Worm:VBS/Jenxcus.A
Posted: May 24, 2013
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 7,888 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 99,305 |
| First Seen: | May 24, 2013 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
Worm:VBS/Jenxcus.A is a Windows worm that attempts to compromise the infected PC's security to grant criminals control over it, in a fashion identical to that of a stereotypical backdoor Trojan. Even with Worm:VBS/Jenxcus.A seemingly replaced by Worm:VBS/Dunihi.A, an upgrade to it with additional command support, Worm:VBS/Jenxcus.A still is a major security risk for any computer compromised by Worm:VBS/Dunihi.A, with the potential for installing other threatening software or allowing criminals to access sensitive information. Anti-malware solutions should be engaged for removing Worm:VBS/Jenxcus.A whenever it's necessary, and malware researchers particularly encourage scanning any removable devices that may be compromised by Worm:VBS/Jenxcus.A for the purposes of self-distribution onto new systems.
The Ways Jenxcus Puts a Jinx on Your Computer
Along with its heir apparent, Worm:VBS/Dunihi.A, Worm:VBS/Jenxcus.A is part of a rise in Visual Basic-based worms targeting Latin American countries with attempts to compromise PCs. Early attacks were targeted at specific institutions, although Worm:VBS/Jenxcus.A (also referenced as VBS_JENXCUS) now appears to be distributed with less discrimination than previously, and may affect casual PC users. Worm:VBS/Jenxcus.A's choice of Visual Basic as a coding language makes Worm:VBS/Jenxcus.A an unlikely threat for non-Windows computers, although malware experts find that most versions of Windows may be compromised through Worm:VBS/Jenxcus.A.
Worm:VBS/Jenxcus.A only includes support for a scant handful of commands, but these functions are sufficiently broad that they still possess great potential for harming your PC. The most problematic functions include:
- Creating a backdoor that lets criminals access your computer, potentially to steal information, install other threats or recruit your PC into an illegal botnet.
- Duplicating itself on removable devices such as USB drives. Worm:VBS/Jenxcus.A duplicates itself by creating risky LNK files that take the place of various native files on the device, with the latter hidden (by adding the 'System' flag, which makes the affected file invisible on default Windows settings).
Deworming a PC that's Had a Brush with Old Malware
Worm:VBS/Jenxcus.A doesn't have as many attack features at its command as many other worms, including its apparent successor, Worm:VBS/Dunihi.A. Nonetheless, any kind of backdoor vulnerability is a high-level PC security issue that should be remedied as soon as possible. While malware researchers continue to recommend using dedicated anti-malware tools for removing worms like Worm:VBS/Jenxcus.A, any anti-malware system scans in use also should cover removable devices that could be compromised by Worm:VBS/Jenxcus.A's LNK files.
Symptoms of Worm:VBS/Jenxcus.A's presence primarily are limited to the changes Worm:VBS/Jenxcus.A makes to the aforementioned removable devices. Files that don't perform their intended functions, show unusual date stamps or are accompanied by unrecognized new files (such as a randomly-named VBScript file) are some of the most obvious signatures. However, backdoor attacks often don't show symptoms of their presence, even while they dismantle your PC's security wholesale.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%APPDATA%\aiasfacoafiasksf.vbs
File name: aiasfacoafiasksf.vbsSize: 24.57 KB (24576 bytes)
MD5: 956b497b00ec65a69d104dc041d799ea
Detection count: 89
Mime Type: unknown/vbs
Path: %APPDATA%
Group: Malware file
Last Updated: January 21, 2017
%APPDATA%\notepad\notepad.vbe
File name: notepad.vbeSize: 221.33 KB (221335 bytes)
MD5: 9800ac59db799ae7f06fedf11283d9a0
Detection count: 84
Mime Type: unknown/vbe
Path: %APPDATA%\notepad
Group: Malware file
Last Updated: February 16, 2023
%TEMP%\help.vbs
File name: help.vbsSize: 16.38 KB (16384 bytes)
MD5: 454cbd2770981525a7343b8f7ec047f7
Detection count: 61
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: April 1, 2016
%APPDATA%\notepad\notepad.vbe
File name: notepad.vbeSize: 163.84 KB (163840 bytes)
MD5: 8410fb812404192b8b64e660b58cedf6
Detection count: 59
Mime Type: unknown/vbe
Path: %APPDATA%\notepad
Group: Malware file
Last Updated: May 7, 2016
%APPDATA%\Internet Explorer\iexplore.vbs
File name: iexplore.vbsSize: 46.28 KB (46282 bytes)
MD5: 331c9f7566deaf84bd55ca09d0daeead
Detection count: 49
Mime Type: unknown/vbs
Path: %APPDATA%\Internet Explorer
Group: Malware file
Last Updated: August 25, 2022
%ALLUSERSPROFILE%\h.vbs
File name: h.vbsSize: 475.13 KB (475136 bytes)
MD5: 00a0669becd62d05cb263a92e39c266a
Detection count: 42
Mime Type: unknown/vbs
Path: %ALLUSERSPROFILE%
Group: Malware file
Last Updated: March 30, 2016
%SYSTEMDRIVE%\Users\<username>\appdata\local\temp\x-men.exe
File name: x-men.exeSize: 835.83 KB (835835 bytes)
MD5: ab8d1191478a9380a5db8fdb2b10fac1
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Users\<username>\appdata\local\temp\x-men.exe
Group: Malware file
Last Updated: June 26, 2020
%TEMP%\DragonBound.vbs
File name: DragonBound.vbsSize: 90.4 KB (90403 bytes)
MD5: 20507787a47b320465369c207d3d127c
Detection count: 31
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: April 1, 2016
%APPDATA%\aiasfacoafiasksf.vbs
File name: aiasfacoafiasksf.vbsSize: 24.02 KB (24022 bytes)
MD5: d4c97093eac3514d7c241d063f7f9c0f
Detection count: 28
Mime Type: unknown/vbs
Path: %APPDATA%
Group: Malware file
Last Updated: September 2, 2022
%APPDATA%\Internet Explorer\iexplore.vbs
File name: iexplore.vbsSize: 86.01 KB (86016 bytes)
MD5: e2a425b0fa8d5d2aef9c5ccf511625a9
Detection count: 22
Mime Type: unknown/vbs
Path: %APPDATA%\Internet Explorer
Group: Malware file
Last Updated: March 23, 2016
%SystemDrive%\Users\<username>\AppData\Roaming\Internet Explorer\iexplore.vbs
File name: iexplore.vbsSize: 20.48 KB (20480 bytes)
MD5: 93b2b0816f06a142cb372257fce67634
Detection count: 21
Mime Type: unknown/vbs
Path: %SystemDrive%\Users\<username>\AppData\Roaming\Internet Explorer
Group: Malware file
Last Updated: May 4, 2020
%SYSTEMDRIVE%\Users\<username>\AppData\Roaming\systeme.vbs
File name: systeme.vbsSize: 561.42 KB (561424 bytes)
MD5: 671d85bfd0f31e2e981343c744f7445b
Detection count: 21
Mime Type: unknown/vbs
Path: %SYSTEMDRIVE%\Users\<username>\AppData\Roaming\systeme.vbs
Group: Malware file
Last Updated: May 11, 2022
%APPDATA%\Internet Explorer\iexplore.vbs
File name: iexplore.vbsSize: 20.48 KB (20480 bytes)
MD5: 628fc59d3478ea2d5c243be8f2eb6b58
Detection count: 16
Mime Type: unknown/vbs
Path: %APPDATA%\Internet Explorer
Group: Malware file
Last Updated: September 22, 2021
%APPDATA%\iso.vbs
File name: iso.vbsSize: 581.28 KB (581288 bytes)
MD5: 55d3cc7a0de85f29bd63775c173352b5
Detection count: 7
Mime Type: unknown/vbs
Path: %APPDATA%
Group: Malware file
Last Updated: March 23, 2016
%APPDATA%\Internet Explorer\iexplore.vbs
File name: iexplore.vbsSize: 98.3 KB (98304 bytes)
MD5: 313bc260a05d59a191a6cee001f7ddc6
Detection count: 5
Mime Type: unknown/vbs
Path: %APPDATA%\Internet Explorer
Group: Malware file
Last Updated: March 23, 2016
%TEMP% and [startup folder]\Serviecs.vbs
File name: %TEMP% and [startup folder]\Serviecs.vbsMime Type: unknown/vbs
Group: Malware file
%TEMP% and [startup folder]Servieca.vbs
File name: %TEMP% and [startup folder]Servieca.vbsMime Type: unknown/vbs
Group: Malware file
%TEMP% and [startup folder]njq8.vbs
File name: %TEMP% and [startup folder]njq8.vbsMime Type: unknown/vbs
Group: Malware file
More files
Registry Modifications
File name without pathlllllllll1349327881578033048firewall.vbsRegexp file mask%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\CSrss.exe%ALLUSERSPROFILE%\tmp[RANDOM CHARACTERS].tmp.vbs%APPDATA%\[RANDOM CHARACTERS]..vbe%APPDATA%\cool.vbs%APPDATA%\microsoft.vbs%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]..vbe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\cool.vbs%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\njw0rm.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Systeme.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\tmp[RANDOM CHARACTERS].tmp.vbs%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\WinUpdat.vbs%APPDATA%\mugen.vbs%APPDATA%\notepad\notepad.vbe%APPDATA%\tmp[RANDOM CHARACTERS].tmp.vbs%TEMP%\[RANDOM CHARACTERS]..vbe%TEMP%\iTunesHelper.vbe%TEMP%\Microsofts.vbs%TEMP%\mugen.vbs%TEMP%\njw0rm.exe%TEMP%\WinUpdat.vbsHKEY..\..\{Value}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.