$ 11.99|https://store.pandasecurity.com/300/purl-vpn?currencies=USS&x-track=55499&cart=iA001PVPNS05&language=en&quantity=1&enablecoupon=false&coupon=1STMOFFPD&x-coupon=1STMOFFPD&x-market=usa&x-track=190478|$ 0.00|$;PREFIX;.;,;11;99;0;00

It ends in:

Days Hours Minutes

It ends in:

Days Hours Minutes

The best protection with a 60% discount

Apply discount

Get 40% discount! Discover the plan that suits you best!

See offer

Get 40% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Call us 24/7 and get a free diagnosis 951 203 528

Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Randex.T

 
Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Randex.T has the following effects:

  • It connects to an IRC server in order to receive control commands.
  • It allows to carry out the following actions:
    - Search for network computers to affect.
    - Launch DDoS (Distributed Denial of Service) attacks.
    - Obtain information on the affected computer: CPU, operating system, connections, etc.
    - Update itself by downloading a newer version.
    - Download and run files.
    - Uninstall the worm with the file REMOVE.BAT, which Randex.T carries inside.
  • When it joins an IRC channel, it displays the following text:
    GET A FUCKING LIFE, ASSHOLE.

Infection strategy 

Randex.T creates the following files in the Windows system directory:

  • MUSIRC4.71.EXE, METALROCK-IS-GAY.EXE and METALROCK.EXE. These files are copies of the worm.
  • SPREAD.ME. It generates this file while it is spreading.

Randex.T deletes the following file:

  • NETSTAT.EXE, which is in the Windows system directory. This program allows to check the ports and the connections established.

Randex.T creates the following entries in the Windows Registry:

  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    "MusIRC (irc.music.com) client" = musirc4.71.exe
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunServices
    "MusIRC (irc.music.com) client" = musirc4.71.exe
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    "MeTaLRoCk(irc.music.com) has sex with printers" = metalrock-is-gay.exe
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunServices
    "MeTaLRoCk(irc.music.com) has sex with printers" = metalrock-is-gay.exe
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run
    "Windows MeTalRoCk service" = metalrock.exe
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunServices
    "Windows MeTalRoCk service" = metalrock.exe
    There are several versions of this worm, which create any of the entries mentioned above.
    By creating these entries, Randex.T ensures that it is run whenever Windows is started.

Means of transmission 

Randex.T spreads across shared network resources. It follows the routine below:

  • First of all, it checks if the affected computer is connected to a network.
  • If it is, the worm attempts to gain access to the shared resources by using passwords that are typical or easy to guess.
  • If successful, the worm copies itself to the following directories in the computers it has accessed to:
    C$\WINNT\SYSTEM32
    ADMIN$\SYSTEM32
  • In order to be run, Randex.T uses the API function NetScheduleJobAdd, which generates programmed tasks. However, this function is available only in Windows XP/2000/NT computers; therefore, in Windows Me/98/95 computers, the worm will not be activated unless the user runs it.

Further Details  

Randex.T is written in the programming language Visual C++ v6.0. The worm is 65,536 bytes in size.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365