Home > Threat descriptions >

Worm:W32/Downadupjob.gen!A

Classification

Category: Malware

Type: Worm

Aliases: Worm:W32/Downadupjob.gen!A, win32.worm.downadupjob.a

Summary


Worm:W32/Downadupjob.gen!A is a generic detection for .JOB files used by Worm:W32/Downadup.

Generic detections are broad patterns of code or behavior that are used by security software to identify programs or files. If you suspect the detected file was incorrectly identified, go to: Removal: Resolve a False Positive.

Removal


For removal tools and instructions, see the Removal section of Worm:W32/Downadup.gen.

Resolve a False Positive

Security programs will sometimes unintentionally identify a clean program or file as malicious if its code or behavior is similar to a known harmful program or file. This is known as a False Positive. In most cases, a False Positive is fixed in a subsequent database release. If you suspect the detected file is a False Positive, you can:

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details


The .JOB file used by the worm is detected as it is part of the worm's propagation routine. Downadup attempts to spread itself using Windows Scheduled Tasks. The .JOB file defines a scheduled task, which in Downadup's case triggers an execution of the worm library via rundll32.exe. Legitimate tasks are usually located in the following folder:

  • WINDOWS\TASKS\

For more about Downadup variants and activities, see:

Description Created: 2010-06-23 05:20:51.0

Description Last Modified: 2010-07-01 11:04:49.0