Hi! I was invaded by a program of Spyware called Dameware while mine computer worked at night in the university, now I'm trying to unistall the program and I do not obtain sucess. Moreover, I installed the Firewall of the McAfee and now my program of work (CFX) does not function, at time that it checks one licensa in the web. I cannot desinstalar firewall because of dameware that is in my computer. Thanks!

First of all, Dameware is NOT Spyware. It is a remote administrator utility that requires administrative permissions to install. So one of two things happened. Either you have a very week administrator password on your computer - like blank - and someone was able to install the software, or you are on a domain and the domain administrator installed it. You would probably have to stop the service before you can uninstall the software.

I was infected by a trojan called NTRootKit virus which enabled a hacker to get my passwords and install DameWare on my webserver which he used to make changes to group accounts and permissions. Everytime I changed the passwords, he was capturing them. I went to DameWare's websites for the instructions on how to remove DameWare which was successful. The virus disabled the virus scanner and when I enabled it again, the virus was found right away and cleaned. In the end because of all the changes he made, I formatted the webserver and started fresh making sure that all appropriate security measures were in place before plugging it back into the network.

Could Dameware be installed from a remote location? A guy here at work informed me he had a new icon in the system tray. I didn't know what it was at first, but it turned out to be Dameware. He hadn't installed and didn't know what it was. When I attempted to exit the program, the Exit option was shaded out. When I tried to change the options/preferences, it said I need administrative privledges. I ended the program via the Task Manager and located the program in my C:\Winnt\system32 folder and deleted it. I do see a dwrcs.ini file that shows where all the settings were changed, should I just delete that? What other precautions should I take? Can they remotely connect to that PC and install this while nobody's on? (BTW, apparently the owner of the pc changed his password to match his username)

Dameware can be installed remotely. All they need is the administrator password. If this computer has a trojan virus on it that enable the hacker to gain access to the computer, changing the passwords won't help because until the virus is cleaned off, they are still capturing keystrokes so they will know all new passwords. If no one in your company installed the Dameware then it is likely that someone has gained access by way of the trojan and is using your computer illegally. My advice is run your virus scanner making sure it is up to date with it's virus definitions (the trojan virus disables virus scanners). If it finds a trojan virus, follow the instructions to remove it - sometimes you need to go to your virus software website to download a program to clean your machine. Once cleaned, go to Dameware's website and there are instructions there on how to remove Dameware from your computer. Follow those instructions. Check your computer for any other software that you don't recognize - like a FTP server software package since some hackers use your computer to run their programs. Remove any programs you find that don't belong. Next, you will need to find out if you have a network security problem that allowed this happen in the first place. If the computer affected is a server the issue is more serious. If it is a workstation, I would wonder why a workstation has an IP address that can be accessed from outside the LAN.