MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

What is a computer virus?

Alert: Computer Virus Outbreaks

AVG Alternative Update URL

AVG Anti-Virus 7 FE

AVG Anti-Virus 7.5

AVG Email Server Edition

AVG File Server Edition

How to - Avoid Getting Infected

How to - Disabling System Restore

How to - Put Windows in Safe Mode

MAC OS X Anti-Virus

Removal of Trojan

Removing File Locked by OS

Stop the virus Ping-Pong

The real thing !

Viruses: Email-borne

Viruses: On-line Scanners
Home » Virus Protection » Alert: Computer Virus Outbreaks » 

Rjump Computer Virus

W32 Rjump.worm is a worm target USB memory drives and disk devices. It attempts to spread by coping itself to mapped and removable storage drives and also opens a backdoor on an infected system. It creates a port exception for its backdoor component to bypass the built-in firewall of WinXp by executing the following netsh command. cmd.exe / c netsh firewall add portopening TCP 16942. Then then post ip address and backdoor port information from an infected machine back to the virus author.

Method of Infection

W32 / Rjump.worm lists all mapped and removable storage drives on an infected system and drops the following files onto the root folder of the available drive: autorun.inf

On execution, it creates a copy of itself into the windows system directory: %Windir% \ RAVMON.EXEAlso create a non-malicious "RavMonLog" file that contains the port number on which its backdoor component listens.

Adds the following values to the registry to auto start itself when Windows starts:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
"RavAV" = "%Windir% \ RAVMON.EXE"

New iPod RJump Virus 24-Oct-2006


commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.