W32/Fujacks-I

Please follow the instructions for removing infected executable files.

W32/Fujacks-I is a prepending virus for the Windows platform.

W32/Fujacks-I can also spread to network shares and has backdoor functionality.

W32/Fujacks-I includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Fujacks-I attempts to download and run additional code and executables.

Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Fujack-I (detected as Mal/Packer) since version 4.10. W32/Fujacks-I is a prepending virus for the Windows platform.

W32/Fujacks-I can also spread to network shares and has backdoor functionality.

W32/Fujacks-I includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Fujacks-I attempts to download and run additional code and executables.

W32/Fujacks-I searches the system for files with HTML and ASP extensions and append code to them. These files are detected as Troj/Psyme-DO.

When first run W32/Fujacks-I copies itself to <System>\drivers\spo0lsv.exe.

The following registry entry is created to run spo0lsv.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
svcshare
<System>\drivers\spo0lsv.exe

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0

Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Fujack-I (detected as Mal/Packer) since version 4.10.