Mal/Jadtre-C Description

Type: Browser Hijackers

Mal/Jadtre-C is a malware infection and dropper of the Chinese bootkit Guntior. Mal/Jadtre-C contains two execution branches; one is a dynamic link library (DLL) and the other is an executable file. During its execution down the '.exe' path Mal/Jadtre-C maintains a log file in the %Temp% directory named 'stinst.log' to collect information such as the operating system version and its randomly created name when it replicates itself to the system32 directory. Mal/Jadtre-C also assures that the %Temp% directory is added to the PATH environment variable. Mal/Jadtre-C is based on the system time as a seed to generate random names for itself and its dropped components. Mal/Jadtre-C also names a copy of itself 'msimg32.dll' in the %Temp% directory, creates a copy of 'HelpCtr.exe' in the %TEMP% directory, and modifies the PEFlags in the new copy of 'msimg32.dll' so that they specify that the file is a dll. 'HelpCtr.exe' is a legal and safe Windows file that imports calls from 'msimg32.dll', which is commonly found in the system folder. 'HelpCtr.exe' starts the Windows Help and Support Center homepage.

Technical Information

File System Details

Mal/Jadtre-C creates the following file(s):
# File Name Detection Count
1 HelpCtr.exe N/A
2 msimg32.dll N/A
3 stinst.log N/A

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.