|
|
Virus Question - Searched Everywhere Else
3:01 PM EDT 6/20/04
We keep seeing this virus show up and Symantec's site has little or no info to help.
W32.HLLW.RIRC in My Documents\Folder Name\Xi.exe.
Norton will quarantine it.
The Rirc part alarms me since it sorta looks like IRC - any ideas?
Thanks,
Chad
|
|
|
|
|
|
Re: Virus Question - Searched Everywhere Else
1:16 PM EST 10/31/04
as a reply to Chad Eller.
Hi there!
I found some information on a few web sites for you:
It can also be known as WORM_RANDEX.AB as well as W32.HLLW.RIRC and a fw other variants.
This malware is both a worm and a backdoor.
It propagates into machines on the same network using a long-list of user names and passwords. Its propagation routine allows it to copy itself into machines running Windows NT, 2000, and XP that have weak passwords.
(Note: Weak passwords are often ordinary words or easily crackable, non-alphanumeric strings that do not use special and mixed case characters. Passwords with fewer than eight characters are also considered weak.)
It acts as a backdoor and listens for commands from remote users. It joins an Internet Relay Chat server via port 6667 to receive these commands and allow remote users virtual control over infected systems.
This malware runs on Windows 95, 98, ME, NT, 2000, and XP. However, it can only propagate into machines running Windows NT, 2000, and XP.
A few sites with information:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?ID=39109
and
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_RIRC.A
They have intructions on how to remove this from your system.
Good luck!
|
|
|
|
