|W32.Randex.Z is a network-aware worm that attempts to connect to a predetermined IRC server to receive instructions from its author.
Allows unauthorized execution of remote commands:
- ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these computers.
- cdkey: Collects CD keys of many popular games and sends them to the IRC channel.
- sysinfo: Retrieves the infected computer's information, such as CPU speed, memory, and so on.
Copies itself as the file, %System%\nstrue.exe.
Calculates a random IP address for a computer that it will try to infect.
Copies itself to shares that have weak passwords, as:
Schedules a Network Job to run the worm.
Adds the value:
to the registry keys:
that's why the worm runs when you start Windows.
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.