Backdoor.Jukbot.B

Backdoor.Jukbot.B Description

Backdoor.Jukbot.B is a dangerous backdoor Trojan which opens a back door in the targeted computer system and enables hackers to obtain remote access and control over the compromised PC. Backdoor.Jukbot.B communicates with a remote server to receive commands and instructions on further harmful actions. Once Backdoor.Jukbot.B is installed, it makes system changes and modifies the registry. Backdoor.Jukbot.B can easily drop and run malicious files. Backdoor.Jukbot.B uses different file and service names throughout the installation. The registry is modified in order to start Backdoor.Jukbot.B as a Windows service. Backdoor.Jukbot.B copies the names of the legitimate services and corrupts them and tricks the computer system into starting it every time Windows boots up. When Backdoor.Jukbot.B is installed and run, it tries to connect to a remote web page in order to receive configuration data from the remote server. Backdoor.Jukbot.B can also deliver fake security software. Backdoor.Jukbot.B can unexpectedly restart or shut down your PC, or execute denial of service attacks. Remove Backdoor.Jukbot.B before it harms your computer system.

Aliases: Backdoor.Win32.Zegost [Ikarus], Trojan.Win32.Inject.2, Backdoor/Win32.Hupigon [AhnLab-V3], Trojan/Generic.aedpp, Backdoor.Win32.Zegost!IK, DDoS.Attack.301 [DrWeb], Packed:W32/PeCan.A [F-Secure], Gen:Trojan.Heur.PT.guW@aehIxgp [BitDefender], HEUR:Trojan.Win32.Generic [Kaspersky], Win32:Rootkit-gen [Rtk] [Avast], TROJ_GEN.RFFH2G3, Generic BackDoor!1tp [McAfee], Backdoor.Jukbot [CAT-QuickHeal], Generic Malware [Panda] and Fat-Obfuscated [AVG].

Technical Information

File System Details

Backdoor.Jukbot.B creates the following file(s):
# File Name Size MD5 Detection Count
1 %WINDIR%\SysWOW64\svch0st.exe 102,182 cf9548e21a7ffae63ec35148507ea9ec 109
2 %WINDIR%\system32\sqlcsw32.dll 162,816 85a8fc6b1dedab9c8085e037680b7cf1 29
3 %PROGRAMFILES(x86)%\C7E22\lvvm.exe 188,416 a85e79a1ce7c293611a311f89b063cf8 25
4 sqlesw32.dll 37,888 1a6c9676be60fce0d199c114895df03e 18
5 %USERPROFILE%\Application Data\thq88rx6p.exe 5,120 6afaea332a84de981715de7881d9f228 15
6 %WINDIR%\system32\ytnqne.exe 360,448 8bb9b7318ab2226b77bafdd2aadf4cb5 14
7 %ALLUSERSPROFILE%\Dati applicazioni\NfWOkoyrvDaoRQH.exe 466,944 0ea318a1f802030209a70f9f6bf5d6c7 11
8 %APPDATA%\Remote\svy9.dll 37,888 22a6ca25c41f0cdeabe667b06357bece 4
9 %WINDIR%\System32\drivers\afd.sys 338,944 aff9873e66a0b246ce56ac6d1021f4c8 4
10 %USERPROFILE%\Local Settings\Application Data\bsn.exe 286,208 c72daa10403a129878ca560aa1245636 4
11 %PROGRAMFILES%\NewtonDictate\NewtonDictate.exe 2,279,424 9a1485f3c67ecc2e4f3fb907866afed7 3
12 %WINDIR%\System32\drivers\cdrom.sys 62,976 c69b912e4c06a7586bb847ccb10781f8 2
13 %APPDATA%skfp.exe 458,752 5f9bbb0be8270c87d659dd29a02e36f5 2
14 %APPDATA%68.exe 327,680 acb887fe28c2d1206b8835935506e6b8 2
15 %USERPROFILE%\AppData\LocalFiles\svchosts.exe 792,320 604bb71fb6f91b4927c1a0fe526dc148 2
16 c:\windows\syswow64\smvccs.dll 89,088 9c390d3b8e508f0a1b601ba814d7e078 2
17 %USERPROFILE%\Desktop\Stellar_Phoenix_Password_Recovery_v1_0_keygen.exe 431,616 95936157ffcf7d8e9d21c4c8525ba00e 1
18 %USERPROFILE%\Local Settings\Application Data\zyifur.exe 3,772,824 28cfbf345322abe2325ae327d1f8be0b 1
19 %APPDATA%\Microsoft\015D\38A.exe 284,672 3275203f1041b62ed23c9d1b55f99737 1
20 %USERPROFILE%\Local Settings\Application Data\rjy.exe 291,840 f84056ed084e58f6fcdc487ec931843b 1
21 %ALLUSERSPROFILE%\Dati applicazioni\ZjevH3HwzpNRaA.exe 370,688 0b07f47b65d44764c8f83fb4bbc8c69d 1
22 %WINDIR%\TEMP\hki283.exe 116,224 72b6a7e7c15faa446887fe5ec3e124fd 1
23 %USERPROFILE%\Local Settings\Application Data\way.exe 286,208 04fcd92131958aa0a743f63ebb22ef55 1
24 %USERPROFILE%\Local Settings\Application Data\uhu.exe 277,504 b6ce567a103eec4193c4e457f69d72b7 1
25 %USERPROFILE%\Local Settings\Application Data\ang.exe 299,520 a0b052c56c4d94c36e2a5b04c0bf75bc 1
26 %WINDIR%\SysWOW64\svch0sts.exe 102,416 47dc6120ea76568d3fa6db38a754438f 1
27 c:\windows\syswow64\dbelh.exe 13,824 fbdc9f9793d0f7d7633739c1140925b6 1
28 c:\windows\syswow64\jukbot.exe 58,368 ea707f58bb682d7f7fccc09f81981915 1
29 ang.exe N/A
30 t00el32.dll N/A
31 way.exe N/A
32 zyifur.exe N/A
33 bsn.exe N/A
34 AbdioPdfEditor.exe N/A
35 eygen.exe N/A
36 ZjevH3HwzpNRaA.exe N/A
37 qxd.exe N/A
38 hki283.exe N/A
39 uhu.exe N/A
40 skfp.exe N/A
41 rjy.exe N/A
42 Stellar_Phoenix_Password_Recovery_v1_0_k N/A
43 file.exe 98,816 8cfc667714d6dee857137f92203986f0 0
More files

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.