SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  spoler.exe

Name spoler.exe

Description

W32.Randex.J is a network-aware worm.

This worm will receive instructions from an IRC channel on a specific IRC server.
One of these commands will start it to spread across the network.

There are some remote instructions from IRC server:
ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these machines.
cdkey: Collects cd keys of many popular games and sends them back to the IRC channel.
sysinfo: Retrieves the infected machine's information, such as CPU speed, memory, and so on.

Copies itself to computers that have weak administrator passwords, as \\\c$\winnt\system32\spolds.exe
Attempts to spread itself in the network, randomly generated IP addresses.


To remove this worm please delete the value:
"helpmanager" = %System%\spoler.exe
in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Or use the Greatis antivirus (also check How To Remove section)Security Suite to perform this operation automatically.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :


Fatal error: Incompatible file format: The encoded file has format major ID 1, whereas the Loader expects 7 in /home/software/public_html/forum/includes/functions_vbseo.php on line 0