win32.jacksuf.a

Hi.

I have a problem with this virus, he has infected all my .exe files an i have important contability programs that i need to use daily. they are all infected, even the instalation kits. I tried many antivirus softwares, but BitDefender is the only one that found it.

He protected my pc ( put the files in quarantine, more than 300 files) but i need to disinfect them .... even though many files i have backed-up on dvd-s, i still have to find a way to disinfect files that are not that easy to find. I searched everywhere with no luck.

Please help me.

I uploaded one file, the instalation kit from a archiver. (pass "infected")

/applications/core/interface/file/attachment.php?id=244" data-fileid="244" rel="">wrar361.rar

Find more posts tagged with

Comments

Cd-MaN

Hello.

This is a two-part file infector. What I mean by that that the code which actually does the infection is not contained in the infected file (and thus the infected files do not replicate by themselves). The infected files drop an executable to c:\RBFZ.XNS of size 16.6 Kb, which copies itself to %WINDIR%\system\wdfngr.exe. This file (also detected with the same name) is downloader.

What I would like to ask is for you to send more samples (because we only have one "part" of the malware and can not replicate it) to make the removal tool more secure. Unfortunately the infection process seems to be rather dumb (in the sense that it has the possibility to overwrite certain parts of the executable) and you should expect executables (mainly setups - more precisely, those which have "overlay") to be damaged beyond repair. For example the Winrar kit you've attached is such an example.

In conclusion, please send more samples (as many as you can) and I'll provide a removal tool ASAP.

WeazzeL

Hi.

I don't have the virus in my C: , i formated an installed vista, i rad in some forum that this virus does not infect vista. So .. far ... my OS is not infected and the virus is not spreathing anymore.

All i have is that öne "part" that got infected, over 300 files in different partitions.

Most of my infected .exe files are bigger than 2Mb so i can't upload them. I had som problems archiving some files (access denied), i unloaded bitdef, some archiving worked .. but not all i wanted.

/applications/core/interface/file/attachment.php?id=250" data-fileid="250" rel="">dvdtoavi.rar

/applications/core/interface/file/attachment.php?id=251" data-fileid="251" rel="">keygen.rar

/applications/core/interface/file/attachment.php?id=252" data-fileid="252" rel="">SETUP.rar

/applications/core/interface/file/attachment.php?id=253" data-fileid="253" rel="">Setup3.rar

/applications/core/interface/file/attachment.php?id=254" data-fileid="254" rel="">Swish__v.1.5x__Keygen.rar

dvdtoavi.rar

keygen.rar

SETUP.rar

Setup3.rar

Swish__v.1.5x__Keygen.rar

WeazzeL

Hi.

I don't know if this has something with this virus, but mai Hdd started to crash. Vista was impossibel to repair, i installed xp again but still crashed from time to time. At least 2 bad sectors were found. I want to go to warranty .. and change my hdd, but before i have to disinfect and do back-ups on dvd-s or other hdd's. I hope it works until then.

WeazzeL

Any news? I'm still waiting.

SeanB

Hello,

We have just been hit by this virus and it appears to come in 3 parts the original Virus is in a file called wdfngr.exe this can be found in the \winnt\system directory and may well be hidden this file runs and looks for ALL exe files on all drives other than C it then infects all the ones it can and logs all the exe files into a new file called "mciwace.inc" it then sits quietly for 30-40 minutes and runs again.

The infected exe files will then infect a new PC firstly by copying itself to a file with a 4.3 character filename this file will firstly try and deactivate your Antivirus software then replicate the wdfngr.exe file as above.

In our network there did not appear to be any malicious payload it was just very annoyingly causing hundreds of virus alerts when our definitions were updated.

It can be very misleading as we thought we had 2 seperate probs the wdfngr.exe and the 4.3 files and they may not both show up on the same pc ??

The viruses that it might be called are W32.Jacksuf, W32.Mumawow.F or Cekar depending were you look.

We use a Symantec Antivirus which now does have a set of definitions which appear to be cleaning our EXE files OK so far.

Thanks

Sean Barnes

Unisys

WeazzeL

Hi,

I used symantec antivirus trial, updated him, but when i scanned my pc he hadn't found the virus. Instead Bitdefender found all of them because realtime protection was on. Does it has anything to do with my HDD problem?

AndreiASM

If you have HDD problems, bad clusters etc. than there could occure read errors. However, it is practicaly imposibile that chunks of all the virus copies on your hDD to be located in bad clusters, except if you have really big problems with it.

Andrei

WeazzeL

Any luck?

Cd-MaN

Hello. I've sent both of you (WeazzeL and SeanB) PM (Private Message) with the disinfection tool (I couldn't post it publicly, because only virus researchers can download the public attachments). Did neither of you get my PM?

(The removal tool will also appear on the official site, but that takes time and I wanted to get it to you as quickly as possible)

WeazzeL

Thank you very much. Keep up to good work. :rolleyes: .

Btw, if i update BitDefender and scan does it automaticly disinfect Jacksuf now?

vlad

The disinfection routine is not added to the AV yet (it has to undergo a series of QA tests, which can take up to a couple of weeks, depending on the complexity of the code). Releasing removal tools is much faster, which is why that optin has been chosen.