- Blocks internet connection
- Block exe files from running
- Installs itself without permissions
- Connects to the internet without permission
- Normal system programs crash immediatelly
- Slow internet connection
- System crashes
- Slow Computer
Worm.DorkbotWorm.Dorkbot is a malicious worm which spreads through instant messaging services such as Windows Live and Yahoo! Messenger, and removable drives. This malicious worm also contains backdoor functionality, which will grant complete access to remote attackers to the infected PC. Worm.Dorkbot also operates under various aliases, one of which is: Trojan.Win32.Scar.drih This worm was first released on 9 March 2011, and has gone on to infect thousands of PCs across the globe. What makes it even more dangerous is the fact that Worm.Dorkbot does not present any obvious symptoms, and the only symptoms that would indicate the presence of the worm on the PC will come from installed security software. This will make it much more difficult for the user to detect and remove Worm.Dorkbot from the system. After Worm.Dorkbot enters the system, it will execute itself and copy itself to the %AppData% directory using randomly generated 6 letter file names, as an example ozkqke.exe. It will modify the following entry to execute this file at each Windows start: In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run One running, Worm.Dorkbot will inject its code into explorer.exe, as well as into many other running processes on the infected PC. The number of processes Worm.Dorkbot is able to inject into depends on whether it has been run with administrator privileges. Worm.Dorkbot will connect to particular IRC servers, joining channels and waiting for further commands from its developers. Following is a list of servers Worm.Dorkbot has been known to connect to without the user’s knowledge:
Developers behind Worm.Dorkbot can instruct the worm to obtain the affected PC’s IP address and location by connecting to api.wipmania.com. It will then collect the infected PC’s operating system type, current user privilege level and locale. The worm will also be instructed to stop the user from viewing or altering its files. This is done by hooking the following functions inside which it is injected:
The worm will also block the user’s access to the following security websites:
In order to get rid of Worm.Dorkbot, and limit the damage this malicious threat will be able to cause your PC destroy Worm.Dorkbot with the help of a powerful security tool, which will also adequately protect your PC against similar attacks in future. |
Download Spyware Removal Tool to Remove*
Worm.Dorkbot
|
How to manually remove Worm.Dorkbot
Files associated with Worm.Dorkbot infection:
_ex-68.exe
vkAHVCUBeFA.exe
FAE8.exe
mdm.exe
wins.exe
VideoPlayerSetup.exe
USB3Nw32.dll
svchost.exe
showmyhey.exe
OghDDYNXd.exe
lWyWpByYuAxScAkJuTlKxHbLuAcJlCsJpJoXiYlFgHnPaAaQgVqNkXuUyPhLsWlCoNmKbWcB.exe
JFhHPRcFiCtyNEO.exe
Framework.exe
B8DEA5BBB4F.exe
web2net.exe
Uaisim.exe
512E.exe
Xntkth.exe
Txnsnl.cmd
Okpkpy.exe
Mhwgws.exe
Inbubc.exe
17.exe
Yvhyhw.exe
ojber.exe
Obisig.cmd
4C24.exe
xci32.exe
Wbnmni.exe
Wtqoqk.exe
279952476132251.exe
sqlesw32.dll
ntusbw32.dll
Vdwiwd.exe
nvidia.exe
Ehueui.exe
Ajnene.exe
x.exe
Vlzqzl.exe
Invmvu.exe
Hnfsfz.exe
Gywwwc.exe
Golglm.exe
Gdaoau.exe
E49.exe
6to4ex.dll
ecleaner.exe
Uvxsxm.exe
Pulold.exe
ogcv98.dll
winlog.exe
servidor.exe
nmtd.exe
n4ix2zw.exe
msado320.tlb
bootcfgx.exe
adsldp32.exe
mswdat1032.exe
lsass.exe
dtca.exe
7wondersres.dll
Leugur.exe
Worm.Dorkbot DLL's to remove:
USB3Nw32.dll
sqlesw32.dll
ntusbw32.dll
6to4ex.dll
ogcv98.dll
7wondersres.dll
Worm.Dorkbot processes to kill:
vkAHVCUBeFA.exe
FAE8.exe
mdm.exe
wins.exe
VideoPlayerSetup.exe
svchost.exe
showmyhey.exe
OghDDYNXd.exe
lWyWpByYuAxScAkJuTlKxHbLuAcJlCsJpJoXiYlFgHnPaAaQgVqNkXuUyPhLsWlCoNmKbWcB.exe
JFhHPRcFiCtyNEO.exe
Framework.exe
B8DEA5BBB4F.exe
web2net.exe
Uaisim.exe
512E.exe
Xntkth.exe
Okpkpy.exe
Mhwgws.exe
Inbubc.exe
17.exe
Yvhyhw.exe
ojber.exe
4C24.exe
xci32.exe
Wbnmni.exe
Wtqoqk.exe
279952476132251.exe
Vdwiwd.exe
nvidia.exe
Ehueui.exe
Ajnene.exe
x.exe
Vlzqzl.exe
Invmvu.exe
Hnfsfz.exe
Gywwwc.exe
Golglm.exe
Gdaoau.exe
E49.exe
ecleaner.exe
Uvxsxm.exe
Pulold.exe
winlog.exe
servidor.exe
nmtd.exe
n4ix2zw.exe
bootcfgx.exe
adsldp32.exe
mswdat1032.exe
lsass.exe
dtca.exe
Leugur.exe
Comments
Thanks, i was solved this problem without re-installing my windows and it´s very efficient.
bairon,
Glad to know we could help!
i got it in pendrive and i cant take off :(
i need your help the issas.exe became a critical system process so what do i do now?