Virus Profile: W32/Jitux.worm

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low-Profiled | Corporate Low-Profiled
Date Discovered: 12/30/2003
Date Added: 12/30/2003
Origin: Unknown
Length: 24,576 bytes
Type: Virus
Subtype: Worm
DAT Required: 4312
Removal Instructions
   
 
 
   

Description

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Indication of Infection

Receipt of a MSN messenger message containing a link to the worm as detailed above.

Methods of Infection

Aliases

Win32/HLLW.Retgeek (GeCAD)
   

Virus Characteristics

-- Update 31st December 2003 --
This threat is considered to be a Low-Profiled risk due to media attention at:  http://www.web-user.co.uk/news/47502.html

This detection is for a worm intended to propagate via MSN Messenger instant messaging. The worm is written in Visual Basic.

It propagates by sending messages to the MSN messenger contact list. The messages contain a link to the worm itself:

http://www.home.no/( removed )/jituxramon.exe

When the link is clicked, the worm is downloaded to the target machine.

Note: at the time of writing the the worm was unavailable from this URL.

   

All Users:
Use specified engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations