98Nov - Main Dmsetup Information

What is it?

There is a trojan virus circulating around IRC called DMSETUP.EXE. This file autosends itself from infected persons without their knowledge and can be forced to quit via a command in private message. What makes this file so dangerous is that it, when run, copies itself to several directories on the hard drive, modifies the autoexec.bat, and creates a config.sys file. A script file(mircrem.ini) is also created and mIRC.ini is modified. As you can see, this virus goes to great lengths to copy and protect itself, invading deeper on every restart. Because of this, deleting mIRC will NOT help. We at #vigilantes, oz.org have, however, devised a method of removing DMSETUP.EXE from your computer. This method is as described below.

DMSETUP DETECTION

Type all the following lines in any window in mIRC OTHER THAN STATUS WINDOW

Dmsetup 1

if you recieve 0 for all of the following lines you are safe if you get 1 or another numeral other than 0 for ANY of them then you are infected with DMSETUP variant 1. YOU MUST GET THE FILENAMES CORRECT. If you get an error in status for any of these you have typed the command wrond correct it and try again.

//say $findfile(c:\,configg.sys,0))
//say $findfile(c:\,mircrem.ini,0))
//say $findfile(c:\,dmsetup.exe,0))
//say $findfile(c:\,nukings.exe,0))

Dmsetup 2 or 4

if you recieve 0 for all of the following lines you are safe if you get 1 or another numeral other than 0 for ANY of them then you are infected with Dmsetup 2 or 4. YOU MUST GET THE FILENAMES CORRECT. If you get an error in status for any of these you have typed the command wrond correct it and try again.

//say $findfile(c:\,ni.cfg,0))

Removal Methods

There ways to remove DMSETUP.EXE. These ways are listed below. The recommended removal is manually (editing the registry.. How ever some programs clean some varients of dmsetup.Manual removal

Dmsetup.exe Fix	Dmsetup Fix
Dmsetup.exe Cleanup	Dmsetup Cleanup

Phase-O

if you recieve 0 for all of the following lines you are safe if you get 1 or another numeral other than 0 for ANY of them then you are infected with PHASE-O. YOU MUST GET THE FILENAMES CORRECT. If you get an error in status for any of these you have typed the command wrond correct it and try again.

type //say $findfile(c:\,msgsvr32.exe,0)