Home Malware Programs Worms Worm.Noxjasm.A

Worm.Noxjasm.A

Posted: June 14, 2011

Worm.Noxjasm.A is a worm that attacks your computer's security while hiding Worm.Noxjasm.A's own actions from observation. Like all worms, Worm.Noxjasm.A can spread through networks and shared storage devices, by creating concealed copies of itself. Worm.Noxjasm.A will rename Worm.Noxjasm.A's memory process to look like a default system process, while simultaneously preventing you from using programs like Windows Task Manager and security-related applications. You should consider Worm.Noxjasm.A a serious security threat, and delete Worm.Noxjasm.A by using your preference of anti-malware software.

Dodging the Worm.Noxjasm.A Infection

Worm.Noxjasm.A spreads in the same fashion as most other worms, by creating copies of itself and placing these Worm.Noxjasm.A duplicates in all of an infected computer's drives and network-shared folders. These files will make use of the Hidden or System attributes, and be invisible under default settings, although changes to your file-viewing settings can let you see Worm.Noxjasm.A duplicates.

Combined with a basic Autorun.inf exploit, Worm.Noxjasm.A can then install itself automatically onto any computer that accesses a drive or network-shared folder that contains a Worm.Noxjasm.A duplicate. This includes removable storage devices like CDs and USB drives.

Worm.Noxjasm.A can be difficult to detect, since Worm.Noxjasm.A uses variations on the standard 'svchost.exe' file name to hide itself in your computer's memory processes. Some of Worm.Noxjasm.A's known in-memory aliases include scvhost.exe and scvhosts.exe. It's noteworthy that Worm.Noxjasm.A file names don't necessarily match Worm.Noxjasm.A's running process names; for instance, Worm.Noxjasm.A may be called 'zidan.exe' or 'jojo.exe.'

Although Worm.Noxjasm.A was first seen in 2009 there have been updates to Worm.Noxjasm.A as recently as 2011, and keeping your security software similarly updated is important to protect yourself from a Worm.Noxjasm.A attack.

Worm.Noxjasm.A uses Registry entries to hook itself into the 'explorer.exe' process, so that Worm.Noxjasm.A will run alongside Windows, so you should always assume that Worm.Noxjasm.A is active if you suspect that there's a Worm.Noxjasm.A infection on your PC.

The Dangers in Not Noticing Worm.Noxjasm.A's Invasion

Worm.Noxjasm.A attacks your computer's security by deleting Registry values that are related to popular anti-virus and security programs. This prevents these programs from functioning, although reinstallation or restoring the Registry keys will repair the damage.

Other malicious changes to the Windows Registry are also made. Worm.Noxjasm.A will use this method to prevent certain Windows tools like Task Manager from running, disable file-viewing options, and change the Internet Explorer homepage to 'topcities.com.'

Worm.Noxjasm.A will also create additional copies of itself daily at ten PM, according to your local time setting.

Worm.Noxjasm.A will close program processes that contain strings or text information that Worm.Noxjasm.A deems to be undesirable. The strings that Worm.Noxjasm.A looks for, once again, relate to basic computer maintenance ('Registry Editor') or anti-malware software ('avgupsvc.exe').

Finally, Worm.Noxjasm.A will add a cherry on top of all these security attacks with a relatively harmless batch file that displays the following text message once it's executed:

hi i come back
i am Jason X
[e-mail address]@hotmail.com
Good Bye

Due to the sophisticated nature of the damage that Worm.Noxjasm.A causes to an infected computer, removing Worm.Noxjasm.A should utilize advanced security software assistance whenever possible.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 All.Swishzone.Products-RES-Patch.0.3.exe
    2 logoneui.exe
Loading...