Removal of W32.Randex
Win32/Randex
Also Known As:
W32.Randex (Symantec)
W32/Sdbot.worm (McAfee)
WORM_RANDEX (Trend Micro)
W32/Randex (Sophos)
Summary
Win32/Randex is a family of worms that targets computers running Microsoft Windows 9x, Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows XP. The worm scans randomly generated IP addresses to attempt to spread to network shares with weak passwords. After the worm infects a computer, it connects to an IRC server to receive commands from the attacker. If your computer is infected by this worm, you may notice crashes or slowdowns during normal operation.
Symptoms
If your computer is infected by Win32/Randex, you may notice system performance degradation and slower network connectivity.
Technical Information
When Win32/Randex runs, it copies itself to the system folder. It may add a value to the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
This value causes the worm to run when Windows restarts.
The Win32/Randex worm may connect to randomly generated IP addresses through TCP port 445. The worm then uses a predefined list of weak passwords to attempt log on to writeable network shares on remote computers. After gaining access, the worm copies itself to the remote computer and creates a task to run the copy.
The Win32/Randex worm connects to a remote IRC server and joins a specific channel to receive commands from attackers. Upon successful installation, the worm notifies attackers through a private message. Attackers can then use the established IRC channel to perform backdoor actions such as launching distributed denial of service (DDoS) attacks against IP addresses, scanning for vulnerable computers with weak administrator passwords, downloading remote files and running them, retrieving computer configuration information, retrieving CD keys of popular games, joining or leaving specific IRC channels, adding or removing IRC users, and updating the worm.
Some variants of the worm also drop a backdoor Trojan component, which opens TCP ports and acts as an HTTP proxy.
This Malious Software can be removed using MICROSOFT MALICIOUS SOFTWARE REMOVAL TOOL
Download Now
Win32/Randex
Also Known As:
W32.Randex (Symantec)
W32/Sdbot.worm (McAfee)
WORM_RANDEX (Trend Micro)
W32/Randex (Sophos)
Summary
Win32/Randex is a family of worms that targets computers running Microsoft Windows 9x, Windows NT 4.0, Windows 2000, Windows Server 2003, and Windows XP. The worm scans randomly generated IP addresses to attempt to spread to network shares with weak passwords. After the worm infects a computer, it connects to an IRC server to receive commands from the attacker. If your computer is infected by this worm, you may notice crashes or slowdowns during normal operation.
Symptoms
If your computer is infected by Win32/Randex, you may notice system performance degradation and slower network connectivity.
Technical Information
When Win32/Randex runs, it copies itself to the system folder. It may add a value to the following registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
This value causes the worm to run when Windows restarts.
The Win32/Randex worm may connect to randomly generated IP addresses through TCP port 445. The worm then uses a predefined list of weak passwords to attempt log on to writeable network shares on remote computers. After gaining access, the worm copies itself to the remote computer and creates a task to run the copy.
The Win32/Randex worm connects to a remote IRC server and joins a specific channel to receive commands from attackers. Upon successful installation, the worm notifies attackers through a private message. Attackers can then use the established IRC channel to perform backdoor actions such as launching distributed denial of service (DDoS) attacks against IP addresses, scanning for vulnerable computers with weak administrator passwords, downloading remote files and running them, retrieving computer configuration information, retrieving CD keys of popular games, joining or leaving specific IRC channels, adding or removing IRC users, and updating the worm.
Some variants of the worm also drop a backdoor Trojan component, which opens TCP ports and acts as an HTTP proxy.
This Malious Software can be removed using MICROSOFT MALICIOUS SOFTWARE REMOVAL TOOL
Download Now
No comments:
Post a Comment