Store

Symantec.com > Enterprise > Security Response > W32.Randex.T
PRINT THIS PAGE

W32.Randex.T

Discovered:
October 30, 2003
Updated:
February 13, 2007 12:13:03 PM
Type:
Worm
Systems Affected:
Windows 2000

W32.Randex.T is a network-aware worm that copies itself as a self-extracting RAR file using one of the following file names:
  • \c$\winnt\system32\crsoss.exe
  • \c$\winnt\system32\vqmss.exe
The worm consists of three components:
  • A self-extracting RAR file detected as W32.Randex.T
  • The actual worm detected as W32.Randex.T
  • A Trojan proxy detected as Backdoor.Ranck.C
The worm will receive instructions from an IRC channel on a specific IRC server. One such command will trigger the worm to spread.

Antivirus Protection Dates

  • Initial Rapid Release version October 31, 2003
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version October 31, 2003
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date November 5, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
Writeup By: Scott Gettis
Technical Details

Search Threats

Search by name

Example: W32.Beagle.AG@mm
ThreatCon Widget
Internet Security Threat Report, Volume 16
Symantec DeepSight Screensaver
©1995 - 2012 Symantec Corporation
Careers|
About|
Site Map|
Legal|
Privacy|
Contact|
RSS