|Troj/Dumaru-K is a Trojan with password stealing capabilities.
It will steal passwords related to online banking, shopping, investment and gambling.
Gathers clipboard data, passwords and confidential information from the protected storage area of Windows.
In particular WebMoney, The Bat, Total Commander and Far Manager account details are targeted.
It has the ability to log keystrokes. Also, it will attempt to gather username and password details from any window containing predefined text.
Troj/Dumaru-K will attempt to send this information to a pre-configured website as a web form or in an email to a pre-configured Russian address.
May reduce the security of Internet Explorer's content zones in an attempt to avoid alerting the user that details are being sent over the web.
The Trojan may also turn on the AutoComplete and AutoSuggest features of Internet Explorer in order to cache passwords.
This trojan will alter the HOSTS file in an attempt to deny access to certain anti-virus websites.
Find the following registry entry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: load32 = \netda.exe