Worm

Worm:VBS/Jenxcus removal tips

Malware Removal

The Worm:VBS/Jenxcus is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm:VBS/Jenxcus virus can do?

  • Creates RWX memory
  • Detected script timer window indicative of sleep style evasion
  • A process attempted to delay the analysis task.
  • Reads data out of its own binary image
  • A process created a hidden window
  • Drops a binary and executes it
  • Performs some HTTP requests
  • Unconventionial language used in binary resources: Russian
  • The binary likely contains encrypted or compressed data.
  • A scripting utility was executed
  • Uses Windows utilities for basic functionality
  • Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config
  • Installs itself for autorun at Windows startup
  • Stores JavaScript or a script command in the registry, likely for persistence or configuration
  • A wscript.exe process commonly used in script or document file downloaders initiated network activity
  • Attempts to modify proxy settings
  • Anomalous binary characteristics

Related domains:

z.whorecord.xyz
a.tomx.xyz
installer.jdownloader.org

How to determine Worm:VBS/Jenxcus?



File Info:

crc32: CE58034C
md5: 7953277b75d63c0a1eb9c6da79dc2abe
name: 7953277B75D63C0A1EB9C6DA79DC2ABE.mlw
sha1: ca879f54e9e9f5efc3a57400d56b3998446d4307
sha256: 158408ff6a81995ec6ca05776aa1c89fd7af970fbdcd784c6191de706238a16a
sha512: dfea41fd257594ceb0ce0094be13010a70a058607c7b943d23b00d0578aacff7ef4d28b8656ca54f7133d37a05eb9c9af494ba32181aa712d4ce188fa2f3a674
ssdeep: 12288:CANwRo+mv8QD4+0V16j3sdWVSm1jy//lqjS0Wpnd/9DErsLvc:CAT8QE+kqsdWo+y//0S0ekrsw
type: PE32 executable (GUI) Intel 80386, for MS Windows


Version Info:

LegalCopyright: ConsPiracY                                                                                          
FileDescription: Jdownloader 2 Espaxf1ol 2.0.0.1                  
FileVersion: 2.0.0.1             
Comments: 
CompanyName: ConsPiracY                                                  
Translation: 0x0409 0x04e4

Worm:VBS/Jenxcus also known as:

BkavW32.AIDetect.malware2
MicroWorld-eScanGen:Heur.SMHeist.3
FireEyeGen:Heur.SMHeist.3
CAT-QuickHealTrojanRansom.Blocker
McAfeeArtemis!7953277B75D6
CylanceUnsafe
AegisLabTrojan.Win32.Blocker.j!c
SangforTrojan.Win32.Agent.C
BitDefenderGen:Heur.SMHeist.3
K7GWTrojan ( 005103ce1 )
K7AntiVirusTrojan ( 005103ce1 )
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Generik.DUDHFII
APEXMalicious
AvastOther:Malware-gen [Trj]
KasperskyTrojan-Ransom.Win32.Blocker.khcm
AlibabaRansom:Win32/Blocker.585ec00a
NANO-AntivirusRiskware.Nsis.Agent.eocvgy
TencentWin32.Trojan.Blocker.Ahyh
Ad-AwareGen:Heur.SMHeist.3
EmsisoftGen:Heur.SMHeist.3 (B)
F-SecureAdware.ADWARE/Agent.sphdy
DrWebTrojan.MulDrop11.19126
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_Blocker.R002C0GB121
McAfee-GW-EditionBehavesLike.Win32.Dropper.jc
SophosMal/Generic-S
IkarusTrojan.SuspectCRC
JiangminAdWare.Generic.ggsn
WebrootW32.Gen.BT
AviraADWARE/Agent.sphdy
KingsoftWin32.Troj.Generic_a.a.(kcloud)
MicrosoftWorm:VBS/Jenxcus
ArcabitTrojan.SMHeist.3
AhnLab-V3PUP/Win32.Helper.C2689020
ZoneAlarmTrojan-Ransom.Win32.Blocker.khcm
GDataGen:Heur.SMHeist.3
CynetMalicious (score: 85)
VBA32Adware.Creprote
MAXmalware (ai score=86)
MalwarebytesGeneric.Malware/Suspicious
PandaTrj/CI.A
TrendMicro-HouseCallRansom_Blocker.R002C0GB121
YandexPUA.Agent!gd/CuVbj+3Q
MaxSecureTrojan-Ransom.Win32.Crypmod.zfq
FortinetAdware/Generic
AVGOther:Malware-gen [Trj]
Paloaltogeneric.ml
Qihoo-360Win32/Ransom.Blocker.HwUBIZ8A

How to remove Worm:VBS/Jenxcus?

Worm:VBS/Jenxcus removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment