Dabber Removal Tool

Dabber Removal Tool is a small but effective utility that targets the Win32.Worm.Dabber.A malware.

Presence of package.exe in "c:\Documents and Settings\All Users\Start Menu\Programs\Startup", "%windir%\All Users\Main menu\Programs\StartUp" and "%system32%" folders and in processes list.

Presence in start-up registry key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" of the string "sassfix" pointing to "%system32%\packer.exe".

When run the worm tries to copy itself in the three folders shown above, then creates a mutex called "sas4dab" in order to avoid reinfection.

After that it tries to remove the following keys from registry:
HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\(Default)
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Gremlin
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Gremlin
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\TaskMon
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Video
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\avserve
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avserve
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\avvserrve32
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avvserrve32
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\avserve2.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\avserve2.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lsasss.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsasss.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\lsasss
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\lsasss
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ssgrate.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ssgrate.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ssgrate
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ssgrate
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drvsys.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\drvsys.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\drvsys
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\drvsys
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Drvddll_exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Drvddll_exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Drvddll.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Drvddll.exe

and all the following strings:
Microsoft Update
windows
Windows Drive Compatibility
Generic Host Service
skynetave.exe
navapsrc.exe
lsasss.exe
drvddll.exe
ssgrate.exe
WinMsrv32
soundcontrl
System Updater Service
BagleAV
MapiDrv
SkynetRevenge
TempCom
Video Process
Window

from the following keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices