kmousedrv.dll - Dangerous
kmousedrv.dll
Manual removal instructions:
Antivirus Report of kmousedrv.dll:
kmousedrv.dll
kmousedrv.dll is a mass-mailing worm W32.Kalel.A@mm.
kmousedrv.dll opens a back door on TCP port 51435.
kmousedrv.dll spreads via open network shares.
kmousedrv.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Windir%\system\csrss.exe
%Windir%\system\services.exe
%Windir%\system\lsass.exe
%Windir%\system\lmousedrv.dll
%Windir%\system\kmousedrv.dll
%Windir%\system32\Kalel
%Windir%\system32\Kalel.gif
%Windir%\system32\irpa_driver.dat
%Windir%\system32\mrundll.uu3
%Windir%\system32\rundll.uu2
%Windir%\system32\rundll64.uu
%Windir%\system32\frundll32.ocx
%Windir%\system32\lrundll16.dat
%Windir%\system32\nrundll.gy
C:\inetpub\wwwroot\password.zip
C:\inetpub\wwwroot\index.html
Adds the value:
"Windows Security Authority Service" = "%Windir%\system\lsass.exe"
"Windows Service" = "%Windir%\system\services.exe"
"Microsoft Windows CSRSS" = "%Windir%\system\csrss.exe"
to the Windows startup registry keys.
Removal:
Remove kmousedrv.dll from Windows startup.
kmousedrv.dll | Malware |
kmousedrv.dll | Dangerous |
kmousedrv.dll | High Risk |
kmousedrv.dll opens a back door on TCP port 51435.
kmousedrv.dll spreads via open network shares.
kmousedrv.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Windir%\system\csrss.exe
%Windir%\system\services.exe
%Windir%\system\lsass.exe
%Windir%\system\lmousedrv.dll
%Windir%\system\kmousedrv.dll
%Windir%\system32\Kalel
%Windir%\system32\Kalel.gif
%Windir%\system32\irpa_driver.dat
%Windir%\system32\mrundll.uu3
%Windir%\system32\rundll.uu2
%Windir%\system32\rundll64.uu
%Windir%\system32\frundll32.ocx
%Windir%\system32\lrundll16.dat
%Windir%\system32\nrundll.gy
C:\inetpub\wwwroot\password.zip
C:\inetpub\wwwroot\index.html
Adds the value:
"Windows Security Authority Service" = "%Windir%\system\lsass.exe"
"Windows Service" = "%Windir%\system\services.exe"
"Microsoft Windows CSRSS" = "%Windir%\system\csrss.exe"
to the Windows startup registry keys.
Removal:
Remove kmousedrv.dll from Windows startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.