Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:08/03/2012
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:86528 Bytes
MD5 checksum:CF972AC807B164BEA5E8DD06D6763B6C
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Mcafee: Generic.dx!bdjv
   •  Kaspersky:
   •  Bitdefender: Gen:Variant.Zusy.993
   •  Grisoft: Dropper.Generic5.AWSA
   •  Eset: Win32/Boberog.AZ worm
   •  GData: Gen:Variant.Zusy.993
   •  Norman: Trojan W32/Suspicious_Gen4.TURD

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Can be used by rogue users or malware to lower security settings
   • Can be used to modify system settings that allow or augment potential malware behaviour.
   • Lowers security settings
   • Registry modification

 Files It copies itself to the following location:
   • %APPDATA%\HEX-5823-6893-6818\jusched.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "Java Update Manager"="%APPDATA%\\HEX-5823-6893-6818\\jusched.exe"

The following registry keys are added in order to load the service after reboot:

– [HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   • "%APPDATA%\\HEX-5823-6893-6818\\jusched.exe"="%APPDATA%\\HEX-5823-6893-6818\\jusched.exe:*:Enabled:Java Update Manager"

 Miscellaneous Internet connection:
In order to check for its internet connection the following DNS server is contacted:
   • abcdefg.**********.com

Event handler:
It creates the following Event handlers:
   • URLDownloadToFile
   • CreateFile
   • GetDriveType
   • ShellExecute
   • YahooBuddyMain
   • JOIN
   • NICK
   • PASS
   • USER

Description inserted by Wensin Lee on Monday, April 16, 2012
Description updated by Wensin Lee on Monday, April 16, 2012

Back . . . .