Loading ...|
|
Tweet |  More |
Java.Cogyeka Description
Java.Cogyeka is a worm that proliferates through mapped and removable drives. Java.Cogyeka also adds a remote file onto the corrupted machine. When activated, Java.Cogyeka creates a few potentially malevolent files. Java.Cogyeka also creates the particular registry entry. Java.Cogyeka drops a module from the certain location ‘[RANDOM LETTERS].[DOMAIN NAME]:[RANDOM PORT NUMBER]‘. Java.Cogyeka then opens a random UDP port on the infected PC used by the downloaded module.
Type: Worms
How Can You Detect Java.Cogyeka?
Java.Cogyeka Removal Details
Java.Cogyeka has typically the following processes in memory:
- %Temp%\hsperfdata_[USER NAME]\[RANDOM LETTERS].dll
- %Temp%\hsperfdata_[USER NAME]\[SYSTEM EXECUTABLE FILE NAME].exe
Java.Cogyeka creates the following files in the system:
- %DriveLetter%\autorun.inf
- %Temp%\hsperfdata_[USER NAME]\[RANDOM DIGITS]
- %DriveLetter%\RECYCLER\[SID]\[RANDOM LETTERS].[THREE RANDOM LETTERS]
- %Temp%\jar_cache[RANDOM DIGITS].tmp
- %DriveLetter%\RECYCLER\[SID]\desktop.ini
Java.Cogyeka creates the following registry entries:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{175975F5-C68F-0875-C827-9225E76EAC65}\”StubPath” = “cmd /q /c start “” /I /B javaw -classpath %Temp%\jar_cache[NUMBERS].tmp”
Important Article Disclaimer
This entry was last updated on 07/9/12 and posted on 07/9/12.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Java.Cogyeka
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.