The file JAVAWSJRE06.EXE is identified as a virus dropper.
The dropper JAVAWSJRE06.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file JAVAWSJRE06.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the JAVAWSJRE06.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the JAVAWSJRE06.EXE process and delete the file JAVAWSJRE06.EXE.
Malware Analysis of JAVAWSJRE06.EXE
Full path on a computer: %AllUsersProfile%\Favorites\Java\JavawsJRE06.exe
Detected by UnHackMe:
Item Name: UserInit
Author: Unknown
Related File: %SysDir%\userinit.exe,%AllUsersProfile%\Favorites\Java\JavawsJRE06.exe
Type: UserInit Value
Item Name: JavaUpdater
Author:
Current Setting: %ALLUSERSPROFILE%\FAVORITES\JAVA\JAVAWSJRE06.EXE
Type: Registry Run
Removal Results: Success
Number of reboot: 1
JAVAWSJRE06.EXE is known as:
Trojan.Tordev.rjriz, Trojan.Klovbot, Fynloski.V, Backdoor.A.Delf.318976.A[UPX], BackDoor.Comet.104, Backdoor.Fynloski.A (v), Mal.Behav-058, Trojan.Genome.bift, Hack.HuigeziT.cz.(kcloud), Backdoor.Fynloski.A, Trojan.Agent.Gen-Fynloski, a variant of Win32.Fynloski.AM, PE:Backdoor.Pontoeb.1.6637, Trojan.CDur, W32.DarkKomet.ID.tr.bdr, Trj.Packed.B
JAVAWSJRE06.EXE hash:
- MD5: 9f79e6c17abe784da3e53229e6d2c14d
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\JavaUpdater: “%AllUsersProfile%\Favorites\Java\JavawsJRE06.exe”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: “%SysDir%\userinit.exe,%AllUsersProfile%\Favorites\Java\JavawsJRE06.exe”
- HKLM\System\CurrentControlSet\Services\wscsvc\Start: 0×00000004
Folders:- %AllUsersProfile%\Favorites\Java
Files:- %AllUsersProfile%\Favorites\Java\JavawsJRE06.exe