Remove DUNIHI Trojan Horse

Remove DUNIHI Trojan Horse


with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by DUNIHI and other threats.
Threats such as DUNIHI may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

This article will help you to remove DUNIHI Trojan horse effectively. Follow the removal instructions for the Trojan horse provided at the end of the article.

DUNIHI is the name of a Random Access Tool (RAT) and Trojan horse. This Trojan is quite old, but is still found in some way out in the wild, infecting users’ computers. An executable process related to the Trojan horse is involved in spreading it. That process is usually hidden as a legitimate service of your operating system. If the process is found in a temporary folder or the “Windows” folder, then it is malware that got there without your permission and could try to steal credential data and personal information from anybody who has fallen victim to the threat. DUNIHI Trojan may also use exhaustive power consumption, so it is in your best interest to remove it as fast as you can.

Threat Summary

TypeTrojan Horse, Random Access Tool (RAT)
Short DescriptionDUNIHI is a Trojan horse that is probably put in your computer system via a similar malware on your computer system.
SymptomsYou may see a rise in the usage of your computer’s resources like CPU, RAM or GPU, while your computer will accordingly consume more electric power and may even overheat if a cryptocurrency miner is involved. Otherwise, there are barely any symptoms most of the time, other than a significant system slowdown or frequent system crashes.
Distribution MethodFreeware Installations, Bundled Packages, JavaScript
Detection Tool See If Your System Has Been Affected by DUNIHI


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss DUNIHI.

DUNIHI Trojan – Distribution Methods

The DUNIHI Trojan malware can spread in a few ways. Third-party installer setups could have put a Trojan horse on your computer system via bundling. These installations typically arrive with freeware and application packages. Without you knowing, additive content could be installed to your computer, which could even be a JavaScript file that downloads the actual malware. Avoiding such installations is possible if you find Custom or Advanced settings in the install setup.

DUNIHI Trojan can also spread if you come across unknown websites through redirects and advertisements which have some sort of scripts in themselves and load them when you visit a site or click on an advert. Pop-ups, pop-unders, as well as banners could have links inside of them that can redirect you. When visiting such websites, especially with an unknown origin, they could inject the malware inside your computer device. That can happen via any browser.

DUNIHI Trojan has also been found to be delivered via exploit kits, or in files (typically using filenames related to popular keyword searches) which are downloaded from different malicious websites. In addition, the DUNIHI Trojan spreads through removable media such as USB devices, SD cards, phones, GPS, tablets and others. Any flash memory containing free disk space can be compromised. As the Trojan has an auto-run function, the contamination can happen at rapid speeds.

DUNIHI Trojan – Technical Information

DUNIHI Trojan is the name of a Random Access Tool (RAT) and Trojan horse. This Trojan is rather old, but is still found in some way out in the wild, infecting computer systems. An executable process related to the Trojan horse is involved in spreading it. That process is usually hidden as a legitimate service of your operating system. The H-worm known as Houdini might be the predecessor of DUNIHI, which seems like a relatively newer variant, still attacking users’ machines worldwide. This type of Trojan horses is known to take up a really small portion of your computer’s resources at first, to infiltrate your computer’s defenses, embed itself into system processes and remain undetected until it does what it is designed to do – stealing data.

The DUNIHI Trojan is also seen to distribute with email spam campaigns, so in case you got the malware, make sure to remove it, before changing any passwords. This warning is mainly due to the fact that the DUNIHI Trojan automatically executes itself and has a keylogger capability that is turned on by default.

When DUNIHI is launched on a device, it will attempt to either lock the screen or download additional malware. If the user is located in a country in Europe or North America, the malware will download a customized lockscreen for that particular country. The lockscreen will display a ransom demand. If the user is in a country for which no customized lockscreen is available, DUNIHI will download a second-stage component which can be used at a later time to download additional malware.

The DUNIHI Trojan is not a system file and not related to Windows, but could tamper with Windows processes. It will drop the following registry key:

→HKEY_LOCAL_MACHINE\SOFTWARE\{malware file name}p>

The Trojan horse will create the following registry entries:

→HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B “%User Temp%\{malware file name}.vbs””

→HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B “%User Temp%\{malware file name}.vbs””

→HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B “%Application Data%\{malware file name}.vbs””

→HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B ” %Application Data%\malware file name}.vbs””

→HKEY_LOCAL_MACHINE\SOFTWARE\{malware file name} (Default) = “{true or false (if executed from removable drive)} – {date of first execution}”

DUNIHI Trojan malware is highly likely to make some additional components that will aid it to achieve its purpose to full effect. Thus, after it being executed on the system, it may establish a remote connection to a command and control server where all other malicious files are available. There are some essential Windows folders in which the malicious files can be dropped:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

Besides everything said above, the DUNIHI Trojan can also perform the following operations:

  • Accept and execute commands
  • Spread to USB or removable drives
  • Download and execute files
  • Run a command instructions in command shell
  • Update or uninstall itself
  • Log key strokes
  • Take screenshots
  • Terminate processes
  • Take screenshots
  • Upload a local file back to the attacker
  • Delete a local file

The following may also be stolen by the Trojan from a compromised system:

  • Drive list
  • File list
  • Folder list
  • Process list
  • Computer name
  • User name
  • Operating system version
  • Disk serial number
  • Installed antivirus products

So, stopping your Internet connection is probably a good idea if you are suspecting that something fishy is going on with your computer device.

Below you can see some useful tips that can help you to prevent similar Trojan malware from installing onto your PC, in the future:

  • Run programs inside a sandbox environment
  • Install an advanced anti-malware protection
  • Update your mostly-used programs and software in general
  • Update your OS with security updates
  • Install an ad-blocker application
  • Be wary around your e-mails and don’t open them unless you know the source
  • Disable macros in Microsoft Office Applications
  • Disable JavaScript
  • Keep your firewall ON

DUNIHI Trojan will probably try to extract as much information as possible based on its capabilities and try to propagate further on a network to access other devices. It is highly recommend that you remove the malware threat, because the DUNIHI Trojan might also degrade your system’s lifespan if it downloads other malware to your PC making it inaccessible.

Remove DUNIHI Trojan Completely

To remove DUNIHI Trojan manually from your computer, follow the step-by-step removal tutorial written down below. In case this manual removal does not get rid of the miner malware completely, you should search for and remove any leftover items with an advanced anti-malware tool. Such software can keep your computer secure in the future.

Note! Your computer system may be affected by DUNIHI and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as DUNIHI.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove DUNIHI follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove DUNIHI files and objects
2. Find files created by DUNIHI on your PC

Before starting the Automatic Removal below, please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool
Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share