Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Worm:W32/Downadupjob.gen!A


Discovered:
Aliases:


2009-01-01 16:11:27.0
Worm:W32/Downadupjob.gen!A
win32.worm.downadupjob.a

Malware
Worm
W32

Summary

A standalone malicious program which uses computer or network resources to make complete copies of itself. May include code or other malware to damage both the system and the network.



Disinfection & Removal

For removal tools and instructions, see the Disinfection section of Worm:W32/Downadup.gen.



Technical Details

Worm:W32/Downadupjob.gen!A is a Generic Detection for .JOB files used by Worm:W32/Downadup.

The .JOB file used by the worm is detected as it is part of the worm's propagation routine. Downadup attempts to spread itself using Windows Scheduled Tasks. The .JOB file defines a scheduled task, which in Downadup's case triggers an execution of the worm library via rundll32.exe. Legitimate tasks are usually located in the following folder:

  • WINDOWS\TASKS\

For more about Downadup variants and activities, see:


About Generic Detections

Unlike more traditional detections (also known as signatures or single-file detections) a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware.

For more information, see the Generic Detection description.





Description Created: 2010-06-23 05:20:51.0
Description Last Modified: 2010-07-01 11:04:49.0



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.