Welcome to the Virus Encyclopedia of Panda Security.
It connects to an IRC server and waits for remote control commands.
|First detected on:||Dec. 13, 2004|
|Detection updated on:||Dec. 14, 2004|
|Yes, using TruPrevent Technologies|
Janx.A is a worm that spreads via the Internet by exploiting the LSASS vulnerability in remote computers. This vulnerability is critical for Windows XP/2000 operating systems that are not properly updated.
Janx.A connects to the IRC server 188.8.131.52 and waits for remote control commands to be carried out on the affected computer.
Janx.A only spreads automatically to Windows XP/2000 computers. However, computers with other Windows operating systems can also be a source of transmission when a malicious user runs the file containing the worm in any of these computers.
If you have a Windows XP/2000 computer, it is highly recommendable to download the security patch for the LSASS vulnerability from the Microsoft website.
Janx.A is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
Although Janx.A exploits the LSASS vulnerability, it does not restart the computer, a typical characteristic of those malware exploiting the already mentioned vulnerability, in order not to give evidence of its presence in the affected computer.