Dumador.IK

Download VIRUSfighter NOW
Dumador.IK Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 8/11/2005 • Type: Backdoor
• Virus characteristics first published: 8/11/2005 • Spreading mechanism: Other
• Virus characteristics latest update: 11/28/2005 • Overall risk: Medium
• Alias: Dumador.DG, Win32.Bambo, W32/Dumador.AG@bd, W32/Dumador.J-bdr, BKDR_DUMADOR.AX, Backdoor.Nibu • Payload: Keylogger

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
When run, Dumador.IK copies itself to the following location:

  • %WINDIR%\SYSTEM\winldra.exe

The backdoor also drops the following files during execution:

  • %WINDIR%\netdx.dat
  • %WINDIR%\dvpd.dll
  • %WINDIR%\TEMP\fe43e701.htm

Dumador.IK then creates a new registry entry, to ensure it gets started with Windows:

  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32 = C:\WINDOWS\SYSTEM\winldra.exe

The worm may also modify these registry keys/values, during the course of execution:

  • HKCU\Software\SARS

  • HKLM\System\CurrentControlSet\Services\SharedAccess\Start

  • HKCU\Software\Microsoft\Internet Explorer\Main\SocksPort

  • HKCU\Software\Microsoft\Internet Explorer\Main\AllowWindowReuse
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter