Jollywallet

By JubileeX in Adware

Threat Scorecard

Ranking:	7,879
Threat Level:	20 % (Normal)
Infected Computers:	9,013

First Seen:	March 7, 2013
Last Seen:	September 18, 2023
OS(es) Affected:	Windows

Jollywallet is an adware threat that is known for displaying annoying pop-up advertisements that attempt to offer online shopping savings deals. These pop-up messages from Jollywallet usually display randomly and lead to unwanted sites when clicked on. Jollywallet may be installed with bundled software where it will run in the background while displaying a toolbar offering shopping and sharing features. Uninstalling Jollywallet is usually a difficult process as it is not clearly marked within the list of installed apps through the Windows control panel.

Table of Contents

SpyHunter Detects & Remove Jollywallet

File System Details

Jollywallet may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	jollywallet_99_2.exe	0f17f7e4a7fd45360b92e3cfb312dea4	1
Name: jollywallet_99_2.exe MD5: 0f17f7e4a7fd45360b92e3cfb312dea4 Size: 2.72 MB (2720120 bytes) Detections: 1 Type: Executable File Group: Malware file Last Updated: August 17, 2022

Registry Details

Jollywallet may create the following registry entry or registry entries:

CLSID

{11111111-1111-1111-1111-110111251155}

{22222222-2222-2222-2222-220122252255}

{44444444-4444-4444-4444-440144254455}

{55555555-5555-5555-5555-550155255555}

{66666666-6666-6666-6666-660166256655}

File name without path

http_www.jollywallet.com_0.localstorage

http_www.jollywallet.com_0.localstorage-journal

Regexp file mask

%TEMP%\jollywallet[RANDOM CHARACTERS]

%WINDIR%\System32\Tasks\jollywallet-chromiuminstaller

%WINDIR%\System32\Tasks\jollywallet-codedownloader

%WINDIR%\System32\Tasks\jollywallet-updater

%WINDIR%\System32\Tasks\jollywallet-updater_user

%WINDIR%\Tasks\jollywallet-chromiuminstaller.job

%WINDIR%\Tasks\jollywallet-codedownloader.job

%WINDIR%\Tasks\jollywallet-updater.job

%WINDIR%\Tasks\jollywallet-updater_user.job

HKEY..\..\..\..{RegistryKeys}

Software\AppDataLow\Software\Crossrider\Button\12555

Software\AppDataLow\Software\Crossrider\onBeforeNavigate\12555

Software\AppDataLow\Software\Crossrider\onRequest\12555

Software\AppDataLow\Software\JollyWallet

SOFTWARE\Classes\CrossriderApp0012555.BHO

SOFTWARE\Classes\CrossriderApp0012555.BHO.1

SOFTWARE\Classes\CrossriderApp0012555.Sandbox

SOFTWARE\Classes\CrossriderApp0012555.Sandbox\CLSID

SOFTWARE\Classes\CrossriderApp0012555.Sandbox\CurVer

Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\jollywallet

Software\Cr_Installer\12555

Software\InstalledBrowserExtensions\JollyWallet

SOFTWARE\jollywallet

Software\Microsoft\Internet Explorer\Approved Extensions\{11111111-1111-1111-1111-110111251155}

Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{11111111-1111-1111-1111-110111251155}

Software\Microsoft\Internet Explorer\DOMStorage\jollywallet.com

Software\Microsoft\Internet Explorer\DOMStorage\www.jollywallet.com

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b26e61c-045a-4607-82af-995a89b789f4}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce6c9745-5ad7-4f85-a9c0-2f67c8801385}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d41f9bdf-97dd-4f7b-9841-4a8d2fe93269}

Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dfd7d9b1-1cc1-4d8a-bf44-b9879446a65d}

Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\jollywallet.com

SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\jollywallet-bg.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Updater12555.exe

Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111251155}

Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111251155}

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110111251155}

SOFTWARE\Wow6432Node\jollywallet

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111251155}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111251155}

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\jollywallet-bg.exe

SOFTWARE\Wow6432Node\Microsoft\Tracing\JollyWallet-InternalInstaller_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\JollyWallet-InternalInstaller_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Tracing\JollyWallet_RASAPI32

SOFTWARE\Wow6432Node\Microsoft\Tracing\JollyWallet_RASMANCS

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111251155}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110111251155}

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

JollyWallet

Directories

Jollywallet may create the following directory or directories:

%LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\nebgmadhfahbjejndohjkhofghapnhhl

%LOCALAPPDATA%\JollyWallet

%LOCALAPPDATA%\Updater12555

%PROGRAMFILES%\JollyWallet

%PROGRAMFILES(x86)%\JollyWallet

%UserProfile%\AppData\LocalLow\jollywallet

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Jollywallet

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove Jollywallet

File System Details

Registry Details

Directories

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen