This is a generic detection of .job files created by Downadup worm. One of the methods used by this worm to load its library file every day is by creating many Scheduled Tasks in %WINDOWS%\Tasks. The name of the application which will be executed is rundll32.exe and the parameter has the following format: More details about Downadup can be found at the following URL: Win32.Worm.Downadup.Gen
SYMPTOMS:
Presence of many scheduled jobs in C:\Windows\Tasks named At
Spreading: high
Damage: medium
Size: ~4 kbytes
Discovered: 2009 Dec 16
(bitdefender.com)
Please let BitDefender disinfect your files
No comments:
Post a Comment