Remove DUNIHI Trojan Horse

Remove DUNIHI Trojan Horse

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

This article will help you to remove DUNIHI Trojan horse effectively. Follow the removal instructions for the Trojan horse provided at the end of the article.

DUNIHI is the name of a Remote Access Tool (RAT) and Trojan horse. This Trojan is quite old, but is still found in some way out in the wild, infecting users’ computers. An executable process related to the Trojan horse is involved in spreading it. That process is usually hidden as a legitimate service of your operating system. If the process is found in a temporary folder or the “Windows” folder, then it is malware that got there without your permission and could try to steal credential data and personal information from anybody who has fallen victim to the threat. DUNIHI Trojan may also use exhaustive power consumption, so it is in your best interest to remove it as fast as you can.

Threat Summary

TypeTrojan Horse, Remote Access Tool (RAT)
Short DescriptionDUNIHI is a Trojan horse that is probably put in your computer system via a similar malware on your computer system.
SymptomsYou may see a rise in the usage of your computer’s resources like CPU, RAM or GPU, while your computer will accordingly consume more electric power and may even overheat if a cryptocurrency miner is involved. Otherwise, there are barely any symptoms most of the time, other than a significant system slowdown or frequent system crashes.
Distribution MethodFreeware Installations, Bundled Packages, JavaScript
Detection Tool See If Your System Has Been Affected by DUNIHI


Malware Removal Tool

User ExperienceJoin Our Forum to Discuss DUNIHI.

DUNIHI Trojan – Distribution Methods

The DUNIHI Trojan malware can spread in a few ways. Third-party installer setups could have put a Trojan horse on your computer system via bundling. These installations typically arrive with freeware and application packages. Without you knowing, additive content could be installed to your computer, which could even be a JavaScript file that downloads the actual malware. Avoiding such installations is possible if you find Custom or Advanced settings in the install setup.

DUNIHI Trojan can also spread if you come across unknown websites through redirects and advertisements which have some sort of scripts in themselves and load them when you visit a site or click on an advert. Pop-ups, pop-unders, as well as banners could have links inside of them that can redirect you. When visiting such websites, especially with an unknown origin, they could inject the malware inside your computer device. That can happen via any browser.

DUNIHI Trojan has also been found to be delivered via exploit kits, or in files (typically using filenames related to popular keyword searches) which are downloaded from different malicious websites. In addition, the DUNIHI Trojan spreads through removable media such as USB devices, SD cards, phones, GPS, tablets and others. Any flash memory containing free disk space can be compromised. As the Trojan has an auto-run function, the contamination can happen at rapid speeds.

DUNIHI Trojan – Technical Information

DUNIHI Trojan is the name of a Remote Access Tool (RAT) and Trojan horse. This Trojan is rather old, but is still found in some way out in the wild, infecting computer systems. An executable process related to the Trojan horse is involved in spreading it. That process is usually hidden as a legitimate service of your operating system. The H-worm known as Houdini might be the predecessor of DUNIHI, which seems like a relatively newer variant, still attacking users’ machines worldwide. This type of Trojan horses is known to take up a really small portion of your computer’s resources at first, to infiltrate your computer’s defenses, embed itself into system processes and remain undetected until it does what it is designed to do – stealing data.

The DUNIHI Trojan is also seen to distribute with email spam campaigns, so in case you got the malware, make sure to remove it, before changing any passwords. This warning is mainly due to the fact that the DUNIHI Trojan automatically executes itself and has a keylogger capability that is turned on by default.

When DUNIHI is launched on a device, it will attempt to either lock the screen or download additional malware. If the user is located in a country in Europe or North America, the malware will download a customized lockscreen for that particular country. The lockscreen will display a ransom demand. If the user is in a country for which no customized lockscreen is available, DUNIHI will download a second-stage component which can be used at a later time to download additional malware.

The DUNIHI Trojan is not a system file and not related to Windows, but could tamper with Windows processes. It will drop the following registry key:

→HKEY_LOCAL_MACHINE\SOFTWARE\{malware file name}p>

The Trojan horse will create the following registry entries:

→HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B “%User Temp%\{malware file name}.vbs””

→HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B “%User Temp%\{malware file name}.vbs””

→HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B “%Application Data%\{malware file name}.vbs””

→HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run {malware file name} = “wscript.exe //B ” %Application Data%\malware file name}.vbs””

→HKEY_LOCAL_MACHINE\SOFTWARE\{malware file name} (Default) = “{true or false (if executed from removable drive)} – {date of first execution}”

DUNIHI Trojan malware is highly likely to make some additional components that will aid it to achieve its purpose to full effect. Thus, after it being executed on the system, it may establish a remote connection to a command and control server where all other malicious files are available. There are some essential Windows folders in which the malicious files can be dropped:

  • %AppData%
  • %Local%
  • %LocalLow%
  • %Roaming%
  • %Temp%

Besides everything said above, the DUNIHI Trojan can also perform the following operations:

  • Accept and execute commands
  • Spread to USB or removable drives
  • Download and execute files
  • Run a command instructions in command shell
  • Update or uninstall itself
  • Log key strokes
  • Take screenshots
  • Terminate processes
  • Take screenshots
  • Upload a local file back to the attacker
  • Delete a local file

The following may also be stolen by the Trojan from a compromised system:

  • Drive list
  • File list
  • Folder list
  • Process list
  • Computer name
  • User name
  • Operating system version
  • Disk serial number
  • Installed antivirus products

So, stopping your Internet connection is probably a good idea if you are suspecting that something fishy is going on with your computer device.

Below you can see some useful tips that can help you to prevent similar Trojan malware from installing onto your PC, in the future:

  • Run programs inside a sandbox environment
  • Install an advanced anti-malware protection
  • Update your mostly-used programs and software in general
  • Update your OS with security updates
  • Install an ad-blocker application
  • Be wary around your e-mails and don’t open them unless you know the source
  • Disable macros in Microsoft Office Applications
  • Disable JavaScript
  • Keep your firewall ON

DUNIHI Trojan will probably try to extract as much information as possible based on its capabilities and try to propagate further on a network to access other devices. It is highly recommend that you remove the malware threat, because the DUNIHI Trojan might also degrade your system’s lifespan if it downloads other malware to your PC making it inaccessible.

Remove DUNIHI Trojan Completely

To remove DUNIHI Trojan manually from your computer, follow the step-by-step removal tutorial written down below. In case this manual removal does not get rid of the miner malware completely, you should search for and remove any leftover items with an advanced anti-malware tool. Such software can keep your computer secure in the future.

Tsetso Mihailov

Tsetso Mihailov

Tsetso Mihailov is a tech-geek and loves everything that is tech-related, while observing the latest news surrounding technologies. He has worked in IT before, as a system administrator and a computer repair technician. Dealing with malware since his teens, he is determined to spread word about the latest threats revolving around computer security.

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share