W32/Lmir.BUL is a password-stealing Trojan that will infect Windows systems.

This Trojan is either downloaded from the Internet or dropped by other malware applications.

Upon execution, the Trojan drops donb32drv.dll in the Windows System folder and deletes itself.


The dropped file donb32drv.dll is injected to all the running processes. It also deletes the hosts file.

More information can be found at this Proland Software page.