Worm:VBS/Jenxcus.A

Posted: May 24, 2013
Threat Metric
Threat Level: 5/10
Infected PCs 95,422

Worm:VBS/Jenxcus.A Description

Worm:VBS/Jenxcus.A is a Windows worm that attempts to compromise the infected PC's security to grant criminals control over it, in a fashion identical to that of a stereotypical backdoor Trojan. Even with Worm:VBS/Jenxcus.A seemingly replaced by Worm:VBS/Dunihi.A, an upgrade to it with additional command support, Worm:VBS/Jenxcus.A still is a major security risk for any computer compromised by Worm:VBS/Dunihi.A, with the potential for installing other threatening software or allowing criminals to access sensitive information. Anti-malware solutions should be engaged for removing Worm:VBS/Jenxcus.A whenever it's necessary, and malware researchers particularly encourage scanning any removable devices that may be compromised by Worm:VBS/Jenxcus.A for the purposes of self-distribution onto new systems.

The Ways Jenxcus Puts a Jinx on Your Computer

Along with its heir apparent, Worm:VBS/Dunihi.A, Worm:VBS/Jenxcus.A is part of a rise in Visual Basic-based worms targeting Latin American countries with attempts to compromise PCs. Early attacks were targeted at specific institutions, although Worm:VBS/Jenxcus.A (also referenced as VBS_JENXCUS) now appears to be distributed with less discrimination than previously, and may affect casual PC users. Worm:VBS/Jenxcus.A's choice of Visual Basic as a coding language makes Worm:VBS/Jenxcus.A an unlikely threat for non-Windows computers, although malware experts find that most versions of Windows may be compromised through Worm:VBS/Jenxcus.A.

Worm:VBS/Jenxcus.A only includes support for a scant handful of commands, but these functions are sufficiently broad that they still possess great potential for harming your PC. The most problematic functions include:

  • Creating a backdoor that lets criminals access your computer, potentially to steal information, install other threats or recruit your PC into an illegal botnet.
  • Duplicating itself on removable devices such as USB drives. Worm:VBS/Jenxcus.A duplicates itself by creating risky LNK files that take the place of various native files on the device, with the latter hidden (by adding the 'System' flag, which makes the affected file invisible on default Windows settings).

Deworming a PC that's Had a Brush with Old Malware

Worm:VBS/Jenxcus.A doesn't have as many attack features at its command as many other worms, including its apparent successor, Worm:VBS/Dunihi.A. Nonetheless, any kind of backdoor vulnerability is a high-level PC security issue that should be remedied as soon as possible. While malware researchers continue to recommend using dedicated anti-malware tools for removing worms like Worm:VBS/Jenxcus.A, any anti-malware system scans in use also should cover removable devices that could be compromised by Worm:VBS/Jenxcus.A's LNK files.

Symptoms of Worm:VBS/Jenxcus.A's presence primarily are limited to the changes Worm:VBS/Jenxcus.A makes to the aforementioned removable devices. Files that don't perform their intended functions, show unusual date stamps or are accompanied by unrecognized new files (such as a randomly-named VBScript file) are some of the most obvious signatures. However, backdoor attacks often don't show symptoms of their presence, even while they dismantle your PC's security wholesale.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Worm:VBS/Jenxcus.A may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP%ixfvqesbkl..vbs File name: ixfvqesbkl..vbs
Size: 114.38 KB (114389 bytes)
MD5: 60d27ad3fe80d084baa06ecb7f9e719a
Detection count: 415
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: July 21, 2017
%TEMP%fesueicmre..vbs File name: fesueicmre..vbs
Size: 81.92 KB (81920 bytes)
MD5: 9d7ceaae01279b646cc40bc3270c6a02
Detection count: 391
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: October 30, 2019
%TEMP%IntroOfuscado.vbs File name: IntroOfuscado.vbs
Size: 170.43 KB (170430 bytes)
MD5: a46af4de63a014a8e53bf7998ef591ab
Detection count: 241
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: March 10, 2019
%TEMP%ftamcrekbs..vbs File name: ftamcrekbs..vbs
Size: 87.62 KB (87627 bytes)
MD5: 79fe5c3295cc9b7cdeefceecb806fb68
Detection count: 201
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: August 1, 2020
%TEMP%tptebpiway..vbs File name: tptebpiway..vbs
Size: 128.73 KB (128731 bytes)
MD5: 59184a8fe0689c488d1fec6a6f70beb8
Detection count: 197
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: July 21, 2017
%TEMP%NVIDIA.vbs File name: NVIDIA.vbs
Size: 5.77 KB (5779 bytes)
MD5: b31b85c20e7b68be4727822704aba79d
Detection count: 159
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: September 8, 2016
%APPDATA%\Java Script\JavaUpdate.js File name: JavaUpdate.js
Size: 195.43 KB (195437 bytes)
MD5: 4eff5b4ea08190464520ac138e955555
Detection count: 155
File type: JavaScript file
Mime Type: unknown/js
Path: %APPDATA%\Java Script\
Group: Malware file
Last Updated: August 2, 2016
%TEMP%vfenprcjhp..vbs File name: vfenprcjhp..vbs
Size: 198.92 KB (198925 bytes)
MD5: 8b6678965a3279def1272399a3458d37
Detection count: 119
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: May 14, 2020
%TEMP%wgvaaplont..vbs File name: wgvaaplont..vbs
Size: 103.68 KB (103681 bytes)
MD5: adb0de4e9812a81807e138fb7a8a2fb6
Detection count: 119
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: July 21, 2017
%APPDATA%syswow64.vbs File name: syswow64.vbs
Size: 199.05 KB (199058 bytes)
MD5: 8401c3c188c7a6213155822431e61e99
Detection count: 115
Mime Type: unknown/vbs
Path: %APPDATA%
Group: Malware file
Last Updated: April 8, 2017
%TEMP%djifndoufd..vbs File name: djifndoufd..vbs
Size: 49.22 KB (49227 bytes)
MD5: 6d07c085a9375aa18c00354822c3d3d9
Detection count: 96
Mime Type: unknown/vbs
Path: %TEMP%
Group: Malware file
Last Updated: July 21, 2017
%APPDATA%\notepad\notepad.vbe File name: notepad.vbe
Size: 163.84 KB (163840 bytes)
MD5: 8410fb812404192b8b64e660b58cedf6
Detection count: 59
Mime Type: unknown/vbe
Path: %APPDATA%\notepad\
Group: Malware file
Last Updated: May 7, 2016
%USERPROFILE%Dll9.vbs File name: Dll9.vbs
Size: 53.67 KB (53670 bytes)
MD5: 1006bf6cf4a5bac8040e666bb4ab82f1
Detection count: 44
Mime Type: unknown/vbs
Path: %USERPROFILE%
Group: Malware file
Last Updated: September 14, 2018
%APPDATA%aiasfacoafiasksf.vbs File name: aiasfacoafiasksf.vbs
Size: 24.22 KB (24221 bytes)
MD5: cdd3cd8f6d9a46246de7511da3a5c018
Detection count: 43
Mime Type: unknown/vbs
Path: %APPDATA%
Group: Malware file
Last Updated: January 21, 2017
%APPDATA%\Internet Explorer\iexplore.vbs File name: iexplore.vbs
Size: 108.62 KB (108628 bytes)
MD5: d7048417305332259cde4d525cbd8e6b
Detection count: 41
Mime Type: unknown/vbs
Path: %APPDATA%\Internet Explorer\
Group: Malware file
Last Updated: March 23, 2016
%SYSTEMDRIVE%\users\god\appdata\local\temp\x-men.exe\x-men.exe File name: x-men.exe
Size: 835.83 KB (835835 bytes)
MD5: ab8d1191478a9380a5db8fdb2b10fac1
Detection count: 40
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\users\god\appdata\local\temp\x-men.exe\
Group: Malware file
Last Updated: June 26, 2020
%APPDATA%COOL.vbs File name: COOL.vbs
Size: 196.6 KB (196608 bytes)
MD5: a1ee16a08da78dac072189548f6d7e79
Detection count: 33
Mime Type: unknown/vbs
Path: %APPDATA%
Group: Malware file
Last Updated: March 23, 2016
%SYSTEMDRIVE%\Users\Biurko\AppData\Roaming\systeme.vbs\systeme.vbs File name: systeme.vbs
Size: 561.42 KB (561424 bytes)
MD5: 671d85bfd0f31e2e981343c744f7445b
Detection count: 16
Mime Type: unknown/vbs
Path: %SYSTEMDRIVE%\Users\Biurko\AppData\Roaming\systeme.vbs\
Group: Malware file
Last Updated: June 26, 2020
%USERPROFILE%SYSTEM~1.VBE File name: SYSTEM~1.VBE
Size: 65.53 KB (65536 bytes)
MD5: 5dd5ec37adb1ac03ba0d335c89315bd6
Detection count: 5
Mime Type: unknown/VBE
Path: %USERPROFILE%
Group: Malware file
Last Updated: May 24, 2016
%TEMP% and [startup folder]\Serviecs.vbs File name: %TEMP% and [startup folder]\Serviecs.vbs
Mime Type: unknown/vbs
Group: Malware file
%TEMP% and [startup folder]Servieca.vbs File name: %TEMP% and [startup folder]Servieca.vbs
Mime Type: unknown/vbs
Group: Malware file
%TEMP% and [startup folder]njq8.vbs File name: %TEMP% and [startup folder]njq8.vbs
Mime Type: unknown/vbs
Group: Malware file

More files

Registry Modifications


The following newly produced Registry Values are:

Regexp file mask%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\CSrss.exe%ALLUSERSPROFILE%\tmp[RANDOM CHARACTERS].tmp.vbs%APPDATA%\[RANDOM CHARACTERS]..vbe%APPDATA%\cool.vbs%APPDATA%\microsoft.vbs%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\[RANDOM CHARACTERS]..vbe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\cool.vbs%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\home.vbe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\iTunesHelper.vbe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\njw0rm.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Systeme.exe%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\tmp[RANDOM CHARACTERS].tmp.vbs%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\WinUpdat.vbs%APPDATA%\mugen.vbs%APPDATA%\notepad\notepad.vbe%APPDATA%\tmp[RANDOM CHARACTERS].tmp.vbs%TEMP%\[RANDOM CHARACTERS]..vbe%TEMP%\iTunesHelper.vbe%TEMP%\Microsofts.vbs%TEMP%\mugen.vbs%TEMP%\njw0rm.exe%TEMP%\WinUpdat.vbsFile name without pathlllllllll1349327881578033048firewall.vbsHKEY..\..\{Value}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "" = "[malware folder and file name]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "" = "[malware folder and file name]"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "Serviecs.vbs" = "%Temp%\Serviecs.vbs"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Serviecs.vbs" = "%Temp%\Serviecs.vbs"
Home Malware Programs Worms Worm:VBS/Jenxcus.A

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.