WORM_JER.A

By Domesticus in Worms

WORM_JER.A is a malicious computer worm that may represent security risk for the corrupted computer system and its network environment. WORM_JER.A is also capble to block security software by modifying firewall settings and by disabling security services, for example, Kaspersky Anti-virus, Windows Update, Norton Autoprotect, etc. WORM_JER.A is a dangerous program that can infects system integrity by making modifications to the system that enable it to be used for malicious aims unidentified to the computer user. Some of such malicious programs may frequently pop-up advertising messages to bother computer users, while more severely they may harm the data in computers. Remove WORM_JER.A from your PC as soon as possible.

File System Details

WORM_JER.A may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%Windir%\Temp\ res_ab4.exe, %AppData%\stwwx.exe
Name: %Windir%\Temp\ res_ab4.exe, %AppData%\stwwx.exe Type: Executable File
2.	%CommonPrograms%\Startup\SYSTEMIL2.EXE
Name: %CommonPrograms%\Startup\SYSTEMIL2.EXE Type: Executable File
3.	%Windir%\Temp\2.jpg, %Windir%\Temp\7pp8em6k5.exe
Name: %Windir%\Temp\2.jpg, %Windir%\Temp\7pp8em6k5.exe Type: Executable File
4.	%Windir%\Temp\o6jv.exe
Name: %Windir%\Temp\o6jv.exe Type: Executable File
5.	%Windir%\SYSTEMIL.EXE, %AppData%\hil.exe
Name: %Windir%\SYSTEMIL.EXE, %AppData%\hil.exe Type: Executable File
6.	%Windir%\Temp\ main.exe, %Temp%\2rogvoir.exe
Name: %Windir%\Temp\ main.exe, %Temp%\2rogvoir.exe Type: Executable File
7.	%FontsDir%\services.exe, %Windir%\svc2.exe
Name: %FontsDir%\services.exe, %Windir%\svc2.exe Type: Executable File
8.	%Windir%\Temp\index.html, %Windir%\Temp\ins3mlxqr.exe
Name: %Windir%\Temp\index.html, %Windir%\Temp\ins3mlxqr.exe Type: Executable File
9.	c:\Documents.exe
Name: c:\Documents.exe Type: Executable File
10.	%Windir%\Temp\ fb_spam_ab4.exe, %AppData%\yaor.exe
Name: %Windir%\Temp\ fb_spam_ab4.exe, %AppData%\yaor.exe Type: Executable File
11.	%Temp%\34byl.exe, %Windir%\Temp\34byl.exe
Name: %Temp%\34byl.exe, %Windir%\Temp\34byl.exe Type: Executable File
12.	%Windir%\Temp\9cho4.log, %Windir%\Temp\file.exe
Name: %Windir%\Temp\9cho4.log, %Windir%\Temp\file.exe Type: Executable File
13.	%Windir%\Temp\1.jpg, %Windir%\Temp\12.tmp
Name: %Windir%\Temp\1.jpg, %Windir%\Temp\12.tmp Type: Temporary File
14.	%System%\nwcwks.dll, %Windir%\Tasks\fbagent.job
Name: %System%\nwcwks.dll, %Windir%\Tasks\fbagent.job
15.	c:\2.txt, %Windir%\Temp\111.tmp
Name: c:\2.txt, %Windir%\Temp\111.tmp Type: Temporary File
16.	%Temp%\4wa3x6e21.bat, %FontsDir%\mlog
Name: %Temp%\4wa3x6e21.bat, %FontsDir%\mlog
17.	%Windir%\Temp\13.tmp, %Windir%\Temp\14.tmp
Name: %Windir%\Temp\13.tmp, %Windir%\Temp\14.tmp Type: Temporary File

Registry Details

WORM_JER.A may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Enum

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tbsolute

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Security

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Parameters

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000\Control

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION\0000\Control

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

WORM_JER.A

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen