Operating System » MS Windows » Windows - Virus Protection » Removal of Trojan

Randon Virus

I was slack and this virus hit our web server pool. All our 3 web servers were infected. Luckily, I noticed a day after the trojan was installed and my anti-virus prevented the it from damaging other files.

d0g.exe (HideWindow Worm/Randon)
attack via port 455 (MRC)
d0g.exe download into c:winnt
executed and created c:winntmsys folder and program extracted
by.exe executed
but block by AV program (thank god!)
http://www.google.com.sg/search?q=worm+randon&ie=UTF-8&oe=UTF-8&hl=en
http://www.viruslibrary.com/virusinfo/Worm.Win32.Randon.htm

The remedial action I took:

delete d0g.exe program and restart the machine
change everyone full rights to administrator full rights
change everyone readonly for c:; c:winnt + subfolder
close port 455
In addition, I my router port 455 to 192.168.1.254 (bogus ip)

Read a book today!
The Tradition of the Trojan War by Jonathan S. Burgess

More virus removal technique:

Updated On: 15.10.06

Related Pages:

Tagged By: Search: McAfee.