My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Win32.Worm.DownadupJob.A

HIGH
MEDIUM
~4 kbytes
(Worm:W32/Downadupjob.gen!A)

Symptoms

Presence of many scheduled jobs in C:\Windows\Tasks named At<nr>.job

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Dana Stanut, virus researcher

Technical Description:

     This is a generic detection of .job files created by Downadup worm.
     One of the methods used by this worm to load its library file every day is by creating many Scheduled Tasks in %WINDOWS%\Tasks. The name of the application which will be executed is rundll32.exe and the parameter has the following format: <random_name>.<random_extension>, <random_parameter> - this is the worm's .dll file.
     More details about Downadup can be found at the following URL: Win32.Worm.Downadup.Gen