Worm:VBS/Jenxcus.A

Worm:VBS/Jenxcus.A Description


Worm:VBS/Jenxcus.A is a Windows worm that attempts to compromise the infected PC’s security to grant criminals control over it, in a fashion identical to that of a stereotypical backdoor Trojan. Even with Worm:VBS/Jenxcus.A seemingly replaced by Worm:VBS/Dunihi.A, an upgrade to it with additional command support, Worm:VBS/Jenxcus.A still is a major security risk for any computer compromised by Worm:VBS/Dunihi.A, with the potential for installing other threatening software or allowing criminals to access sensitive information. Anti-malware solutions should be engaged for removing Worm:VBS/Jenxcus.A whenever it’s necessary, and malware researchers particularly encourage scanning any removable devices that may be compromised by Worm:VBS/Jenxcus.A for the purposes of self-distribution onto new systems.

The Ways Jenxcus Puts a Jinx on Your Computer


Along with its heir apparent, Worm:VBS/Dunihi.A, Worm:VBS/Jenxcus.A is part of a rise in Visual Basic-based worms targeting Latin American countries with attempts to compromise PCs. Early attacks were targeted at specific institutions, although Worm:VBS/Jenxcus.A (also referenced as VBS_JENXCUS) now appears to be distributed with less discrimination than previously, and may affect casual PC users. Worm:VBS/Jenxcus.A’s choice of Visual Basic as a coding language makes Worm:VBS/Jenxcus.A an unlikely threat for non-Windows computers, although malware experts find that most versions of Windows may be compromised through Worm:VBS/Jenxcus.A.

Worm:VBS/Jenxcus.A only includes support for a scant handful of commands, but these functions are sufficiently broad that they still possess great potential for harming your PC.
DOWNLOAD NOW

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

The most problematic functions include:
  • Creating a backdoor that lets criminals access your computer, potentially to steal information, install other threats or recruit your PC into an illegal botnet.
  • Duplicating itself on removable devices such as USB drives. Worm:VBS/Jenxcus.A duplicates itself by creating risky LNK files that take the place of various native files on the device, with the latter hidden (by adding the ‘System’ flag, which makes the affected file invisible on default Windows settings).

Deworming a PC that’s Had a Brush with Old Malware


Worm:VBS/Jenxcus.A doesn’t have as many attack features at its command as many other worms, including its apparent successor, Worm:VBS/Dunihi.A. Nonetheless, any kind of backdoor vulnerability is a high-level PC security issue that should be remedied as soon as possible. While malware researchers continue to recommend using dedicated anti-malware tools for removing worms like Worm:VBS/Jenxcus.A, any anti-malware system scans in use also should cover removable devices that could be compromised by Worm:VBS/Jenxcus.A’s LNK files.

Symptoms of Worm:VBS/Jenxcus.A’s presence primarily are limited to the changes Worm:VBS/Jenxcus.A makes to the aforementioned removable devices. Files that don’t perform their intended functions, show unusual date stamps or are accompanied by unrecognized new files (such as a randomly-named VBScript file) are some of the most obvious signatures. However, backdoor attacks often don’t show symptoms of their presence, even while they dismantle your PC’s security wholesale.

Worm:VBS/Jenxcus.A Automatic Detection Tool (Recommended)


Is your PC infected with Worm:VBS/Jenxcus.A? To safely & quickly detect Worm:VBS/Jenxcus.A we highly recommend you run the malware scanner listed below.



Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name
    1 %TEMP% and [startup folder]njq8.vbs
    2 %TEMP% and [startup folder]Servieca.vbs
    3 %TEMP% and [startup folder]\Serviecs.vbs

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" = "[malware folder and file name]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Serviecs.vbs" = "%Temp%\Serviecs.vbs"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "" = "[malware folder and file name]"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Serviecs.vbs" = "%Temp%\Serviecs.vbs"
Posted: May 24, 2013 | By
Share:
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.50 out of 5)
Loading ... Loading ...
Threat Metric
Threat Level: 5/10
Detection Count: 37
Home Malware ProgramsWorms Worm:VBS/Jenxcus.A

Leave a Reply

What is 14 + 10 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)