Event ID - 59

Port No59
Service NameDMSETUP
RFC Doc0
ProtocolTCP
DescriptionThis worm sends a copy of itself by infecting the mirc.ini file and other files in infected computers. It does this by changing mIRC remote scripts and thereby sending itself to users joining the same channel as the infected mIRC user. This is done with the IRC file transfer protocol DCC. This Trojan’s name is easily altered therefore the attachment with the malware may have several other names (filename.exe) besides DMSetup.exe.
Reference LinkDMSETUP
AttackSolution:
Delete all instances of TROJ_DMSETUP.A as detected by our product to ensure re-infection does not occur. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner.

If mIRC is installed:
Click START|RUN
Type sysedit so that the system configuration editor is launched.
Click Window option, and choose AUTOEXEC.BAT.
click the Search option and then type dmsetup. The string will be highlighted, then press the Delete key to remove the entry.
Subsequently, close the application.
Delete the following files:
C:\DMSETUP.EXE
C:\CONFIGG.SYS
C:\MIRC\DMSETUP.EXE
C:\MIRC\MIRCREM.INI
C:\MIRC\BACKUP0412.INI
C:\WINDOWS\DMSETUP.EXE
C:\PROGRAM FILES\DMSETUP.EXE
C:\MIRC.INI

Is mIRC is not installed:
Perform Step 1 to 5 similar to the above removal description if mIRC is installed.
Delete the following files:
C:\DMSETUP.EXE
C:\CONFIGG.SYS
C:\WINDOWS\DMSETUP.EXE
C:\PROGRAM FILES\DMSETUP.EXE

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.