D.exe – Behavior and Removal Process

D.exe is a malicious process that is registered as the W32/Mytob-GH Trojan. This virus spreads by way of the Internet through email. The d.exe virus is activated as soon as you open the email attachment to which the virus is attached.

The virus collects the information in your address book and has its own SMTP engine. What this implies is that this virus distributes itself to the email addresses found in your address book. In some cases, the d.exe virus is known to allow attackers access to the infected computer and steal user’s personal and confidential information.

In case you find d.exe running on your computer, it is recommended that you immediately take corrective measures and get rid of the virus.

D.exe file behavior

The malicious d.exe process is seen to perform the following behavior on infected computers:

  • Creates and deletes other processes.
  • Hooks codes into all running processes that allow it to take control of the system. It also has the ability to record keyboard inputs, screen contents, and mouse activities.
  • Registers a malicious DLL (Dynamic Link Library).
  • Disables the Safe Mode and can communicate with other computers in your network using HTTP protocols.
  • Adds entries into the registry to enable programs to auto start when you boot your computer.
  • Removes scheduled tasks that are in the Windows Tasks queue.
  • Creates new folders.
  • Visits web sites without your consent or knowledge.
  • Injects codes into other processes on your system.

D.exe – Removal Process

It is recommended that you do not attempt to remove the d.exe virus manually. Malicious processes, such as d.exe may be present on multiple locations and inject other malicious processes or files on your system. Removing all the traces of d.exe manually is a tedious job and not the best approach. The reason being, you may not be aware of all the malicious files or processes that are residing on your computer.

To achieve complete removal of the d.exe virus, you need to remove all its associated processes, files, and registry entries. The most efficient way of getting rid of this malware is by using reliable security software, such as STOPzilla Antivirus and Spyware Cease.

To remove the d.exe virus, first update your security tool with the latest updates. Next, disconnect your PC from the Internet or from the network to which it is attached. After you have isolated your computer, run a complete malware scan on it. After you have removed the d.exe virus, it is recommended that you also run a registry scan using a reliable registry cleaner. Malware programs often add invalid as well as harmful entries into the registry that may make your registry corrupt. To ensure your system registry is intact, perform a registry scan to detect and remove the harmful entries that d.exe may have added to it.

The d.exe virus spreads using shared folders on a network. So, after you have sanitized your computer, disable or password-protect file sharing, or set your shared files as “Read Only” to ensure that your computer is not infected again.

For your reference, below is the list of Internet security threats that are known to be associated with d.exe:

Win32.SuspectCrc [Ikarus]
Backdoor.Trojan [Symantec]
Backdoor.Win32.IRCBot.juc [Kaspersky Lab]
Backdoor.Win32.Poison.pg [Kaspersky Lab]
Downloader [Symantec]
FakeAlert-EL [McAfee]
Generic.dx [McAfee]
Mal/EncPk-JD [Sophos]
Mal/TibsPk-A [Sophos]
Suspicious.MH690 [Symantec]
TROJ_ZLOB.AKT [Trend Micro]
Trojan Horse [Symantec]
Trojan.Dropper [Symantec]
Trojan-Downloader.VB!sd6 [PC Tools]
Trojan-Downloader.Win32.VB.lih [Kaspersky Lab]
TrojanDownloader:Win32/Renos.GW [Microsoft]
Trojan-Dropper.Tiny.BF [Ikarus]
VirTool:Win32/CeeInject.gen!Q [Microsoft]
VirTool:Win32/CeeInject.gen!U [Microsoft]
Win-Trojan/OnlineGameHack.B [AhnLab]
Backdoor:Win32/Poisonivy.H [Microsoft]
BackDoor-DSS [McAfee]
Mal/IRCBot-J [Sophos]
Troj/Smalla-Gen, Mal/EncPk-CI, Mal/Poison-A [Sophos]
Backdoor.Bifrose.K [Symantec]
Backdoor.Bifrose.LV [PC Tools]
Backdoor.Win32.Bifrose [Ikarus]
Backdoor.Win32.Bifrose.agq [Kaspersky Lab]
Trojan.DL.CKSPost.Gen [PC Tools]
Trojan.Win32.FraudPack [Ikarus]
Virus.Win32.Agent.AAGI [Ikarus]
Win32/IRCBot.worm.variant [AhnLab]
Win-Trojan/Poison.9728.F [AhnLab]
Win-Trojan/Xema.variant [AhnLab]
Backdoor:Win32/Bifrose [Microsoft]