Donald Dick. How to remove? (Uninstall guide)

removal by Jake Doevan - - | Type: Remote Administration Tools
12

This RAT is a powerful hacking tool, used to control victim’s PC remotely and collect vital user info by logging all keystrokes. The origination place is Russia. The client is written in Delphi programming language and the server in C. Many variants appeared from August 1999 to July 2004. The author of this pest is Badman Forever. The infection peaked in such countries as China, Italy, Portugal, Turkey, United Kingdom and United States. It affects Windows 9x, NT operating systems. Other versions can be found under such names as Donald Dick 1.5 Beta 3, Donald Dick 1.52, Donald Dick 1.53, Donald Dick 1.54, Donald Dick 1.55.

From the publisher:

” * under Windows95/98: HKLM\System\CurrentControlSet\Services\VxD\VMLDR
* under WindowsNT: HKLM\System\CurrentControlSet\Control\\Session Manager

Installation:

When distribution file is launched:
1. kills existing Dick server
2. extracts the following files into system directory:
under Windows95/98:
oleproc.exe
pnpmgr.pci
vmldr.vxd
under WindowsNT:
oleproc.exe
pmss.exe
bootexec.exe
3. modifies registry
under Windows95/98:
creates VMLDR subkey in HKLM\System\CurrentControlSet\Services\VxD;
creates necessary values in that subkey to load vmldr.vxd when
the system starts up;
under WindowsNT:
adds string “bootexec.exe” to the BootExecute value in the subkey
HKLM\System\CurrentControlSet\Control\\Session Manager
4. creates PData0 and PData1 parameters with values
‘D’,0,’0′,’x’,’9′,’0′,’1′,’5′ and
‘D’,0′,’2′,’3′,’4′,’7′,’7′
5. extracts plugins:
jpegcomp.dll (full version only)
6. spawns oleproc.exe

Loading:

1. Dick loader is launched by windows:
NT:
bootexec.exe, at the blue screen time
loader creates the service to be launched later;
the executable file of the service is oleproc.exe
95/98:
vmldr.vxd, init order is SHELL_INIT_ORDER+10
loader calls Win32 ShellExecute service to spawn oleproc.exe;
this VxD also may be loaded dynamically to perform thread management
functions
2. oleproc.exe (launched by loader, installer or manually) kills
existing Dick server, copies itself to:
under WindowsNT:
pmss.exe
under Windows95/98:
pnpmgr.pci
and launches it;
this is done to keep executable file closed to allow upgrades;
during upgrade oleproc.exe is replaced by the new file and that file
is launched immediately
3. pmss.exe under WindowsNT:
stops oleproc.exe service and removes it (unfortunately, you may see
this service for a short time if you quickly log on and open ‘services’
applet in the control panel)
pnpmgr.pci under Windows95/98:
hides itself

at the end of this process pmss.exe or pnpmgr.pci is the Donald Dick server”

do it now!
Download
Reimage (remover) Happiness
Guarantee
Download
Reimage (remover) Happiness
Guarantee
Compatible with Microsoft Windows Compatible with OS X
What to do if failed?
If you failed to remove infection using Reimage, submit a question to our support team and provide as much details as possible.
We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use. By Downloading any provided Anti-spyware software to remove Donald Dick you agree to our privacy policy and agreement of use.
Reimage is recommended to uninstall Donald Dick. Free scanner allows you to check whether your PC is infected or not. If you need to remove malware, you have to purchase the licensed version of Reimage malware removal tool.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

More information about this program can be found in Reimage review.

More information about this program can be found in Reimage review.
Alternate Software
Plumbytes Anti-Malware
We have tested Plumbytes Anti-Malware's efficiency in removing Donald Dick (2006-02-06)
Malwarebytes Anti Malware
We have tested Malwarebytes Anti Malware's efficiency in removing Donald Dick (2006-02-06)
Hitman Pro
We have tested Hitman Pro's efficiency in removing Donald Dick (2006-02-06)
Webroot SecureAnywhere AntiVirus
We have tested Webroot SecureAnywhere AntiVirus's efficiency in removing Donald Dick (2006-02-06)

Donald Dick manual removal:

Kill processes:
\system\otl32.exe,backdoor.donalddick.153.exe,client.exe,ddc152.exe,ddc153.exe,ddc15a.exe,ddcg152.exe,ddcw.exe,ddick.exe,dds153.exe,ddsetup.exe,ddsfind.exe,ddsl15a.exe,install.exe,msaver.exe,mssupd.exe,multiple156.exe,recover.exe,[system,root]\system\oleproc.exe

Unregister DLLs:
[system root]\system\jpegcomp.dll

Delete files:
!exedef \system\otl32.exe,array.c,array.h,backdoor.donalddick.153.exe,chat.c,client.exe,clmain.c,context.inc,cracker.ws.txt,ddc152.exe,ddc153.exe,ddc15a.exe,ddcg152.exe,ddcw.exe,ddick.exe,dds153.exe,ddsetup.c,ddsetup.exe,ddsetup.ini,ddsetup.lnk,ddsetup.rc,ddsfind.c,ddsfind.exe,ddsfind.lnk,ddsl15a.exe,dick.c,dick.diz,dick.lnk,dick.rc,executive.c,executive.h,executive_shots.c,executive_sysspec.c,file_id.diz,funccodes.h,hddkill.asm,install.c,install.exe,installer.c,itable2.inc,jpegcomp.c,keycode.txt,lzwcomp.c,makefile mem.c,more msaver.c,msaver.exe,mssupd.c,mssupd.exe,multiple156.exe,network.c,network.h,network2.c,options.c,paths.c,paths.h,pe.c,pe.h,peloader.asm,rand.c,rand.c1,readme.txt,readme_c.txt,readme_s.txt,recover.c,recover.exe,registry.c,registry.h,rsa.h,rsa.obj,sm.c,sm.c1,sm.h,sm.inc,sm2.c,smdata.c,smdebug.c,smint.h,smloader.asm,smtables.asm,stdlib.c,stdlib.h,stringlist.c,switches.h,syslogsender.c,[system root]\system\jpegcomp.dll,[system root]\system\oleproc.exe,[system root]\system\pnpmgr.pci,[system root]\system\vmldr.vxd,toolhelp.c,vxxxd.asm

About the author

Jake Doevan
Jake Doevan - Computer technology expert

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

More information about the author