|W32.Randex.UG is a worm that may be remotely controlled via IRC.
The worm includes Distributed Denial of Service (DDoS) capabilities and also tries to steal the CD keys of a number of games.
Also Known As: Backdoor.IRC.Bot.gen, Backdoor.IRC/SdBot, W32/Sdbot.worm.gen
Copies itself as %System%\intcp32.exe.
Calculates a random IP address.
Attempts to authenticate as an administrator to the calculated IP address. If this worm is successfully authenticated, it will copy itself as:
Remotely schedules a task to run the worm on a newly infected computer.
Connects to an IRC channel on a predetermined IRC server to receive remote instructions, such as:
Ntscan: Scans for computers with weak administrator passwords, and then copies itself to these machines.
Syn: Performs a SYN flood attack with a data size of 55808 bytes.
Sysinfo: Retrieves the infected machine's information, such as CPU speed and the amount of memory.
Navigate to the key:
and delete the value: "Threaded"="intcp32.exe"
Still have a problem? Ask for help at our discussion forum.