We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:VBS/Jenxcus
Aliases: W32/Trojan.NFSH-6582 (Command) Email-Worm.VBS.Agent.aa (Kaspersky) legacyascii/AutoRun.CCSS (Norman) Worm/Jenxcus.A.25 (Avira) Gen:Heur.MSIL.Krypt.85 (BitDefender) VBS.DownLoader.78 (Dr.Web) VBS/Agent.NDJ (ESET) VBS/Agent.NGB!tr (Fortinet) VBS/Autorun-CAI (Sophos)
Summary
Windows Defender detects and removes this threat.
This threat is a member of the Jenxcus family of worms that can give a malicious hacker access and control of your PC. It can also collect your personal information and send it to a malicious hacker.
Typically, this threat gets onto your PC from a drive-by download attack. It can also be installed when you visit a compromised webpage or use an infected removable drive.
See VBS/Jenxcus description for more information.
Use the following free Microsoft software to detect and remove this threat:
- Microsoft Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find hidden malware.
Protect your sensitive information
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
Disable Autorun
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:
Scan removable drives
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
Get more help
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.