Aliases: W32/Trojan.NFSH-6582 (Command) Email-Worm.VBS.Agent.aa (Kaspersky) legacyascii/AutoRun.CCSS (Norman) Worm/Jenxcus.A.25 (Avira) Gen:Heur.MSIL.Krypt.85 (BitDefender) VBS.DownLoader.78 (Dr.Web) VBS/Agent.NDJ (ESET) VBS/Agent.NGB!tr (Fortinet) VBS/Autorun-CAI (Sophos)
Windows Defender detects and removes this threat.
This threat is a member of the Jenxcus family of worms that can give a malicious hacker access and control of your PC. It can also collect your personal information and send it to a malicious hacker.
Typically, this threat gets onto your PC from a drive-by download attack. It can also be installed when you visit a compromised webpage or use an infected removable drive.
See VBS/Jenxcus description for more information.
Use the following free Microsoft software to detect and remove this threat:
- Windows Defender Antivirus for Windows 10 and Windows 8.1, or Microsoft Security Essentials for Windows 7 and Windows Vista
- Microsoft Safety Scanner
- Microsoft Windows Malicious Software Removal Tool
You should also run a full scan. A full scan might find hidden malware.
Protect your sensitive information
This threat tries to steal your sensitive and confidential information. If you think your information has been stolen, see:
You should change your passwords after you've removed this threat:
This threat tries to use the Windows Autorun function to spread via removable drives, like USB flash drives. You can disable Autorun to prevent worms from spreading:
Scan removable drives
Remember to scan any removable or portable drives. If you have Microsoft security software, see this topic on our software help page:
Get more help
If you’re using Windows XP, see our Windows XP end of support page.