IRC-Worm.Win32.Jupir.a, W32/Jupir-A, WORM_JUMPRED.A, IRC/Fruzhen.2, W32/[email protected]
Category: Computer Worm
Active and Spreading
South and North America, Europe, Asia
13 Feb 2007
The worm W32.Jumpred.A is capable of spreading via IRC channels by using the client MIRC. This worm is also able to copy itself to the drive A:\ and to file sharing networks. The file sharing networks include KaZaa, Grokster, iMesh and Limewire. This worm can copy itself to the drive A:\ as a .com file every 5 seconds. It will likewise try to create copies of its code in KaZaa’ download folder.
W32.Jumpred.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Jumpred.A from your computer.
More details about W32.Jumpred.A
Upon execution of the W32.Jumpred.A worm in the affected system, it will create copies of itself in the com, bat, pif and exe file extensions. This security risk also adds a value to a predetermined registry subkey so it can run every time Windows starts. It will also add another value to a different registry subkey which will serve as its marker for infection. This malware is also capable of hijacking the start page of the Internet Explorer and then redirecting it to another domain. The worm will also create 2 files; a TXT file that is not malicious and an .INI file that will contain a MIRC client script. It will then begin to send copies of itself to other systems if the MIRC client is opened in the affected system. It will likewise close windows that have the strings Editor del Registro, Calculadora, Documento1 – Microsoft Word and Informacion del sistema de Microsoft.
The W32.Jumpred.A program is usually acquired as a shared file on the local network. The application has the ability to bind itself on unsecured folders available on the network. The installation component of the program is often encrypted on the shell commands of legitimate applications. The installation of the program is initiated once the user executes the corrupted application. The W32.Jumpred.A application may also be obtained through other distribution methods such as e-mail, peer-to-peer (P2P) file sharing networks, websites with drive-by download scripts and freeware and shareware programs. The installation procedure of the application does not require the user’s consent.