Characteristics. Allows others to access the computer; Modifies data on the
computer; Deletes files off the computer; Steals information; Drops more malware
Troj/Dumaru-BE is a password stealing Trojan for the Windows platform. When
run, the Trojan drops the files dvpd.dll, prntsvra.dll and winsms.dll to the Windows
<Windows>\dvpd.dll - Troj/Dumaru-BE <Windows>\netdx.dat - data file <
Windows>\prntsvra.dll - Troj/Dumaru-BD <Windows>\winsms.dll - Troj/Dumaru-BI
... folder with the filenames WMPLAYER.EXE and WMPLAYER2.EXE. These files
are currently detected as Troj/PWSAgent-A and Troj/Dumaru-BE respectively.
... attempts to bypass system security by injecting the downloader code into the
taskbar. At the time of writing, the file downloaded is detected as Troj/Dumaru-BE.
EXE as Troj/Dumaru-BE and WMPLAYER2.EXE as Troj/Banker-CK. Troj/Dloader
-MZ may also place a downloading component in the Fonts folder (typically ...