W32/Fujacks.ak

This page shows details and results of our analysis on the malware W32/Fujacks.ak

Overview

W32/Fujacks.ak is a Win32/PE executable file infector with downloading and spreading capabilities.


Minimum DAT

N/A

Updated DAT

5639 (2009-06-07)

Minimum Engine

5.1.00

File Length

Description Added

2007-09-14

Description Modified

2007-09-17

Malware Proliferation

Characteristics

W32/Fujacks.ak is a file infector with spreading capabilities. When the W32/Fujacks is executed, it will attempt to download a list of additional malware from:

    http://www.****.c*/list.txt

The additional malware will be then downloaded and executed. At the moment of this writing, the website offering the list of additional malware is down.

In addition to this, the malware will start copying itself across the available drives, and for each of them, it will create a proper autorun.inf file, in order to spread further. It will then start searching the available drives for Windows PE Executables that are suitable for infection and proceed to infect them.

Symptoms

  • unusual network activity
  • unusual disk activity
  • presence of the whboy mutex

 

Method of Infection

Executing an infected file will directly start the infection of the system and available drives.

Removal

Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner such as:

SCAN C: /CLEAN /ALL

Variants