Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:Worm/Rjump.A.2
Date discovered:06/08/2006
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:3.515.723 Bytes
MD5 checksum:3efdfddfffe5cf4ad40c5368c336a702
IVDF version:6.35.01.56 - Sunday, August 6, 2006

 General Aliases:
   •  Sophos: W32/RJump-H
   •  Panda: Bck/Simut.A
   •  Eset: Win32/RJump.A
   •  Bitdefender: Trojan.Generic.1618020


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a malicious file
   • Drops malicious files
   • Registry modification

 Files It copies itself to the following location:
   • %WINDIR%\RavMonE.exe



The following file is created:

%malware execution directory%\RavMonLog



It tries to download a file:

The locations are the following:
   • http://natrocket.kmip.net:5288/**********?peer_id=%character string%&port=%character string%&type=%character string%&ver=%character string%
   • http://natrocket.9966.org:5288/**********?peer_id=%character string%&port=%character string%&type=%character string%&ver=%character string%
   • http://scipaper.kmip.net:80/**********?peer_id=%character string%&port=%number%&type=%character string%&ver=%number%




It tries to executes the following files:

Filename:
   • %SYSDIR%\cmd.exe /c netsh firewall add portopening TCP 17841 NortonAV


Filename:
   • netsh firewall add portopening TCP 17841 NortonAV

 Registry The following registry key is added in order to run the process after reboot:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "RavAV"="%WINDIR%\RavMonE.exe"

설명 삽입자 Petre Galan   2010년 4월 22일 목요일
설명 업데이트 Petre Galan   2010년 4월 22일 목요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.