Virus

W32/Jitux.A!worm.im

Analysis

  • Virus is 32bit with a file size of 24,576 bytes and may be known as "jituxramon.exe"
  • Virus was coded using Visual Basic 6 and uses imports from VBA6ES.dll, a localized dynamic link library for Spanish Windows
  • If the virus is run, it will seek the location of MSN Messenger, a Windows chat client from Microsoft - the virus will look in this path -

    C:\Archivos de programa\Messenger\msmsgs.exe

  • The virus will also check the titles of open Windows to locate MSN Messenger

  • If the virus is successful, it will then look for chat contacts to send a message

  • The virus creates a chat message with a hyperlink in the note pointing to a user page on the domain at 'www.home.no' and the binary file jituxramon.exe

  • The virus does not auto run, modify the registry, or copy itself to any location on the system

  • The virus has been removed from the user web site and is no longer available