Windows Startup Programs database
Startup Programs - Dangerous - J
Home
Features
On-line Guide
Help On-line
Screenshots
Order
Download
Localization
Awards
Support
NI Forum
Mickey Forum
Greatis Forum
Startup Programs
Application Database
Hot!
Download:
RegRun 4.0 beta 2
What's new?
Greatis Home
Subscribe:
The Application Database
suggests you which Windows startup programs are usefual and which are bad.
The recommended tool for quickly removing the useless programs is
RegRun Startup Optimizer
.
www.startupapps.com
Purchase RegRun Suite
Download RegRun Suite
Search Database for:
RegRun
>
Greatis Startup Application Database
> Dangerous >
J
jacksim.exe
jade.exe
jammer2nd.exe
jammerkillah.exe
java.exe
joke.exe
jushed32.exe
jacksim.exe
Remote Access / Steals passwords
The VB6 files kan be tricked on a victim when he/she runs the game Father Jack Simulator (JackSim.exe).
jade.exe
Remote Access / FTP trojan
Also adds itself to the Start Menu to ensure autostart at Windows boot. The code has been packed with Neolite compressor.
jammer2nd.exe
The W32.Netsky.Z@mm worm is a Netsky variant that scans for the email addresses on all non-CD-ROM drives on an infected computer.
Scans drives C through Z (excluding CD-ROM drives) and retrieves the email addresses from any files with the predefined extensions.
Then, the worm uses its own SMTP engine to send itself to the email addresses that it finds to jamainlbbbsdef@yahoo.com
The From line of the email is spoofed, and its Subject, Message, and Attachment vary. The attachment has a .zip extension.
Also known as W32/Netsky.z@MM
Copies itself as %WinDir%\Jammer2nd.exe.
Creates a zip file containing the worm to %Windir%\PK_ZIP_ALG.LOG.
Listens on TCP port 665 for an attacker to send an executable file.
The worm will automatically run the executable when it is downloaded.
If the date of the system clock is between May 2, 2004 and May 5, 2004, the worm will attempt to perform Denial of Service (DoS) attack against the following Web sites:
www.nibis.de; www.medinfo.ufl.edu; www.educa.ch
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Jammer2nd" = %WinDir%\JAMMER2ND.EXE
jammerkillah.exe
Remote Access / Anti anti-trojan trojan / Trojan dropper
Kills the anti-trojan program Jammer and installs a modified Back Orifice server.
java.exe
I-Worm.Mydoom.m spreads via the Internet as an attachment to infected messages.
The worm contains a backdoor function.
The worm searches the victim machine for email addresses to harvest, and then sends itself to these addresses by directly connecting to the recipient's SMTP server.
It also harvests addresses by using popular search engines.
The worm opens TCP port 1034 in order to receive remote commands.
Manual removal:
Locate the keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
and remove the entry: JavaVM = %windir%\java.exe
Then locate the keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
and remove the entry: Services = %windir%\services.exe
joke.exe
Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)
jushed32.exe
One of the CoolWebSearch parasites.
CoolWebSearch is a name given to a wide range of different browser hijackers.
They are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.
Can be installed by pop-ups exploiting security holes in IE.
See also,
http://www.doxdesk.com/parasite/CoolWebS...
Copyright © 1998-2004 Greatis Software |
Privacy Policy
|
Recommend to a friend