|W32.Randex.J is a network-aware worm.
This worm will receive instructions from an IRC channel on a specific IRC server.
One of these commands will start it to spread across the network.
There are some remote instructions from IRC server:
ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these machines.
cdkey: Collects cd keys of many popular games and sends them back to the IRC channel.
sysinfo: Retrieves the infected machine's information, such as CPU speed, memory, and so on.
Copies itself to computers that have weak administrator passwords, as \\\c$\winnt\system32\spolds.exe
Attempts to spread itself in the network, randomly generated IP addresses.
To remove this worm please delete the value:
"helpmanager" = %System%\spoler.exe
in the registry keys:
Or use the Greatis antivirus (also check How To Remove section)Security Suite to perform this operation automatically.