intcp32.exe - Dangerous
intcp32.exe
Manual removal instructions:
Antivirus Report of intcp32.exe:
intcp32.exe
W32.Randex.UG is a worm that may be remotely controlled via IRC.
The worm includes Distributed Denial of Service (DDoS) capabilities and also tries to steal the CD keys of a number of games.
Also Known As: Backdoor.IRC.Bot.gen, Backdoor.IRC/SdBot, W32/Sdbot.worm.gen
Copies itself as %System%\intcp32.exe.
Calculates a random IP address.
Attempts to authenticate as an administrator to the calculated IP address. If this worm is successfully authenticated, it will copy itself as:
\\Admin$\intcp32.exe
\\Admin$\system32\intcp32.exe
\\C$\winnt\system32\intcp32.exe
\\C$\windows\system32\intcp32.exe
Remotely schedules a task to run the worm on a newly infected computer.
Connects to an IRC channel on a predetermined IRC server to receive remote instructions, such as:
Ntscan: Scans for computers with weak administrator passwords, and then copies itself to these machines.
Syn: Performs a SYN flood attack with a data size of 55808 bytes.
Sysinfo: Retrieves the infected machine's information, such as CPU speed and the amount of memory.
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and delete the value: "Threaded"="intcp32.exe"
intcp32.exe | Malware |
intcp32.exe | Dangerous |
intcp32.exe | High Risk |
The worm includes Distributed Denial of Service (DDoS) capabilities and also tries to steal the CD keys of a number of games.
Also Known As: Backdoor.IRC.Bot.gen, Backdoor.IRC/SdBot, W32/Sdbot.worm.gen
Copies itself as %System%\intcp32.exe.
Calculates a random IP address.
Attempts to authenticate as an administrator to the calculated IP address. If this worm is successfully authenticated, it will copy itself as:
\\Admin$\intcp32.exe
\\Admin$\system32\intcp32.exe
\\C$\winnt\system32\intcp32.exe
\\C$\windows\system32\intcp32.exe
Remotely schedules a task to run the worm on a newly infected computer.
Connects to an IRC channel on a predetermined IRC server to receive remote instructions, such as:
Ntscan: Scans for computers with weak administrator passwords, and then copies itself to these machines.
Syn: Performs a SYN flood attack with a data size of 55808 bytes.
Sysinfo: Retrieves the infected machine's information, such as CPU speed and the amount of memory.
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and delete the value: "Threaded"="intcp32.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.