Home > Threat descriptions >



Category: Malware

Type: Worm

Aliases: Worm:W32/Downadupjob.gen!A, win32.worm.downadupjob.a


Worm:W32/Downadupjob.gen!A is a generic detection for .JOB files used by Worm:W32/Downadup.

Generic detections are broad patterns of code or behavior that are used by security software to identify programs or files. If you suspect the detected file was incorrectly identified, go to: Removal: Resolving a False Positive.


For removal tools and instructions, see the Removal section of Worm:W32/Downadup.gen.

Resolving a False Positive

Security programs will sometimes unintentionally identify a program or file as harmful if it has code or behavior that resembles known harmful programs. This is known as a False Positive. In most cases, a False Positive is fixed in a subsequent database release. If you suspect the detected file is a False Positive, you can:

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

The .JOB file used by the worm is detected as it is part of the worm's propagation routine. Downadup attempts to spread itself using Windows Scheduled Tasks. The .JOB file defines a scheduled task, which in Downadup's case triggers an execution of the worm library via rundll32.exe. Legitimate tasks are usually located in the following folder:


For more about Downadup variants and activities, see:

Date Created: 2010-06-23 05:20:51.0

Date Last Modified: 2010-07-01 11:04:49.0