W32/Fujacks-AJ is a worm for the Windows platform.
W32/Fujacks-AJ spreads to network shares and removable storage devices with the filename setup.exe. W32/Fujacks-AJ also creates the file autorun.inf to ensure that the file setup.exe is executed.
W32/Fujacks-AJ is a worm for the Windows platform.
W32/Fujacks-AJ spreads to network shares and removable storage devices with the filename setup.exe. W32/Fujacks-AJ also creates the file autorun.inf to ensure that the file setup.exe is executed.
W32/Fujacks-AJ runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer.
W32/Fujacks-AJ includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Fujacks-AJ appends an HTML Iframe tag to HTML and ASP files. These modified files are detected as Troj/Fujif-Gen. W32/Fujacks-AJ may drop the file Desktop_.ini (which may simply be deleted) in various folders.
When first run W32/Fujacks-AJ copies itself to <System>\drivers\CTMONTv.exe.
The following registry entry is created to run W32/Fujacks-AJ on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svcshare
<System>\drivers\CTMONTv.exe
The following registry entry is modified to hide W32/Fujacks-AJ, in an attempt to make removal difficult:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\SHOWALL
CheckedValue
0
The following registry entry tree is removed by W32/Fujacks-AJ in order to reduce system security:
HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\