intrenat.exe - Dangerous
intrenat.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
This worm also launches a Denial of Service (DoS) attack on the Microsoft Web site if the current system date is after February 11th, but before the end of this month.
Copies the W32.Mydoom.A@mm source code archive file sync-src-1.00.tbz to the root folder of all the fixed and remote drives.
Sends itself to the machines infected with W32.Mydoom.A@mm.
Copies itself as %System%\intrenat.exe.
Adds the value:
"Gremlin" = "%System%\intrenat.exe"
to one of the following the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Randomly generates IP addresses and attempts to connect to those IP addresses on TCP port 3127.
If the connection is established, the worm first sends five bytes to the remote computer.
Then, it sends a copy of itself to the remote computer.
The backdoor component of W32.Mydoom.A@mm will accept the file and execute it.
Remove it from startup with RegRun Startup Optimizer or manually delete it's registry keys.