JAVA_OZNEB.B Description

Type: Possibly Unwanted Program

JAVA_OZNEB.B is a new variation of an old Java RAT (remote access Trojan), which is named UNRECOM (Universal Remote Control Multi-Platform). It was known a while ago as Adwind. JAVA_OZNEB.B proliferates via spam email messages. The spam email messages that are used to disperse JAVA_OZNEB.B (UNRECOM) are allegedly sent by American Express. The fraudulent bank email messages announce victimized recipients that their accounts have been suspended due to suspicious activity. The bogus email message includes the infected attachment which is not a report, but a copy of the RAT named JAVA_OZNEB.B. When JAVA_OZNEB.B corrupts a PC, it takes screenshots, shows notifications and mines for Litecoins. The Litecoin-mining component is a plug-in. The authors of UNRECOM can embed other plug-ins and further improve JAVA_OZNEB.B. Litecoin is a cryptocurrency that is often known to be a well-known alternative to Bitcoin. The Litecoin plug-in can permit a remote cybercriminal to use an attacked PC to mine Litecoins. Mining digital currencies needs a lot of computing power, so target PC users may experience sluggish performance from their affected PCs.

Technical Information

File System Details

JAVA_OZNEB.B creates the following file(s):
# File Name Detection Count
1 %Application Data%\oracle\Desktop.ini N/A
2 %Application Data%\oracle\olo.dll N/A

Registry Details

JAVA_OZNEB.B creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run oracle = "%Application Data%\oracle\olo.dll"

Related Posts

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.