My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Worm.Fujacks.DE

MEDIUM
MEDIUM
260KB
((Symantec)W32.Ackantta.B@mm, (McAfee) W32/Fujaks.aw )

Symptoms

Increased network and processor activiy without an apparent reason

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Ovidiu Visoiu, virus researcher

Technical Description:

    When executed, it creates copies of itself in subfolders of Program Files as executable files with different fake names (e.g.: windows2008 keygen and activator.exe, microsoft office 2007 keygen.exe, bitdefender antivirus 2009 keygen.exe...). It will also make copies of itself on the network mapped drives and removable devices. Another method to spread itself  is to search for mail addresses into email clients specific files and will send a zip copy of itself to the harvested addresses. The generated mails have the subject You have got a new E-Card from your friend!
     To protect itself it stops some well-known security related services (e.g. avg8wd, vsserv, mcshield, liveupdate, SAVscan, WinDefend,...)
     It will use www.whatismyip.com/automation/n09230945 to find out the infected machine's IP and open a backdoor on the affected machine.
     The following infected files will be dropped in the system32 folder:
     
           javasec2  and javasec3 detected as Tojan.Downloader.Loadadv.ACB
               
[random].dll detected as Trojan.Vundo.GNN
     In order to avoid running multiple instances it will create a named mutex (7kk7Buzx).