Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Randex-AA

Mar 7, 2004 11:59PM PST

Aliases
Backdoor.SdBot.gen, W32/Randbot.worm, Win32/Randex.AL, W32.Randex.R

Type
Win32 worm

Description
W32/Randex-AA is a network worm with backdoor capabilities which allows a remote intruder to access and control the computer via IRC channels.
W32/Randex-AA spreads over a network by copying itself to the Windows system32 folder of C$ and Admin$ shares that contain weak passwords.

Each time the worm is run it tries to connect to a remote IRC server and join a specific channel. The worm then runs in the background as a server process listening for commands to execute.


More: http://www.sophos.com/virusinfo/analyses/w32randexaa.html

Discussion is locked