Aliases: Trojan.Agent.VYJ, Trojan.Win32.Agent.abt, Worm:Win32/RJump.F, W32/LCJump-A, Generic Malware.eb
Variants: Win32/RJump.I

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Slow
Geographical info: North America, Asia
Removal: Easy
Platform: W32
Discovered: 23 Jun 2006
Damage: Low

Characteristics: W32.Rajump is a worm. It is written in the Python scripting language and converted to a Windows Portable Executable file by using the py2exe tool. The worm opens a back door and allows a remote attacker to have unauthorized access to an infected computer.

More details about W32.Rajump

The worm originated in China. It is written in the Python scripting language and converted into a Windows PE file with the use of the py2exe too. It attempts to spread by copying itself to newly attached media such as Network drives or USB storage devices. Once the worm is executed, it creates the file RavMonE.exe. When your computer detects the presence of this file, it is a sign that the virus has infected your system. The worm then creates a registry entry to ensure that it starts whenever Windows starts. It opens a back door on a randomly selected TCP port. It gathers the following information from the infected computer: IP addresses, port numbers, and threat versions. After gathering information, the worm sends it to predetermined URLs where a remote attacker can access them.

When the file RavMonE.exe is detected on your computer, it is an indication that the worm W32.Rajump has infected the system. The infected computer with the RavMonE.exe program may run slower than usual. The processes of the system may be inexplicably high. There may be a sudden decrease in available disk space. It may also take longer to finish basic computing actions. The Internet connection may become faulty. It may not be able to handle the consistent communication between the malware program and the remote server.