Malware.Rujack
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 104 |
Threat Level: | 50 % (Medium) |
Infected Computers: | 429,410 |
First Seen: | April 6, 2017 |
Last Seen: | September 21, 2023 |
OS(es) Affected: | Windows |
Rujack and Malware.Rujack are detection names that are used by cybersecurity developers in reference to riskware and browser hijacking software, which forces users to load pages on the h[tt]ps://mail[.]ru domain. Mail.ru is a legitimate site suited for Russian-speaking Web surfers. Mail.ru is similar to Bing and Google in many ways with its built-in weather forecast, IM client support, email service, news feeds and the Yandex search service integration. Unfortunately, the reputation of Mail.ru is has been plagued by adware activity and browser hijacking that was caused by third parties looking to claim advertising revenue from redirecting users to Mail.ru.
The software flagged as Rujack and Malware.Rujack may include browser extensions for Google Chrome, add-ons for Mozilla Firefox and Browser Helper Objects (BHOs) for Internet Explorer. Usually, the Rujack applications are distributed to PC users in the company of misleading and fake updates for Adobe Flash and Java. Rujack-branded programs may be presented to users as free media players and extensions that help with streaming video content from the Internet. We have seen applications like “Rutube Chrome Extension,” “WebExpEnhanced,” and “UpdHost2” flagged as Malware.Rujack and PUP.Optional.MailRu. Extensions with the following IDs have been known to cause problems for users:
lhemechcanjmilllmccjbjldonmnnjjj
hcadgijmedbfgciegjomfpjcdchlhnif
bhjhnafpiilpffhglajcaepjbnbjemci
indjgiebmakhmnaplnlnanodkfiejfjd
The Rujack software is observed to make changes to popular Web browsers and force them to load resources at Mail.ru, as well as advertisements from untrusted domains. Most of the cases that involve the Rujack software correspond to Europe and Central America. Malware.Rujack may use VBS scripts and Registry keys to redirect users to insecure pages on the Internet, as well as invite users to run questionable software from unverified publishers. It is best to remove the files and applications associated with Malware.Rujack using a credible anti-malware suite. AV scanners may list related files with the following names:
- Suspicious_GEN.F47V0628
- Trojan.Agent.CIPO
- Trojan.VBS.HotNews.a
- Win32/Trojan.7e4
- malware (ai score=81)
Table of Contents
SpyHunter Detects & Remove Malware.Rujack
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | ijhg.vbs | f72c0e51ec0d968d482a9a127792aa58 | 259 |
2. | ijhg.vbs | 990b494c525a8368f4b7ed9bac762ae1 | 57 |
3. | ijhg.vbs | cbea28fe6583edc76b225b8b928a4d11 | 43 |
Registry Details
Directories
Malware.Rujack may create the following directory or directories:
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Чистилка |
%ALLUSERSPROFILE%\Чистилка |
%APPDATA%\CurrencyConvertor |
%APPDATA%\EVERYDAYHOLIDAY |
%APPDATA%\MarketAdvior |
%APPDATA%\Movies |
%APPDATA%\Onetabber |
%APPDATA%\PBot |
%APPDATA%\WeatherForecaster |
%APPDATA%\YoutubeDownloader |
%APPDATA%\YoutubeDownloader_upd |
%APPDATA%\adtschema |
%APPDATA%\gerpril |
%APPDATA%\kceidjgdigbhildogdafgekneemgibfe |
%APPDATA%\msspeedlib |
%APPDATA%\mysidex |
%APPDATA%\okagncigkfokplmopeninonbibkmpogi |
%APPDATA%\printfilterpipelinesvc |
%AppData%\LookupPro |
%AppData%\kodobi |
%TEMP%\tmpnrlv3x9i |
%TEMP%\tmpq07u1cp9 |
URLs
Malware.Rujack may call the following URLs:
//searchtds.ru |
/gazetwa.ru |
/kalolo.ru |
c.traffic-media.co/ |
go.deliverymodo.com/afu |
sagepubgo.com |
search.distring.ru |
searche-engine.ru |
searchtrack.ru |
send-notice.com |
top-start-page.com/ |
traff-1.ru |
traff-2.ru |
traff-3.ru |
traff1.ru |
traff3.ru |
traffic-media.co/mghtml |
vulkanstyle.gq |