Name: Worm.Win32.Randex. Category: Viruses Description: Details Worm.Win32.Randex.a "Randex" is a group of worms that spread over Win32 networks (local and global) through shared resources. The worms are Windows PE EXE files that appear under several names (see name ist below). Randex worms are written in Microsoft Visual C++. A Randex worm enters a computers and goes into a Windows folder where it registers itself in the system registry autorun key: HKLMSoftwareMicrosoftWindowsCurrentVersionRun It then runs its spreading routine. The routine entails scanning port 445 at random IP addresses, and when successfully connecting to a victim machine the worm tries to locate open resources on the remote computer and connect to them using various passwords such as: "","admin", "root", "123"; e.t.c. When a successful connection is accomplished the worm copies itself to a victim machine under the following names: Randex.a - hxedofos.exe Randex.b - ns32.exe Randex.c - msmsgr.exe Randex.d - msmsgri32.exe The Randex worm then uses the WinNT remote administration service to run itself on a remote machine. Randex worms are very similar to other network worms such as: Worm.Win32.Slackor and Worm.Win32.Sluter.