dcemgr.exe - Dangerous
dcemgr.exe
Manual removal instructions:
Antivirus Report of dcemgr.exe:
dcemgr.exe
Backdoor.Tumag allows unauthorized remote access to an infected computer. By default, the backdoor listens on TCP port 9010.
When Backdoor.Tumag is executed, it performs the following actions:
Copies itself as:
%System%\dcemgr.exe
%System%\dcemgr2.exe
Creates the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DCE
to keep track of the infection's progress.
Connects to dns2010.vicp.net or 218.242.161.151 on port 9002 to notify the author of the backdoor.
Opens a backdoor on TCP port 9010 and listens for commands from the attacker.
The backdoor can perform the following default actions:
- Update itself
- Take a screenshot
- Provide system information
- Create files
- Execute programs
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "DCE Manager"="%System%\dcemgr.exe"
dcemgr.exe | Malware |
dcemgr.exe | Dangerous |
dcemgr.exe | High Risk |
When Backdoor.Tumag is executed, it performs the following actions:
Copies itself as:
%System%\dcemgr.exe
%System%\dcemgr2.exe
Creates the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DCE
to keep track of the infection's progress.
Connects to dns2010.vicp.net or 218.242.161.151 on port 9002 to notify the author of the backdoor.
Opens a backdoor on TCP port 9010 and listens for commands from the attacker.
The backdoor can perform the following default actions:
- Update itself
- Take a screenshot
- Provide system information
- Create files
- Execute programs
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "DCE Manager"="%System%\dcemgr.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.