spoler.exe - Dangerous
spoler.exe
Manual removal instructions:
Antivirus Report of spoler.exe:
spoler.exe
W32.Randex.J is a network-aware worm.
This worm will receive instructions from an IRC channel on a specific IRC server.
One of these commands will start it to spread across the network.
There are some remote instructions from IRC server:
ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these machines.
cdkey: Collects cd keys of many popular games and sends them back to the IRC channel.
sysinfo: Retrieves the infected machine's information, such as CPU speed, memory, and so on.
Copies itself to computers that have weak administrator passwords, as \\\c$\winnt\system32\spolds.exe
Attempts to spread itself in the network, randomly generated IP addresses.
To remove this worm please delete the value:
"helpmanager" = %System%\spoler.exe
in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Or use the Greatis RegRun Security Suite to perform this operation automatically.
| spoler.exe | Malware |
| spoler.exe | Dangerous |
| spoler.exe | High Risk |
This worm will receive instructions from an IRC channel on a specific IRC server.
One of these commands will start it to spread across the network.
There are some remote instructions from IRC server:
ntscan: Performs the scan of a specific computer with weak administrator passwords and copies itself to these machines.
cdkey: Collects cd keys of many popular games and sends them back to the IRC channel.
sysinfo: Retrieves the infected machine's information, such as CPU speed, memory, and so on.
Copies itself to computers that have weak administrator passwords, as \\
Attempts to spread itself in the network, randomly generated IP addresses.
To remove this worm please delete the value:
"helpmanager" = %System%\spoler.exe
in the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Or use the Greatis RegRun Security Suite to perform this operation automatically.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.