W32/Fujacks-I is a prepending virus for the Windows platform.
W32/Fujacks-I can also spread to network shares and has backdoor functionality.
W32/Fujacks-I includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Fujacks-I attempts to download and run additional code and executables.
Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Fujack-I (detected as Mal/Packer) since version 4.10.
W32/Fujacks-I is a prepending virus for the Windows platform.
W32/Fujacks-I can also spread to network shares and has backdoor functionality.
W32/Fujacks-I includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Fujacks-I attempts to download and run additional code and executables.
W32/Fujacks-I searches the system for files with HTML and ASP extensions and append code to them. These files are detected as Troj/Psyme-DO.
When first run W32/Fujacks-I copies itself to <System>\drivers\spo0lsv.exe.
The following registry entry is created to run spo0lsv.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svcshare
<System>\drivers\spo0lsv.exe
The following registry entry is set:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0
Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Fujack-I (detected as Mal/Packer) since version 4.10.