Good for me I have more than one user account.

My virus checker caught it but could not fix it.

The virus was using most of my bandwidth. There were to processes I did not recognize:

WinnConfig.exe <---The one doing the transfers.
jumsvc32.exe <---Not sure what it does.

If it is active, the process will close Regedit if opened. It of course runs on startup. Apparently only for the user where it was initially installed. I logged in with another account a cleaned the keys from the registry.

It also modified my host file to block all the western virus companys:

Google searches turn up nothing on the exe files. I checked with Olly and the exes are compressed. Is there a place to send these so the virus can be analyzed?


BTW I use Ahnlabs V3. A popular virus software here in Korea.


They didn't block TrendMicro Housecall :P

It identifies jumsvc32.exe as WORM_SDBOT_BMP
Posted on 2005-01-15 07:11:18 by ThoughtCriminal
You might want to try for a decent free AV, or kaspersky if you're willing to pay for a pretty good commercial one. Also, for situations like the one you just had, pslist and pskill (from pstools at are invaluable!
Posted on 2005-01-15 08:20:35 by f0dder
i can also recommend a personal firewall, and you'll only allow your browser and mail account (and whatever else you use) to connect outside. it saved my ass many times, with browser exploits that downloaded nasty stuff and other bad things. also good for your privacy.
Posted on 2005-01-15 11:28:08 by lifewire
first, a good "external" firewall - this means a BSD or linux router, or a hardware device.

Second, run from a limited user account, not one with administrative privileges.

Third, a "personal" or "software" firewall. Even with a good external FW, these are helpful as they can limit programs outgoing traffic, and alert you if something fishy is going on.

Fourth, a good antivirus product (not mcafee or norton).

Fifth, norton/symantec ghost :-)
Posted on 2005-01-15 11:34:48 by f0dder