Friday, April 18, 2014

[Expert Guide] Worm:VBS/Jenxcus.K Can Be Removed, How?









Worm:VBS/Jenxcus.K Is IntrusiveThe establishment of computer network system was objective to share data information and external resources, which also constructs favorable environment for virus like Worm:VBS/Jenxcus.K to live and spread.

Worm:VBS/Jenxcus.K is a worm that exploits vulnerability within VBScript. In web environment, the worm would increase exponentially to aggravate traffic burden and thus result in a dead network system within a short period of time. This indicates that the worm is a network worm. From a scientific point of view, it is much more intrusive than Trojan horse:

Worm:VBS/Jenxcus.K owns multiple ways to wage attack against computers
such as piggybacking on some rogueware, attacking the documents downloaded onto computer or portable devices, taking advantage of bugs/vulnerability/loopholes on a machine or program; but the major dissemination routine is being transferred onto server’s disks from workstation and then being spread to other workstations from the share catalogue of a server’s disk.

Worm:VBS/Jenxcus.K spreads much faster
the worm manages to affect another machine from one single machine via floppy disk/external devices and it is also capable of spreading its numerous copies to other machine by taking advantage of network communication mechanism via high speed cable telemetry system.

Worm:VBS/Jenxcus.K spreads wider
due to the rapid propagation, the worm is able to spread its reach to more machines within a local area network (LAN) and spread its reach to the machines thousands miles away via remote workstation.

Worm:VBS/Jenxcus.K is very damaging
it would directly affects surfing experience badly, dragging down page loading speed considerably or simply lead to a non-respond network system and destroy server system resources.

Worm:VBS/Jenxcus.K is hard to be removed
it is hard to remove the worm as it takes control of some build-in services and processes, which is also the reason why the installed anti-virus program s won’t help remove it complete and automatically; besides, the worm is a network worm, it manages to re-affect the same target machine by loading down vicious codes and copies from a designated server again.

(tip: not all PC users manage to remove virus on a server unless you are the maker; if one visits websites that are under the same server, the computer will be re-affected by Worm:VBS/Jenxcus.K)



Worm:VBS/Jenxcus.K’s Features

  1. Worm:VBS/Jenxcus.K lurks in a machine and launch itself randomly.
  2. It uses IP scanning technology to locate compromised computers that are connected to the Internet.
  3. Worm:VBS/Jenxcus.K takes advantage of DCOM-RPC buffer overflow bug to implant its virulent codes/copies.
  4. The worm utilized Autorun.inf and the like to automatically launch itself and affect one computer to others connected.
  5. Worm:VBS/Jenxcus.K copies itself in a large number to occupy limited internal storage and control how a machine acts.
Below is the instruction to help remove Worm:VBS/Jenxcus.K. The procedures can be somehow cumbersome. If you are not well equipped with computer skills and knowledge, it is recommended to ask the experts from Global PC Support Center for specialized technical help by starting a live chat window here.
 live chat to get expert help in removing Worm:VBS/Jenxcus.K



Instruction to Remove Worm:VBS/Jenxcus.K 


A – end Worm:VBS/Jenxcus.K’s processes.
(tip: if you are not able to access Task Manager with the key combination, please access Run box from Start menu and type “CMD”; hit Enter key to put in “taskkill.exe /im msblast.exe” or “taskkill.exe /im teekids.exe” or “taskkill.exe /im penis32.exe”)

  • Use Ctrl+Alt+Del key combination to access Task Manager (for Windows8 users, it is Ctrl+Shit+ESC).
  • Hit on Process tab and look for and end the following listed processes, if any:
msblast.exe
teekids.exe
penis32.exe
  • Open up system information to further locate the vicious processes and services that are not belong to system with the path directing to the detected location of Worm:VBS/Jenxcus.K –
Start Menu > All Programs > Accessories > System Tools > System Information > Software Environment > Running Tasks.



B –show hidden files and folders to remove the items generated on the day when Worm:VBS/Jenxcus.K was firstly detected.

Windows 7/XP/Vista
Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK.

Windows 8
Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ options > OK.

Navigate to the following listed places to remove associated items:
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Windows
C:\Windows\System32
C:\Documents and Settings\Administrator\Local Settings\
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Program Files\

To filter out the items generated on the day when Worm:VBS/Jenxcus.K was firstly detected, please follow the step here: right click on the space > select ‘arrange icons by’/ ‘sort by’ > select‘ Day’/‘Date’/‘Modified’ > scroll to the bottom of the folder under inspection > remove files created on the day when Worm:VBS/Jenxcus.K was firstly detected and are not seen before.



C – remove Worm:VBS/Jenxcus.K’s virion.
(tip: if one owns Windows XP, it is suggested to execute the following steps after closing down System Restore function: right click on “My Computer”/”Computer” > Property > navigate to System Restore tab > tick “Turn off System Restore”)


Open up any folder and hit on the search icon/button; type “[the name of the detected services and processes respectively]” to all the given blanks the press “Search button” to get the items related to Worm:VBS/Jenxcus.K. If any, remove it.



D – access DataBase to remove vicious values and keys related to Worm:VBS/Jenxcus.K.

  • Press and hold down Win key and R key together to get a Run box.
  • Put in “regedit” and hit Enter key to access DataBase.
  • Navigate to the following entry and remove “windows auto update=msblast.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftWindows\CurrentVersion\Run
(tip: the key value can be displayed differently in case mutex is generated by Worm:VBS/Jenxcus.K)
  • Press and hold down Win key and F key together to get a Find box.
  • Put in the processes and services detected in step1 respectively and remove any detected.



All these malicious behaviors are serving to one ultimate goal which is money. So where the money comes from? With some build-in services and processes, Worm:VBS/Jenxcus.K is capable of recording any stored information including the password you once typed to log in some online account. For whatever reason, it is always recommended to remove the worm. After completing the above offered steps, one should restart a machine to confirm the changes. Also one should know that the changes will be made only if they are authorized by admin rights. There’s no simple way to remove intrusive virus like Worm:VBS/Jenxcus.K as it adopts advanced methods to infiltrate a machine and steal information. And one can tell that certain level of computer skills and virus knowledge is required to carry out the steps when following the help instruction. If you are not certain about how to proceed, it is advisable to contact VilmaTech Online Support and ask their senior technicians for one-on-on assistance.
  live chat to get expert help in removing Worm:VBS/Jenxcus.K



Post a Comment