|W32.Randex.ATX is a network-aware worm that may be remotely controlled using IRC.
Deletes the C$, D$, IPC$, and ADMIN$ shares.
Releases system information and CD keys from the compromised computer via IRC.
Installs an IRC backdoor on the computer.
Drops and executes the file, %Temp%\secure.bat, which deletes the C$, D$, IPC$ and ADMIN$ shares.
Starts a keylogger and logs keystrokes to the file, %System%\Ntfsvi.txt.
The worm will then connect to an IRC server, batwing.gotdns.com, and then listen for commands.
Some of the actions the worm can perform include:
Scanning for computers that have weak administrator passwords and copying itself to those computers.
Collecting the CD keys of many computer games and sending them back to the attacker, using the IRC channel.
Displaying information about the computer, such as the CPU speed and amount of memory.
Performing ping, SYN, and UDP flooding.
Downloading files, which may include updated versions of the worm, and then executing them.
Connecting to Trojan horses on other computers, based on a predetermined list of names. The names to which the Trojan attempts to connect are Kuang, NetDevil, MyDoom, Sub7, and Optix.
Acting as a proxy for SOCKS, HTTP, and TCP connections.
You may use antivirus (also check How To Remove section)Startup Optimizer to automatic remove it from startup.