Home Forums Windows 7 Security Tips

Windows 7
Windows Vista
Windows XP

Security Tips
Keyboard Shortcuts


Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Hot Downloads

Privacy Policy
Contact Us


Name rpcmon.exe


W32.Randex.ATX is a network-aware worm that may be remotely controlled using IRC.

Deletes the C$, D$, IPC$, and ADMIN$ shares.
Releases system information and CD keys from the compromised computer via IRC.
Installs an IRC backdoor on the computer.

Drops and executes the file, %Temp%\secure.bat, which deletes the C$, D$, IPC$ and ADMIN$ shares.
Starts a keylogger and logs keystrokes to the file, %System%\Ntfsvi.txt.
The worm will then connect to an IRC server,, and then listen for commands.

Some of the actions the worm can perform include:

Scanning for computers that have weak administrator passwords and copying itself to those computers.
Collecting the CD keys of many computer games and sending them back to the attacker, using the IRC channel.
Displaying information about the computer, such as the CPU speed and amount of memory.
Performing ping, SYN, and UDP flooding.
Downloading files, which may include updated versions of the worm, and then executing them.
Connecting to Trojan horses on other computers, based on a predetermined list of names. The names to which the Trojan attempts to connect are Kuang, NetDevil, MyDoom, Sub7, and Optix.
Acting as a proxy for SOCKS, HTTP, and TCP connections.

You may use antivirus (also check How To Remove section)Startup Optimizer to automatic remove it from startup.

Still have a problem? Ask for help at our discussion forum.

Search Dangerous Files :

: : Recent posts at Forums : :

Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0