lmousedrv.dll - Dangerous
lmousedrv.dll
Manual removal instructions:
Antivirus Report of lmousedrv.dll:
lmousedrv.dll
lmousedrv.dll is a mass-mailing worm W32.Kalel.A@mm.
lmousedrv.dll opens a back door on TCP port 51435.
lmousedrv.dll spreads via open network shares.
lmousedrv.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Windir%\system\csrss.exe
%Windir%\system\services.exe
%Windir%\system\lsass.exe
%Windir%\system\lmousedrv.dll
%Windir%\system\kmousedrv.dll
%Windir%\system32\Kalel
%Windir%\system32\Kalel.gif
%Windir%\system32\irpa_driver.dat
%Windir%\system32\mrundll.uu3
%Windir%\system32\rundll.uu2
%Windir%\system32\rundll64.uu
%Windir%\system32\frundll32.ocx
%Windir%\system32\lrundll16.dat
%Windir%\system32\nrundll.gy
C:\inetpub\wwwroot\password.zip
C:\inetpub\wwwroot\index.html
Adds the value:
"Windows Security Authority Service" = "%Windir%\system\lsass.exe"
"Windows Service" = "%Windir%\system\services.exe"
"Microsoft Windows CSRSS" = "%Windir%\system\csrss.exe"
to the Windows startup registry keys.
Removal:
Remove lmousedrv.dll from Windows startup.
| lmousedrv.dll | Malware |
| lmousedrv.dll | Dangerous |
| lmousedrv.dll | High Risk |
lmousedrv.dll opens a back door on TCP port 51435.
lmousedrv.dll spreads via open network shares.
lmousedrv.dll monitors user Internet activity and private information.
It sends stolen data to a hacker site.
Related files:
%Windir%\system\csrss.exe
%Windir%\system\services.exe
%Windir%\system\lsass.exe
%Windir%\system\lmousedrv.dll
%Windir%\system\kmousedrv.dll
%Windir%\system32\Kalel
%Windir%\system32\Kalel.gif
%Windir%\system32\irpa_driver.dat
%Windir%\system32\mrundll.uu3
%Windir%\system32\rundll.uu2
%Windir%\system32\rundll64.uu
%Windir%\system32\frundll32.ocx
%Windir%\system32\lrundll16.dat
%Windir%\system32\nrundll.gy
C:\inetpub\wwwroot\password.zip
C:\inetpub\wwwroot\index.html
Adds the value:
"Windows Security Authority Service" = "%Windir%\system\lsass.exe"
"Windows Service" = "%Windir%\system\services.exe"
"Microsoft Windows CSRSS" = "%Windir%\system\csrss.exe"
to the Windows startup registry keys.
Removal:
Remove lmousedrv.dll from Windows startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.