Aug 5th 2010
Dabber Removal Tool Crack + Serial Key Updated
Download Dabber Removal Tool
-
Dabber清除工具是一个小型但有效的工具这一目标的Win32.蠕虫。Dabber的。一个恶意软件。
存在的package.exe 在"c:文件和SettingsAll UsersStart MenuProgramsStartup","%的所有UsersMain menuProgramsStartUp"和"%system32%"的文件夹和程序清单。
存在启动登记册的关键"HKLMSoftwareMicrosoftWindowsCurrentversionrun"string"sassfix"指点"%system32%packer.exe"上。
时运行蠕虫试图复制本身在三个文件夹上文所示,创建一个互斥所谓的"sas4dab"为了避免再感染。
之后,它试图删除以下关键从注册表:
HKCRCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED}InProcServer32(默认)
HKLMSoftwareMicrosoftWindowsCurrentversionrungremlin
HKCUSoftwareMicrosoftWindowsCurrentversionrungremlin
HKLMSoftwareMicrosoftWindowsCurrentversionruntaskmon
HKCUSoftwareMicrosoftWindowsCurrentversionruntaskmon
HKLMSoftwareMicrosoftWindowsCurrentversionrunvideo
HKCUSoftwareMicrosoftWindowsCurrentversionrunavserve
HKLMSoftwareMicrosoftWindowsCurrentversionrunavserve
HKCUSoftwareMicrosoftWindowsCurrentversionrunavvserrve32
HKLMSoftwareMicrosoftWindowsCurrentversionrunavvserrve32
HKCUSoftwareMicrosoftWindowsCurrentVersionRunavserve2.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunavserve2.exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunlsasss.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunlsasss.exe
HKCUSoftwareMicrosoftWindowsCurrentversionrunlsasss
HKLMSoftwareMicrosoftWindowsCurrentversionrunlsasss
HKCUSoftwareMicrosoftWindowsCurrentVersionRunssgrate.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunssgrate.exe
HKCUSoftwareMicrosoftWindowsCurrentversionrunssgrate
HKLMSoftwareMicrosoftWindowsCurrentversionrunssgrate
HKCUSoftwareMicrosoftWindowsCurrentVersionRundrvsys.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRundrvsys.exe
HKCUSoftwareMicrosoftWindowsCurrentversionrundrvsys
HKLMSoftwareMicrosoftWindowsCurrentversionrundrvsys
HKCUSoftwareMicrosoftWindowsCurrentversionrundrvddll_exe
HKLMSoftwareMicrosoftWindowsCurrentversionrundrvddll_exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunDrvddll.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunDrvddll.exe
和所有以下:
Microsoft更新
windows
Windows驱动的兼容性
通用的主机服务
skynetave.exe
navapsrc.exe
lsasss.exe
drvddll.exe
ssgrate.exe
WinMsrv32
soundcontrl
系统更新服务
BagleAV
MapiDrv
SkynetRevenge
TempCom
视频流程
窗口
从以下项:
HKLMSoftwareMicrosoftWindowsCurrentversionrun
HKCUSoftwareMicrosoftWindowsCurrentversionrun
HKCU的。DEFAULTSOFTWAREMicrosoftWindowsCurrentversionrun
HKLMSOFTWAREMicrosoftWindowsCurrentversionrunservices
-
Dabber हटाने के उपकरण के एक छोटे लेकिन प्रभावी उपयोगिता है कि लक्ष्य Win32.Worm.Dabber.एक मैलवेयर है.
की उपस्थिति package.exe में "c:दस्तावेज़ और SettingsAll UsersStart MenuProgramsStartup", "%windir%सभी UsersMain menuProgramsStartUp" और "%system32%" फ़ोल्डर और प्रक्रियाओं की सूची ।
उपस्थिति में शुरू हुआ रजिस्ट्री कुंजी "HKLMSoftwareMicrosoftWindowsCurrentversionrun की" स्ट्रिंग "sassfix इशारा करते हुए" के लिए "%system32%packer.exe".
जब चलाने के लिए कीड़ा की कोशिश करता है की नकल करने में ही तीन फ़ोल्डरों ऊपर दिखाया गया है, तो बनाता है एक mutex "कहा जाता sas4dab" आदेश में से बचने के लिए reinfection.
उसके बाद यह कोशिश करता है को दूर करने के लिए निम्न कुंजियों से रजिस्ट्री:
HKCRCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED}InProcServer32(डिफ़ॉल्ट)
HKLMSoftwareMicrosoftWindowsCurrentversionrungremlin
HKCUSoftwareMicrosoftWindowsCurrentversionrungremlin
HKLMSoftwareMicrosoftWindowsCurrentversionruntaskmon
HKCUSoftwareMicrosoftWindowsCurrentversionruntaskmon
HKLMSoftwareMicrosoftWindowsCurrentversionrunvideo
HKCUSoftwareMicrosoftWindowsCurrentversionrunavserve
HKLMSoftwareMicrosoftWindowsCurrentversionrunavserve
HKCUSoftwareMicrosoftWindowsCurrentversionrunavvserrve32
HKLMSoftwareMicrosoftWindowsCurrentversionrunavvserrve32
HKCUSoftwareMicrosoftWindowsCurrentVersionRunavserve2.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunavserve2.exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunlsasss.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunlsasss.exe
HKCUSoftwareMicrosoftWindowsCurrentversionrunlsasss
HKLMSoftwareMicrosoftWindowsCurrentversionrunlsasss
HKCUSoftwareMicrosoftWindowsCurrentVersionRunssgrate.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunssgrate.exe
HKCUSoftwareMicrosoftWindowsCurrentversionrunssgrate
HKLMSoftwareMicrosoftWindowsCurrentversionrunssgrate
HKCUSoftwareMicrosoftWindowsCurrentVersionRundrvsys.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRundrvsys.exe
HKCUSoftwareMicrosoftWindowsCurrentversionrundrvsys
HKLMSoftwareMicrosoftWindowsCurrentversionrundrvsys
HKCUSoftwareMicrosoftWindowsCurrentversionrundrvddll_exe
HKLMSoftwareMicrosoftWindowsCurrentversionrundrvddll_exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunDrvddll.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunDrvddll.exe
और निम्न सभी स्ट्रिंग्स:
Microsoft अद्यतन
windows
Windows ड्राइव संगतता
जेनेरिक होस्ट सेवा
skynetave.exe
navapsrc.exe
lsasss.exe
drvddll.exe
ssgrate.exe
WinMsrv32
soundcontrl
प्रणाली Updater सेवा
BagleAV
MapiDrv
SkynetRevenge
TempCom
वीडियो प्रक्रिया
खिड़की
से निम्न कुंजियाँ:
HKLMSoftwareMicrosoftWindowsCurrentversionrun
HKCUSoftwareMicrosoftWindowsCurrentversionrun
HKCU.DEFAULTSOFTWAREMicrosoftWindowsCurrentversionrun
HKLMSOFTWAREMicrosoftWindowsCurrentversionrunservices
-
Dabber Removal Tool is a small but effective utility that targets the Win32.Worm.Dabber.A malware.
Presence of package.exe in "c:Documents and SettingsAll UsersStart MenuProgramsStartup", "%windir%All UsersMain menuProgramsStartUp" and "%system32%" folders and in processes list.
Presence in start-up registry key "HKLMSoftwareMicrosoftWindowsCurrentVersionRun" of the string "sassfix" pointing to "%system32%packer.exe".
When run the worm tries to copy itself in the three folders shown above, then creates a mutex called "sas4dab" in order to avoid reinfection.
After that it tries to remove the following keys from registry:
HKCRCLSID{E6FB5E20-DE35-11CF-9C87-00AA005127ED}InProcServer32(Default)
HKLMSoftwareMicrosoftWindowsCurrentVersionRunGremlin
HKCUSoftwareMicrosoftWindowsCurrentVersionRunGremlin
HKLMSoftwareMicrosoftWindowsCurrentVersionRunTaskMon
HKCUSoftwareMicrosoftWindowsCurrentVersionRunTaskMon
HKLMSoftwareMicrosoftWindowsCurrentVersionRunVideo
HKCUSoftwareMicrosoftWindowsCurrentVersionRunavserve
HKLMSoftwareMicrosoftWindowsCurrentVersionRunavserve
HKCUSoftwareMicrosoftWindowsCurrentVersionRunavvserrve32
HKLMSoftwareMicrosoftWindowsCurrentVersionRunavvserrve32
HKCUSoftwareMicrosoftWindowsCurrentVersionRunavserve2.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunavserve2.exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunlsasss.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunlsasss.exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunlsasss
HKLMSoftwareMicrosoftWindowsCurrentVersionRunlsasss
HKCUSoftwareMicrosoftWindowsCurrentVersionRunssgrate.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunssgrate.exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunssgrate
HKLMSoftwareMicrosoftWindowsCurrentVersionRunssgrate
HKCUSoftwareMicrosoftWindowsCurrentVersionRundrvsys.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRundrvsys.exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRundrvsys
HKLMSoftwareMicrosoftWindowsCurrentVersionRundrvsys
HKCUSoftwareMicrosoftWindowsCurrentVersionRunDrvddll_exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunDrvddll_exe
HKCUSoftwareMicrosoftWindowsCurrentVersionRunDrvddll.exe
HKLMSoftwareMicrosoftWindowsCurrentVersionRunDrvddll.exe
and all the following strings:
Microsoft Update
windows
Windows Drive Compatibility
Generic Host Service
skynetave.exe
navapsrc.exe
lsasss.exe
drvddll.exe
ssgrate.exe
WinMsrv32
soundcontrl
System Updater Service
BagleAV
MapiDrv
SkynetRevenge
TempCom
Video Process
Window
from the following keys:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
HKCU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionRun
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunServices
Leave a reply
Your email will not be published. Required fields are marked as *
