W32.Jitux.Worm


Aliases: IM-Worm.Win32.Jitux, MSN-Worm.Jitux, W32/Jitux.worm, Win32.HLLW.Jitux, Win32/HLLW.Jitux 
Variants: W32/Jitux-A, WORM_JITUX.A, Worm/Jitux.A

Classification: Malware
Category: Computer Worm

Status: Inactive
Spreading: Moderate
Geographical info: Asia, North America, Europe
Removal: Easy
Platform: W32
Discovered: 31 Dec 2003
Damage: Low

Characteristics: The IM worm W32.Jitux.Worm propagates its malicious code via the MSN Messenger instant messaging application. This security risk is written using Microsoft’s programming language Visual Basic or VB. This worm makes use of the Visual Basic runtime libraries for its execution in the target computer system. If the library needed by the worm is not present, it may generate an error. This worm will also send messages with the link to the version of the downloadable worm.

More details about W32.Jitux.Worm

Upon execution of the W32.Jitux.Worm, it will immediately scan the computer system and determine if a MSN Messenger is present in the machine. Once it detects the application, it will scan the contact list and then send the message containing a URL to its downloadable version. The worm will repeatedly send out messages in 1 minute intervals. This worm permits several instances of itself to occur in memory; however, it will depend on how many times it can successfully run. The W32.Jitux.Worm malware is also capable of opening the MSN Messenger and displaying a fake MSN options window. This fake window will also present fake properties and options for the user to choose from. The properties of the window includes the product name JituxRamon and the filename jituxramon.exe.

IM worms like the W32.Jitux.Worm have one method for propagation. They use instant messaging applications for spreading by sending URLs to infected sites to all individuals in the IM’s contact list. The difference between IM worm and email worms which both send URLs is the propagation channel they use for sending the URLs. First off, to remove the malware program, Open the Windows Task Manager and try locating the malware process (jituxramon.exe) and other dropped files in the running programs’ list. Select all the located malware processes and then end them all. To make sure that all the malware’s processes have been terminated, open the Task Manager again and see if they are still running. Lastly, use the Search utility of the system for all the worm’s added files and then delete them.