W32/LCJump-A

Category: Viruses and SpywareProtection available since:06 Mar 2007 00:00:00 (GMT)
Type: Win32 wormLast Updated:06 Mar 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/LCJump-A is a worm for the Windows platform.

W32/LCJump-A attempt to copy itself to mapped drives with the filename RavMon.exe and create a file autorun.inf which will attempt to load the worm automatically when the infected drive is accessed.

W32/LCJump-A also creates a backdoor, enabling a remote user control over the infected computer.

When run, W32/LCJump-A copies itself to <Windows>\SVCHOST.EXE and creates the file <Windows>\MDM.exe. The file MDM.exe is detected as Troj/Bckdr-PXR.

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SVCHOST
<Windows>\MDM.EXE