Win32.Worm.DownadupJob.A( Worm:W32/Downadupjob.gen!A )
SYMPTOMS: Presence of many scheduled jobs in C:\Windows\Tasks named At<nr>.jobTECHNICAL DESCRIPTION: This is a generic detection of .job files created by Downadup worm.One of the methods used by this worm to load its library file every day is by creating many Scheduled Tasks in %WINDOWS%\Tasks. The name of the application which will be executed is rundll32.exe and the parameter has the following format: <random_name>.<random_extension>, <random_parameter> - this is the worm's .dll file. More details about Downadup can be found at the following URL: Win32.Worm.Downadup.Gen Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Dana Stanut, virus researcher |