Mal/Jadtre-C DescriptionType: Browser Hijackers
Mal/Jadtre-C is a malware infection and dropper of the Chinese bootkit Guntior. Mal/Jadtre-C contains two execution branches; one is a dynamic link library (DLL) and the other is an executable file. During its execution down the '.exe' path Mal/Jadtre-C maintains a log file in the %Temp% directory named 'stinst.log' to collect information such as the operating system version and its randomly created name when it replicates itself to the system32 directory. Mal/Jadtre-C also assures that the %Temp% directory is added to the PATH environment variable. Mal/Jadtre-C is based on the system time as a seed to generate random names for itself and its dropped components. Mal/Jadtre-C also names a copy of itself 'msimg32.dll' in the %Temp% directory, creates a copy of 'HelpCtr.exe' in the %TEMP% directory, and modifies the PEFlags in the new copy of 'msimg32.dll' so that they specify that the file is a dll. 'HelpCtr.exe' is a legal and safe Windows file that imports calls from 'msimg32.dll', which is commonly found in the system folder. 'HelpCtr.exe' starts the Windows Help and Support Center homepage.
File System Details
|#||File Name||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.