W32/LCJump-B

Category: Viruses and Spyware Protection available since:11 Oct 2007 21:38:38 (GMT)
Type: Win32 worm Last Updated:26 Nov 2010 03:00:24 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/LCJump-B is a worm for the Windows platform.

W32/LCJump-B attempts to copy itself to mapped drives with the filename RavMon.exe and create a file autorun.inf which will attempt to load the worm automatically when the infected drive is accessed.

W32/LCJump-B also creates a backdoor, enabling a remote user control over the infected computer.

When run, W32/LCJump-B copies itself to <Windows>\SVCHOST.EXE and creates the file <Windows>\MDM.exe. The file MDM.exe is detected as Troj/Bckdr-PXR.

The following registry entries are set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SVCHOST
<Windows>\MDM.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy