Dmaupd32.exe (Dmaupd32) Trojan Virus File Information

Danger Dmaupd32.exe is a dangerous file which creates activities on a user’s computer which may be highly undesirable. This file is unsafe.

Type: Trojan Virus (Click Here To Learn More)
Location: C:\Documents and Settings\[username]\Start Menu\Programs\Startup\dmaupd32.exe (Click Here To Learn How To Locate)
Risk Level: Moderate (Learn More About Risk Levels)

It is recommended that you remove any malicious software such as Dmaupd32.exe from your computer immediately. Below is our recommended removal tool for Dmaupd32.exe. The removal tool has been rated 5 cows out of 5 by Tucows and was previously CNET’s Editor’s Choice. Feel free to download it below.

download

Manual Removal – Dmaupd32.exe may be removed through analyzing your HijackThis log. Feel free to post your hijackthis log below if you need assistance analyzing it. Hijackthis will be ideal to manually remove the virus

Click Here To Learn About HijackThis. To download HijackThis, please click HERE.

Dmaupd32.exe File Details -
File Type – EXE – Dmaupd32.exe is a executable file
First Identified – Aug 25 2023

Common Questions -
1. What is a computer virus? (Click Here To View)
2. How did I get this computer virus? (Click Here To View)
3. What common symptoms show that my computer may be infected? (Click Here To View)
4. What are some antivirus and antispyware programs which I can use to remove viruses and spyware? (Click Here To View)

We recommend that you follow our safety tips so that you can keep your computer clean. Please click here to view our safety tips

Please post comments below. Your comments are both useful to visitors and to us.

Posted in: Malware Removal, Suspicious File |

This entry was posted on Tuesday, August 25th, 2023 at 11:20 pm and is filed under Malware Removal, Suspicious File. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Dmaupd32.exe (Dmaupd32) Trojan Virus File Information”

ISSAKA Chaibou January 14th, 2024 at 3:44 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:34:14, on 14/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\878RMTMon.exe
C:\Program Files\Fichiers communs\Cloanto\Software Manager\softmngr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\878RMT.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\MyWorks\Logithèque\Téléchargement\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 – URLSearchHook: UrlSearchHook Class – {00000000-6E41-4FD3-8538-502F5495E5FC} – C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 – URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 – URLSearchHook: SrchHook Class – {F4F10C1D-87C7-404A-B4B3-000000000000} – C:\PROGRA~1\DAP\SBSearch.dll
F1 – win.ini: run=C:\WESTWOOD\REDALERT\INSTICON.EXE C:\WESTWOOD\REDALERT\INSTICON.EXE
F2 – REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe,C:\WINDOWS\system32\sdra64.exe,
O2 – BHO: Yahoo! Toolbar Helper – {02478D38-C3F9-4EFB-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: SBCONVERT – {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} – E:\SpeedBit Video Downloader\Toolbar\tbcore3.dll (file missing)
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 – BHO: DAPIELoader Class – {FF6C3CF0-4B15-11D1-ABED-709549C10000} – C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 – BHO: GrabberObj Class – {FF7C3CF0-4B15-11D1-ABED-709549C10000} – E:\SPEEDB~1\Toolbar\grabber.dll (file missing)
O3 – Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 – Toolbar: SpeedBit Video Downloader – {0329E7D6-6F54-462D-93F6-F5C3118BADF2} – E:\SpeedBit Video Downloader\Toolbar\tbcore3.dll (file missing)
O3 – Toolbar: Ask Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 – HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 – HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe
O4 – HKLM\..\Run: [CloantoSoftwareManager] “C:\Program Files\Fichiers communs\Cloanto\Software Manager\softmngr.exe” /s
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – HKCU\..\Run: [DownloadAccelerator] “C:\Program Files\DAP\DAP.EXE” /STARTUP
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Startup: rarype32.exe
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 – Extra context menu item: &Clean Traces – C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 – Extra context menu item: &Download with &DAP – C:\Program Files\DAP\dapextie.htm
O8 – Extra context menu item: Download &all with DAP – C:\Program Files\DAP\dapextie2.htm
O8 – Extra context menu item: E&xporter vers Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Recherche – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O10 – Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O10 – Unknown file in Winsock LSP: c:\windows\system32\helper32.dll
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) – C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 – HKLM\System\CCS\Services\Tcpip\..\{4986249A-5AEC-4951-8B1A-9342B7BD499F}: NameServer = 193.251.220.10 193.251.228.10
O17 – HKLM\System\CS1\Services\Tcpip\..\{4986249A-5AEC-4951-8B1A-9342B7BD499F}: NameServer = 193.251.220.10 193.251.228.10
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: InCD Helper (InCDsrv) – Nero AG – C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 – Service: NBService – Nero AG – C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 – Service: NMIndexingService – Nero AG – C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe


End of file – 7221 bytes

Leave a Reply