|W32.Randex.AEV is a network-aware worm that tries to connect to a predetermined IRC server.
If this worm is successful, it will wait for instructions from the attacker.
Copies itself as %System%\Windowz.exe.
Generates a random IP address.
The worm then attempts to log in to the remote computer as Administrator.
Adds the value: "Microsoft Windows GUI"="Windowz.exe"
to the registry keys:
Connects to an IRC server and waits for commands from a remote attacker.
The attacker can:
- Perform Distributed Denial of Service (DDOS) attacks.
- Scan for computers to infect.
- Retrieve system information from the infected computer, such as CPU speed, available memory, and Windows version.
- Download and execute files from the Internet.
- Perform IRC functions, such as removing other users from the IRC channel.
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.