l32x.exe - Dangerous


Manual removal instructions:

Antivirus Report of l32x.exe:
l32x.exe Malware
l32x.exeHigh Risk
This worm is a part of the Dumaru family, which spreads via the Internet as files attached to infected messages.
The worm includes a backdoor function and a Trojan program which enables it to steal information.

When installing, the worm copies itself to the Windows system directory under the names l32.exe and vxd32.exe, and to the startup directory under the name dllxw.exe.

It registers itself in the system register:
"load32" = "%windir%\%system%\l32x.exe"

The worm searches all directories on accessible local disks for files with the extensions htm, wab, html, dbx, tbb, abd, highlights lines which are email addresses and then sends infected messages to these address.
Infected messages have the following characteristics:

Sender's address:
Message header:
Important information for you. Read it immediately !
Message body:
Hi !
Here is my photo, that you asked for yesterday.

In order to send messages, the worm uses its own SMTP engine, giving the return address as address@dyandex.ru. All notifications sent by mail scanners about the fact that the worm has been detected in messages will therefore be sent to this address.

The worm opens port 10000 to receive hacker's commands.
The worm also has a keyboard logging function, and is able to save all information entered via the keyboard to a separate file.
Remove this worm by RegRun Startup Optimizer.

Remove l32x.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.