NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
Title: Donald Dick
Type: Remote Administration Tools

Remove Donald Dick. Removal instructions


 
Severity scale:Donald Dick severity is 70  (70 / 100)
 
This RAT is a powerful hacking tool, used to control victim's PC remotely and collect vital user info by logging all keystrokes. The origination place is Russia. The client is written in Delphi programming language and the server in C. Many variants appeared from August 1999 to July 2004. The author of this pest is Badman Forever. The infection peaked in such countries as China, Italy, Portugal, Turkey, United Kingdom and United States. It affects Windows 9x, NT operating systems. Other versions can be found under such names as Donald Dick 1.5 Beta 3, Donald Dick 1.52, Donald Dick 1.53, Donald Dick 1.54, Donald Dick 1.55.

From the publisher:

" * under Windows95/98: HKLM\System\CurrentControlSet\Services\VxD\VMLDR
* under WindowsNT: HKLM\System\CurrentControlSet\Control\\Session Manager

Installation:

When distribution file is launched:
1. kills existing Dick server
2. extracts the following files into system directory:
under Windows95/98:
oleproc.exe
pnpmgr.pci
vmldr.vxd
under WindowsNT:
oleproc.exe
pmss.exe
bootexec.exe
3. modifies registry
under Windows95/98:
creates VMLDR subkey in HKLM\System\CurrentControlSet\Services\VxD;
creates necessary values in that subkey to load vmldr.vxd when
the system starts up;
under WindowsNT:
adds string "bootexec.exe" to the BootExecute value in the subkey
HKLM\System\CurrentControlSet\Control\\Session Manager
4. creates PData0 and PData1 parameters with values
'D',0,'0','x','9','0','1','5' and
'D',0','2','3','4','7','7'
5. extracts plugins:
jpegcomp.dll (full version only)
6. spawns oleproc.exe



Loading:

1. Dick loader is launched by windows:
NT:
bootexec.exe, at the blue screen time
loader creates the service to be launched later;
the executable file of the service is oleproc.exe
95/98:
vmldr.vxd, init order is SHELL_INIT_ORDER+10
loader calls Win32 ShellExecute service to spawn oleproc.exe;
this VxD also may be loaded dynamically to perform thread management
functions
2. oleproc.exe (launched by loader, installer or manually) kills
existing Dick server, copies itself to:
under WindowsNT:
pmss.exe
under Windows95/98:
pnpmgr.pci
and launches it;
this is done to keep executable file closed to allow upgrades;
during upgrade oleproc.exe is replaced by the new file and that file
is launched immediately
3. pmss.exe under WindowsNT:
stops oleproc.exe service and removes it (unfortunately, you may see
this service for a short time if you quickly log on and open 'services'
applet in the control panel)
pnpmgr.pci under Windows95/98:
hides itself

at the end of this process pmss.exe or pnpmgr.pci is the Donald Dick server"

Donald Dick properties:
• Allows remote user connection
• Hides from the user
• Stays resident in background

Automatic Donald Dick removal:

remover for Donald Dick
SpyHunter is recommended remover to uninstall Donald Dick. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manul removal instructions below.

If you failed to remove Donald Dick using SpyHunter please report this to us.

We might be affiliated with any product we recommend on the site. Full disclosure in our Agreement of Use.
STOPzilla
download | review
We are testing STOPzilla's efficiency at removing Donald Dick (2006-02-06 23:40:01)
Malwarebytes Anti Malware
download | review
We are testing Malwarebytes Anti Malware's efficiency at removing Donald Dick (2006-02-06 23:40:01)
Spyware Doctor
download | review | tutorial
We are testing Spyware Doctor's efficiency at removing Donald Dick (2006-02-06 23:40:01)
XoftSpySE Anti Spyware
download | review

Donald Dick manual removal:

Kill processes:
\\system\\otl32.exe, backdoor.donalddick.153.exe, client.exe, ddc152.exe, ddc153.exe, ddc15a.exe, ddcg152.exe, ddcw.exe, ddick.exe, dds153.exe, ddsetup.exe, ddsfind.exe, ddsl15a.exe, install.exe, msaver.exe, mssupd.exe, multiple156.exe, recover.exe, [system, root]\\system\\oleproc.exe
HELP:
how to kill malicious processes

Unregister DLLs:
[system root]\\system\\jpegcomp.dll
HELP:
how to unregister malicious DLLs

Delete files:
!exedef \\system\\otl32.exe, array.c, array.h, backdoor.donalddick.153.exe, chat.c, client.exe, clmain.c, context.inc, cracker.ws.txt, ddc152.exe, ddc153.exe, ddc15a.exe, ddcg152.exe, ddcw.exe, ddick.exe, dds153.exe, ddsetup.c, ddsetup.exe, ddsetup.ini, ddsetup.lnk, ddsetup.rc, ddsfind.c, ddsfind.exe, ddsfind.lnk, ddsl15a.exe, dick.c, dick.diz, dick.lnk, dick.rc, executive.c, executive.h, executive_shots.c, executive_sysspec.c, file_id.diz, funccodes.h, hddkill.asm, install.c, install.exe, installer.c, itable2.inc, jpegcomp.c, keycode.txt, lzwcomp.c, makefile mem.c, more msaver.c, msaver.exe, mssupd.c, mssupd.exe, multiple156.exe, network.c, network.h, network2.c, options.c, paths.c, paths.h, pe.c, pe.h, peloader.asm, rand.c, rand.c1, readme.txt, readme_c.txt, readme_s.txt, recover.c, recover.exe, registry.c, registry.h, rsa.h, rsa.obj, sm.c, sm.c1, sm.h, sm.inc, sm2.c, smdata.c, smdebug.c, smint.h, smloader.asm, smtables.asm, stdlib.c, stdlib.h, stringlist.c, switches.h, syslogsender.c, [system root]\\system\\jpegcomp.dll, [system root]\\system\\oleproc.exe, [system root]\\system\\pnpmgr.pci, [system root]\\system\\vmldr.vxd, toolhelp.c, vxxxd.asm
HELP:
how to remove harmful files
Information added: 2005-03-19 05:15:44
Information updated: 2006-02-06 21:02:46

Additional resources related to Donald Dick:

Attention: If you know or you have a website or page about Donald Dick removal, feel free to add a link to this list: add url
more resources

Post Comment:

Attention: Use this form only if you have additional information about Donald Dick parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Latest spyware news:
Subscribe to news

Similar parasites:
Compare spyware removers
Compare free products

HijackThis Log Analyzer Beta 2 HijackThis Log Analyzer Beta 2

I failed to remove Donald Dick using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.