Win32.Worm.DownadupJob.A
HIGH
MEDIUM
~4 kbytes
(Worm:W32/Downadupjob.gen!A)
Symptoms
Presence of many scheduled jobs in C:\Windows\Tasks named At<nr>.job
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Dana Stanut, virus researcher
Technical Description:
This is a generic detection of .job files created by Downadup worm.
One of the methods used by this worm to load its library file every day is by creating many Scheduled Tasks in %WINDOWS%\Tasks. The name of the application which will be executed is rundll32.exe and the parameter has the following format:
<random_name
>.<random_extension>, <random_parameter> - this is the worm's .dll file.
More details about Downadup can be found at the following URL:
Win32.Worm.Downadup.Gen
SHARE
THIS ON