W32.Randex.G is a network-aware worm that will copy itself as the following files:
\Admin$\system32\NETFD32.EXE
\c$\winnt\system32\NETFD32.EXE
The worm will receive instructions from an IRC channel on a specific IRC server. One such command will trigger the aforementioned spreading.
Also Known As: W32/Randex.worm.c [McAfee], Backdoor.SdBot.gen [KAV]
Variants: W32.Randex.A, W32.Randex.B, W32.Randex.C, W32.Randex.D, W32.Randex.E, W32.Randex.F
Type: Worm
Infection Length: 60,416 bytes
Systems Affected: Windows 2000, Windows NT, Windows XP
Systems Not Affected: Linux, Macintosh, OS/2, UNIX
THREAT ASSESSMENT
Wild:
Number of infections: 0 - 49
Number of sites: 0 - 2
Geographical distribution: Low
Threat containment: Easy
Removal: Easy
![BD]Hobbit is offline](/images/statusicon/user-offline.png)
*heads up* W32.Randex.G worm
Reply With Quote