D2 Remover (d2 virus removal tool)
Posted by Daniel - 635 Views
Well, it’s a virus removal program. From the title you know it will removes the d2 virus from your system. d2 virus is also known as dkernel, lExplorer, decoil daun and dEngines. Below is the information about the virus activities inside an infected system:
Creates lExplore.exe (not iExplore) in c:\windows. The file size is 28 KB.
Creates a folder named I75-D2 in C:\Windows\System32 (WinXP) or in C:\Windows\System (Win98). The folder contains 3 files:
DKERNEL.EXE - 154KB
INZ.D - 1KB
The content of the INZ.D will be like this:
start=yes
MyName=decoil daun (d2)
MyPath=C:\WINDOWS\System32\I75-D2\dkernel.exe
ComeAt=Jam 18: 54 –25/01/2006
Level=Moderate (can cange level of virus)
Winamp=C:\PROGRAM FILES\WINAMP\winamp.exe
Tampungan=C:\WINDOWS\System32\I75-D2\dTemp
Author=FM nibO
Duplicates the file DKERNEL.EXE to some other name ended with .DOC extension in the target folder and the duplicated file’s Icon is not always the same.
Creates these registry entry
"Shell"="Explorer.exe lExplorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dKernel"="C:\\WINDOWS\\System32\\I75-D2\\dkernel.exe"
"lExplorer"="C:\\WINDOWS\\lExplorer.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe lExplorer.exe"
If you take a look on the Task Manager, lExplorer process and dkernel process will be visible. This virus make the infected system run slower than usual. At 12 PM it will display an annoying graphic, take over the system and force you to stop your works. d2 is also renames winamp.exe into winamp_d2.exe and creates a copy of itself as winamp.exe. Same process also applied to winamp.ini.
This program was built with Visual Basic 6, had been tested on the coder’s machine and worked well, but it may not produces the same result on your system. The coder will take no responsibilities of any kind. Please use it at your own risk.
Download D2-Remover (8 KB)
__________________________
The following posts are programmatically considered as related to the current post by YARPP Plugin:
Related posts brought to you by Yet Another Related Posts Plugin.
share this article
Latest from Tested Software
- Sweet Home 3D, a free home design software
- SmartFTP Client is no longer Free. What would be the best replacement for it?
- Kantaris Media Player, The most suitable Free Media Player on my Audio Environment
- TCPView for Windows, Tool to check TCP and UDP Connections on your system
- The Code Snippet Plugin, my favourite syntax highlighter plugin for WordPress
Leave a Reply
Latest Blog Entries
- Sweet Home 3D, a free home design software
- 26x Optical Zoom on a Compact Digital Camera?
- Windows 7 Release Candidate is now available
- Microsoft Excel Import External Data Problem: When Microsoft Query doesn’t recognize some of your parameters
- The Lack of Chances is the Source of Poverty, Can we make a different?
- SmartFTP Client is no longer Free. What would be the best replacement for it?
- Kantaris Media Player, The most suitable Free Media Player on my Audio Environment
Categories
Neighbours and Friends
- Anti Teori
- Busby SEO Test Page
- Deny Sri
- Digital Media Convert
- Freeware Maniac
- Oeroek
- RidhoCyber
- Suraja Web
Comments - Thanks Guys :)
Therese Lachance: Hi, Any idea how to have ContuttoPDF fetch the correct page language?
Marlena Albu: Super Blog, Dude! I am constantly on the watch for new and interesting sites and postings about audio equipment… which is what...
tresloukadu: yo how did u fixed when the tags shows <? and it shows < “& l t ; ” ?? please send me an email.
Sean: This is a great piece of code and thanks for adding the updates. Sean’s last blog post: Not All Text Message Marketing Is Created...
rodhy: Thank for your code, it very usefull for me. best regard.
Most Popular Entries
- Passing arguments to your VB.NET console application
- ConsoleProgressBar - Simple Progress Bar Function for your VB.Net Console Application
- ASCII To PDU Converter (Convert ASCII to PDU and vice versa)
- An example: Using CPort Delphi Component to read data from your cellphone
- Microsoft Excel Import External Data Problem: When Microsoft Query doesn’t recognize some of your parameters
Software Collections
- Sweet Home 3D, a free home design software
- SmartFTP Client is no longer Free. What would be the best replacement for it?
- Kantaris Media Player, The most suitable Free Media Player on my Audio Environment
- TCPView for Windows, Tool to check TCP and UDP Connections on your system
- The Code Snippet Plugin, my favourite syntax highlighter plugin for WordPress
Blogging Related Stuff
- Change the WordPress permalink structure to the best format, and yes it’s a little bit scary :D
- Something is wrong, the Google Search Result from my blog looks bad, don’t laugh please :D
- Several tips to reduce Blog Noise, especially when your blog covers more than one niche
- How to remove your indexed pages or even your entire site from Google and Yahoo!
