Hi. This is driving me crazy, have downloaded and run "cwshedder" which seems to clense my system, trouble is every time I visit just about any website my homepage is set back to cool-search or something similar, my prefered homepage is blank, This is with IE6, WXP pro. Does anybody have any ideas how I can stop being infected every time I go online, have to say messing in the registry worries me somewhat. Cheers.
The .R variation is supposed to Hijack your hompage.
You need to install the Microoft patch if you run 2000/XP, and install a firewall.
This is randex.BF -
Randex.BF is a Trojan worm with characteristics that spreads across networks and enterprises quickly. It generates IP addresses at random and attempts to connect to them, using passwords that are typical or easy to guess, in other words as its own password cracker. If successful, it copies itself in the computers it has gained access to. Similar to the spread of the Blaster worm and Nachia worm.
Randex.BF joins the channel #goep in the IRC server at 'opqleure.qopmafia.net' in order to receive remote control commands, from a remote hacker. In this variant of the randex worm, it runs an NTSCAN, in order to crack passwords, and a SYSINFO to obtain users system information.
The virus has no visible symptoms such as messages or any effect on the computers display.
The virus copies to files: GMT16.EXE, MS00.EXE, and it is 71Kb.
Extended information will be added as soon as we can provide extra news. If you think you are infected: click here