Home Malware Programs Worms W32.Randex.C

W32.Randex.C

Posted: March 28, 2006

W32.Randex.C is a network-aware worm that will copy itself as the following files:
Admin$computer32msmonk32.exe
c$winntcomputer32msmonk32.exe

The worm will receive instructions from an IRC channel on a specific IRC server. One such command will trigger the spreading mentioned above.

W32.Randex.C may open ports 20, 113, 445, 1024, 55808. It also opens randomly chosen ports.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 gesfm32.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}Browsetothekey:HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunDeletethevalueMicrosoftNetviewHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
Loading...