After reading a description of it here (see below for pasted page), I realised I had it on my system. McAfee’s online scan and my antivirus don’t detect it.
I could start deleting the executables described on that page but I may miss something. How do I remove it?
Ladex is a network worm, it is efficient only under Windows NT/2000/XP and it is distributed on local area networks. It is a Windows (PE EXE) file about about 275K in size and is written in Microsoft Visual C++.
Upon being launched the worm creates three copies of itself in the system directories:
it also creates new hidden files that are components of the worm:
Then it registers the files SMSS.EXE and CSRSS.EXE in the system registry so that they execute upon system reboot:
Next the worm registers itself as a system service with the name “TCP/IP NetBIOS Provider”.
After the first reboot or restart of the service “TCP/IP NetBIOS Provider” the worm also copies itself into the file
The worm “touches” IP-addresses of a local network and tries to connect to network resources under the names
IPC$ and Admin$.
While logged in as “Administrator”. If possible, the worm copies itself onto the remote computer in the system directory:
Once this is done it registers itself on the remote computer and creates and starts the service "TCP/IP NetBIOS Provider ".
Using the additional components SMSS.EXE and CSRSS.EXE the worm tries to mask (hide)itself in the system. Both files ensure the functioning of the main module LMHSVC.EXE if for any reason it appears unloaded from memory. Besides these components it looks for REGEDIT - if REGEDIT is open it temporarily removes the keys in the system registry and restores them upon the closure of the REGEDIT application. Thus the worm achieves invisibility in the system registry.
The worm starts the joke program LADY.EXE which displays a set of creeping flies which can be “killed” with the mouse cursor.