsetup.exe, ddsfind.exe, ddsl15a.exe, install.exe, msaver.exe, mssupd.exe, multiple156.exe, recover.exe, [system, root]\\system\\oleproc.exe Unregister DLLs: [system root]\\system\\jpegcomp.dll Delete files: !exedef \\system\\otl32.exe, array.c, array.h, backdoor.donalddick.153.exe, chat.c, client.exe, clmain.c, context.inc, cracker.ws.txt, ddc152.exe, ddc153.exe, ddc15a.exe, ddcg152.exe, ddcw.exe, ddick.exe, dds153.exe, ddsetup.c, ddsetup.exe, ddsetup.ini, ddsetup.lnk, ddsetup.rc, ddsfind.c, ddsfind.exe, ddsfind.lnk, ddsl15a.exe, dick.c, dick.diz, dick.lnk, dick.rc, executive.c, executive.h, executive_shots.c, executive_sysspec.c, file_id.diz, funccodes.h, hddkill.asm, install.c, install.exe, installer.c, itable2.inc, jpegcomp.c, keycode.txt, lzwcomp.c, makefile mem.c, more msaver.c, msaver.exe, mssupd.c, mssupd.exe, multiple156.exe, network.c, network.h, network2.c, options.c, paths.c, paths.h, pe.c, pe.h, peloader.asm, rand.c, rand.c1, readme.txt, readme_c.txt, readme_s.txt, recover.c, recover.exe, registry.c, registry.h, rsa.h, rsa.obj, sm.c, sm.c1, sm.h, sm.inc, sm2.c, smdata.c, smdebug.c, smint.h, smloader.asm, smtables.asm, stdlib.c, stdlib.h, stringlist.c, switches.h, syslogsender.c, [system root]\\system\\jpegcomp.dll, [system root]\\system\\oleproc.exe, [system root]\\system\\pnpmgr.pci, [system root]\\system\\vmldr.vxd, toolhelp.c, vxxxd.asm Other programs to remove Donald Dick:• SUPERAntiSpyware - Review - Download• CounterSpy - Review - Download • Windows Defender - Review - Download Information added: 19/03/05 Information updated: 06/02/06 Additional resources related to Donald Dick:Attention: If you know or you have a website or page about Donald Dick removal, feel free to add a link to this list: add url
more resources Post Comment:Attention: Use this form only if you have additional information about Donald Dick parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
|
Latest spyware news:
 What could happen if you’d replied to every single spam message? Is your web browser safe? Supervisor of the newest Nigerian scam gets punished MySpace spammer sentenced to pay $6 million Security experts are worried about home computers France and Japan combines efforts to fight cyber crimes Why can’t spam say goodbye? The most secure and the most insecure domains of virtual world Beware of new scam targeting online banking accounts Why hackers are faster than you areSubscribe to news 
Similar parasites:
|
FORUM:
HELP:
