| Port No | 58 |
| Service Name | DMSetup |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | This worm sends a copy of itself by infecting the mirc.ini file and other files in infected computers. It does this by changing mIRC remote scripts and thereby sending itself to users joining the same channel as the infected mIRC user. This is done with the IRC file transfer protocol DCC. This Trojan’s name is easily altered therefore the attachment with the malware may have several other names (filename.exe) besides DMSetup.exe. |
| Reference Link | DMSETUP |
| Attack | Solution: Delete all instances of TROJ_DMSETUP.A as detected by our product to ensure re-infection does not occur. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner. If mIRC is installed: Click START|RUN Type sysedit so that the system configuration editor is launched. Click Window option, and choose AUTOEXEC.BAT. click the Search option and then type dmsetup. The string will be highlighted, then press the Delete key to remove the entry. Subsequently, close the application. Delete the following files: C:\DMSETUP.EXE C:\CONFIGG.SYS C:\MIRC\DMSETUP.EXE C:\MIRC\MIRCREM.INI C:\MIRC\BACKUP0412.INI C:\WINDOWS\DMSETUP.EXE C:\PROGRAM FILES\DMSETUP.EXE C:\MIRC.INI Is mIRC is not installed: Perform Step 1 to 5 similar to the above removal description if mIRC is installed. Delete the following files: C:\DMSETUP.EXE C:\CONFIGG.SYS C:\WINDOWS\DMSETUP.EXE C:\PROGRAM FILES\DMSETUP.EXE |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.