W32.Jacksuf!inf


Aliases: W32/Jacksuf!inf
Variants: Virus.Win32.Drowor.a, W32/Cekar, W32.Jacksuf.A , W32/Drowor.a

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 13 Feb 2007
Damage: Medium

Characteristics: The W32.Jacksuf!inf is an autorun worm that is capable of spreading via network shares. It can copy its code to the root drive of all available partitions and then infect all executable files it can locate in the compromised computer system. This worm may likewise open a backdoor on the computer and then use it for downloading more security threats to the already compromised system.

More details about W32.Jacksuf!inf

When the W32.Jacksuf!inf is executed in the target system, it will immediately copy itself as 2 EXE files. It will then create an autorun.inf file to be used for executing one of its freshly made copies. The worm will then go on to establish a connection to a predefined remote location and try to download a potentially malicious file from it. The downloaded file will then be saved with the VXD file extension. This encrypted file might also contain websites that will be used for downloading more malicious software to the compromised machine. The worm will also create a temporary log file for saving a list of all executables it has located on the system. Next, it will proceed to infect the executables it has listed in the temporary log file.

The propagation routine of this malware starts with the worm copying itself to the drive’s root and creating an autorun.inf file. This file will contain instructions to execute the W32.Jacksuf!inf worm every time that the drive it has compromised it accessed. Once the worm is run, it will then proceed to search for similar drives and repeat its propagation routine. To remove this worm, it is important to end its active process first. Go to the Windows Task Manager and look for worm’s process then terminate it. You should then search for the worm’s dropped files and edit the Windows registry to undo changes that the worm has made.