Spyware Doctor
PestPatrol Anti-Spyware
WinTasks 5 Pro
McAfee VirusScan
WebMail Spy
Panda Antivirus + Firewall 2007
BPS Adware and Spyware Remover
X-Cleaner
iSpyNOW
Smart Protector Pro
Anti-Keylogger CE
BlazingTools Perfect Keylogger
SpeedUpMyPC
Anti-Keylogger
Anti-Spam
Anti-Virus
Online Privacy
PC Monitoring
Personal Firewall
Spyware Remover
System Tool
How to Detect and Remove  eUniverse  Hijacker
How to Detect and Remove  CoolWebSearch Hijacker
How to Detect and Remove  NetSky.P Worm Virus
How to Detect and Remove  MoneyTree Dialer
How to Detect and Remove  n-NASE Adware
How to Detect and Remove  Spector Keylogger
How to Detect and Remove  SDBot Backdoor
How to Detect and Remove  CnsMin Hijacker
How to Detect and Remove  Web_Rebates Adware
How to Detect and Remove  TV Media Display Adware

Sign up for free up-to-date messages about your PC's security & privacy
              Email
Confirm email
     Your Name
  
Home » Articles » Removal Instructions for Worms » Dumaru
Removal Instructions for Dumaru

About Dumaru

Also known as: W32.Dumaru@mm, W32/Dumaru@MM, WORM_DUMARU.A

This mass mailing worm has been proactively detected with internal heuristics as "virus or variant of New Malware-b" with the 4.2.40 engine and 4239 DAT combination (or greater) since 12/23/2002.

The worm trawls the harddisk for files with extensions .htm .wab .html .dbx .tbb .abd for email addresses to send itself to. These email addresses are written to file winload.log.

Variants:

Removal Instructions
Automatic Removal:

Dumaru can be detected and removed AUTOMATICALLY by McAfee VirusScan, also SpyEraser.

Manual Removal:

To remove this virus "by hand", follow these steps:

  1. - Win9x/ME - Reboot the system into Safe Mode (hit the F8 key as soon as the Starting Windows text is displayed, choose Safe Mode.
    - WinNT/2K/XP - Terminate the processes:
    • LOAD32.EXE
    • VXDMGR32.EXE
    • DLLREG.EXE
       
  2. Delete the following files:
    • %WinDir%\DLLREG.EXE 
    • %SysDir%\LOAD32.EXE
    • %SysDir%\VXDMGR32.EXE
       
  3. Edit the registry
    • Delete the "Load32" value from
      • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
        Windows\CurrentVersion\Run
    • Edit the "Run" value in the following key from "C:\WINDOWS\DLLREG.EXE" to "":
      • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
    • Edit the "Shell" value in the following key from "explorer.exe %sysdir%\vxdmgr32.exe" to "explorer.exe":
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Additional Windows ME/XP removal considerations

Sponsored Links:

Removal Instructions for Other Worms

Remove Bagle Remove BugBear
Remove Doomjuice Remove Welchia
Remove Galil Remove Lovsan
Remove Mydoom Remove NetSky
Remove Swen Remove Vesser
More ... 
Premium Software

iNet-Mate.com uses and recommends:

Free Registry Scan!
94% of PC's have corrupt, unused and possibly harmful files. Clean, repair, and optimize your system with the #1 industry leading and award-winning Registry Booster from Uniblue. Start Free Scan

Boost Your PC Now!
Most PCs are not Optimized for Peak Performance! SpeedUpMyPC - the award winning utility software that ensures your PC is automatically optimized for maximum performance in just a few easy clicks. Free Scan Now

Copyright ©2004-2007 iNet-Mate.com. All rights reserved. Other Trademarks are the sole property of their respective owners.