Removal tool for Dybalom.gd Trojan and Key logger not detected yet
August 28, 2009 by admin
Filed under Removal Tips,Tools and Videos
1,138 views 1 Comment
Dybalom.gd is a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.)
Severity Level : 9/10
Alias:
- Mal/Generic-A [Sophos]
- Trojan-PSW.Win32.Dybalom.gd [Kaspersky Lab]
- Trojan.PSW.Dybalom.GD [McAfee-GW-Edition]
- Trojan-PSW.Win32.Dybalom.gd [F-Secure]
- TR/PSW.Dybalom.GD [AntiVir]
- Trj/CI.A [Panda]
VirusTotal Report : (Click Here)
File System Modifications
The following files were created in the system:
- %systemdrive%\Windows\System32\tasknngr.exe
- %systemdrive%\asdfasdfasdfasfsa.exe
Note:
- %systemdrive% is a variable that refers to the System Drive . By default, this is “C:\” (Windows NT/2000/XP).
Memory Modifications
There were new processes created in the system:
Process Name |
Process Filename |
| tasknngr.exe | %systemdrive%\Windows\System32\tasknngr.exe |
Registry Modifications
The newly created Registry Value is:
- [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] > “Microsoft” = tasknngr.exe
- [HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices] > “Microsoft” = tasknngr.exe
Removal Instructions
For auto removal :
Download Dybalom.gd Trojan removal tool that provided by virusexperts.org you can download it from Here.
Â
For manual removal First download these tools:
1- RRT : Registry, Task Manager and Folder Options Repair Tool (Click Here).
2- KillBox : Kill the Process if your Access Denied (Click Here).
3- Task Manager Enabler : (Click Here).
4- Registry Enabler : (Click Here).
Now Follow these instructions :
Recommend Removal from Safe Mode
To Start in Safe mode Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
End the Following Active Process Before Removal
Kill these Process, by using Killbox
- tasknngr.exe
-
[ No Exact Information about Files, search above related files in Program files Folder ] If you have any of these files in running process from task manger, end the process before removal.
-
Note: if task manager is disabled, Download Task Manager Enabler and Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
- Download this UnHookExec.inf, [ Right Click - Save Target As/Linked Content As ]
and then continue with the removal. Save it to your Windows desktop. Do not run it at this time, download it only. - After booting into the Safe Mode or VGA Mode.
- Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it].
- Or Download Regfile to enable Registry editor and Open it with Registry editor.
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
- The Key “Microsoft” with value “tasknngr.exe“
Related posts:
- Removal tool for Oficla.H!dll, Win32.Fregee.av (reader_s.exe, file1.exe) Trojan
- Removal tool for Magania.bzmw (Taterf.B,Win32.Inhoo) Trojan
- Removal of W32/Agent.JVW Trojan (Manual)
- Removal of W32/Inject.AAOH Trojan (Manual)
- Removal tool for Generic.Malware.SL!!M.807DC390 (mso.exe, usbflash.com) Keylogger
Comments
One Response to “Removal tool for Dybalom.gd Trojan and Key logger not detected yet”Trackbacks
Check out what others are saying about this post...[...] same virus for me . Dybalom.gd is a keylogger program that can capture all user keystrokes (including confidential details such username, password, credit card number, etc.) __________________ Out of my mind ! [...]