Worm.Win32.Randex.a
Description Worm.Win32.Randex.a
"Randex" is a group of worms that spread over Win32 networks (local and global) through shared resources.
The worms are Windows PE EXE files that appear under several names (see name ist below). Randex worms are written in Microsoft Visual C++.
A Randex worm enters a computers and goes into a Windows folder where it registers itself in the system registry autorun key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
It then runs its spreading routine.
The routine entails scanning port 445 at random IP addresses, and when successfully connecting to a victim machine the worm tries to locate open resources on the remote computer and connect to them using various passwords such as:
"","admin", "root", "123";
e.t.c.
When a successful connection is accomplished the worm copies itself to a victim machine under the following names:
Randex.a - hxedofos.exe
Randex.b - ns32.exe
Randex.c - msmsgr.exe
Randex.d - msmsgri32.exe
The Randex worm then uses the WinNT remote administration service to run itself on a remote machine.
Randex worms are very similar to other network worms such as: Worm.Win32.Slackor and Worm.Win32.Sluter.
Check other viruses! Be aware! Use Antiviral Software
Oulu.1008
Description Oulu.1008
This is a dangerous nonmemory resident encrypted parasitic virus. Being executed the virus disinfects the host file, then it searches for .COM files of the current directory and writes itself to the end of the file. Depending on the system timer the virus halts the system and display random symbols. The virus contains the text:
Oulu
Ouse.591
Description Ouse.591
It is a dangerous nonmemory resident parasitic virus. It searches for COM files and writes itself to the end of the file. Depending on the system date it erased the disk sectors. It contains the text string:
OUSE ME EST ABDA
|