Characteristics. Allows others to access the computer; Modifies data on the
computer; Deletes files off the computer; Steals information; Drops more malware
Troj/Dumaru-BE is a password stealing Trojan for the Windows platform. When
run, the Trojan drops the files dvpd.dll, prntsvra.dll and winsms.dll to the Windows
<Windows>\dvpd.dll - Troj/Dumaru-BE <Windows>\netdx.dat - data file <
Windows>\prntsvra.dll - Troj/Dumaru-BD <Windows>\winsms.dll - Troj/Dumaru-BI
... folder with the filenames WMPLAYER.EXE and WMPLAYER2.EXE. These files
are currently detected as Troj/PWSAgent-A and Troj/Dumaru-BE respectively.
EXE as Troj/Dumaru-BE and WMPLAYER2.EXE as Troj/Banker-CK. Troj/Dloader
-MZ may also place a downloading component in the Fonts folder (typically ...
... attempts to bypass system security by injecting the downloader code into the
taskbar. At the time of writing, the file downloaded is detected as Troj/Dumaru-BE.