W32/Fujacks.a is worm that infects all .exe files and spreads over network shares and removable devices.
It might also attempt to download additional malware on the infected machine.
Upon execution, the worm drops a copy of itself in %SYSTEM% folder and executes from there.
Creates the following files in root directory:
It copies itself in startup folders to make sure it runs at windows startup.
Adds the following values to the registry to auto start itself when Windows starts:
"FuckJacks" = "%SYSTEM%\FuckJacks.exe"
"svohost" = "%SYSTEM%\FuckJacks.exe"
Terminates processes containing strings:
Terminates the following processes:
Terminates the following Services:
Deletes the following Registry entries:
It tries to copy itself to network shares using following passwords:
It might also attempt to download other malware components on infected machine.
W32/Fujacks.a is a parasitic file infector that can spread over network drives and shared folders. It also has a downloader component that installs additional malware on the infected machine.
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.