Jodrive32.exe

Jodrive32.exe is a serious threat. If you find Jodrive32.exe on your PC, please be extremely careful, and take precautions to protect any personal or sensitive information that is on the system or that you have accessed while using the computer. It is extremely important to remove the malware associated with Jodrive32.exe as quickly as possible, using reputable anti-virus software or expert technical support.

Jodrive32.exe’s Origins and Activities

Jodrive32.exe is one of two main executable files associated with a threat known as Troj/Backdr-EY, which is a Trojan that creates a system backdoor. Troj/Backdr-EY is not a very common Trojan, but Troj/Backdr-EY has the capability to do a significant amount of damage, by stealing information or allowing someone at a remote location to control your computer. When the Trojan is active on your PC, Jodrive32.exe will run whenever Windows is running, and Jodrive32.exe frequently refers to itself as Microsoft Config Setup. That's just one very minor way that the Trojan behind Jodrive32.exe tries to keep you from noticing Jodrive32.exe's presence – the rest of it is even stranger.

The backdoor that uses Jodrive32.exe hides in a fake Recycle Bin that it creates. The malware even creates a file that convinces Windows itself that the fake is the real Desktop Recycle Bin. That is where the Trojan puts its files, and then it makes changes to the Registry to call those files at startup. This half of the Trojan's malicious activity will show up as the process winfix.exe. It seems to be the case that winfix.exe is the portion of the malware that does things on your computer itself, whereas Jodrive32.exe is associated with connecting to a remote location.

Jodrive32.exe has been observed downloading files and sending outgoing information. In particular, Jodrive32.exe has been observed trying to connect to hosts at the IP addresses 123.183.217.32 and 60.190.223.125, which belong to Chinese networks that are known to host malicious sites and content; and to 195.14.112.156, in Ukraine, also hosted on a suspicious network. When Jodrive32.exe connects to these hosts, Jodrive32.exe attempts to download other files. Jodrive32.exe also tries establish TCP connections on ports 1053 and 1825 through 1870, and Jodrive32.exe makes an outbound connection to an IRC server in order to send information about your computer to a remote location.

How Can You Tell if Jodrive32.exe is on Your Computer?

There may not be any obvious signs that Troj/Backdr-EY is on your computer and that your security is at risk because of Jodrive32.exe. Generally, Jodrive32.exe does not cause symptoms that are disruptive or that you will notice. However, you should be able to see Jodrive32.exe, and winfix.exe in your running processes in Task Manager, if the malware is present on your PC, and you may be able to see the changes that the malware has made to the Registry. Otherwise, without proper security software, Jodrive32.exe's activities will go unnoticed. Not only will legitimate anti-virus software generally detect the Trojan that uses Jodrive32.exe, but it will catch the malware's attempts to connect to a remote location in order to download or transmit data. In this case, having some kind of reputable security software is absolutely vital to the protection of your PC and your personal information.