intrenat.exe - Dangerous
intrenat.exe
Manual removal instructions:
Antivirus Report of intrenat.exe:
intrenat.exe
W32.HLLW.Doomjuice uses the computers, which W32.Mydoom.A@mm infects, to spread.
This worm also launches a Denial of Service (DoS) attack on the Microsoft Web site if the current system date is after February 11th, but before the end of this month.
Copies the W32.Mydoom.A@mm source code archive file sync-src-1.00.tbz to the root folder of all the fixed and remote drives.
Sends itself to the machines infected with W32.Mydoom.A@mm.
Copies itself as %System%\intrenat.exe.
Adds the value:
"Gremlin" = "%System%\intrenat.exe"
to one of the following the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Randomly generates IP addresses and attempts to connect to those IP addresses on TCP port 3127.
If the connection is established, the worm first sends five bytes to the remote computer.
Then, it sends a copy of itself to the remote computer.
The backdoor component of W32.Mydoom.A@mm will accept the file and execute it.
Remove it from startup with RegRun Startup Optimizer or manually delete it's registry keys.
intrenat.exe | Malware |
intrenat.exe | Dangerous |
intrenat.exe | High Risk |
This worm also launches a Denial of Service (DoS) attack on the Microsoft Web site if the current system date is after February 11th, but before the end of this month.
Copies the W32.Mydoom.A@mm source code archive file sync-src-1.00.tbz to the root folder of all the fixed and remote drives.
Sends itself to the machines infected with W32.Mydoom.A@mm.
Copies itself as %System%\intrenat.exe.
Adds the value:
"Gremlin" = "%System%\intrenat.exe"
to one of the following the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Randomly generates IP addresses and attempts to connect to those IP addresses on TCP port 3127.
If the connection is established, the worm first sends five bytes to the remote computer.
Then, it sends a copy of itself to the remote computer.
The backdoor component of W32.Mydoom.A@mm will accept the file and execute it.
Remove it from startup with RegRun Startup Optimizer or manually delete it's registry keys.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.