McAfee > Theat Center > Virus Detail Page

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

• File Size - 282 bytes
• MD5 - B21989031FA448FAA5A4D97FB2A477BD
• SHA1 - 913DD863BE991E972C570F66FCCDACB0BB2A6246

• BitDefender - Win32.Worm.DownadupJob
• FSecure - Win32.Worm.DownadupJob
• GData - Win32.Worm.DownadupJob
• TrendMicro - TROJ_DOWNADJOB.A

Characteristics

This detection is for W32/Conficker.worm!job which is a job file. This job file is to execute the conficker worm by scheduling the task on when to execute it.

JOB is a file extension associated with Windows Task Scheduler Task Object which will create scheduled tasks for windows that will execute at a certain time, and also the job file specifies task configuration.

In this .job file, rundll32 is called for executing the conficker.worm which is a dll, with the exported function. The name of the dll will be a [random filename].dll

This job file is scheduled to execute the source file at 5:00 AM every Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday from the time when the system is compromised.

Symptoms

• Existence of above mentioned job file.
• Existence of above mentioned behavior.

Method of Infection

Scheduled tasks have been seen to be created on the system to re-activate the worm.

Job files have been seen to be used to re-activate the worm.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants

N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

• File Size - 282 bytes
• MD5 - B21989031FA448FAA5A4D97FB2A477BD
• SHA1 - 913DD863BE991E972C570F66FCCDACB0BB2A6246

• BitDefender - Win32.Worm.DownadupJob
• FSecure - Win32.Worm.DownadupJob
• GData - Win32.Worm.DownadupJob
• TrendMicro - TROJ_DOWNADJOB.A

Characteristics

Characteristics -

This detection is for W32/Conficker.worm!job which is a job file. This job file is to execute the conficker worm by scheduling the task on when to execute it.

JOB is a file extension associated with Windows Task Scheduler Task Object which will create scheduled tasks for windows that will execute at a certain time, and also the job file specifies task configuration.

In this .job file, rundll32 is called for executing the conficker.worm which is a dll, with the exported function. The name of the dll will be a [random filename].dll

This job file is scheduled to execute the source file at 5:00 AM every Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday from the time when the system is compromised.

Symptoms

Symptoms -

• Existence of above mentioned job file.
• Existence of above mentioned behavior.

Method of Infection

Method of Infection -

Scheduled tasks have been seen to be created on the system to re-activate the worm.

Job files have been seen to be used to re-activate the worm.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants -

N/A