WORM_JER.A
WORM_JER.A is a malicious computer worm that may represent security risk for the corrupted computer system and its network environment. WORM_JER.A is also capble to block security software by modifying firewall settings and by disabling security services, for example, Kaspersky Anti-virus, Windows Update, Norton Autoprotect, etc. WORM_JER.A is a dangerous program that can infects system integrity by making modifications to the system that enable it to be used for malicious aims unidentified to the computer user. Some of such malicious programs may frequently pop-up advertising messages to bother computer users, while more severely they may harm the data in computers. Remove WORM_JER.A from your PC as soon as possible.
File System Details
WORM_JER.A may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %Windir%\Temp\ res_ab4.exe, %AppData%\stwwx.exe | |
2. | %CommonPrograms%\Startup\SYSTEMIL2.EXE | |
3. | %Windir%\Temp\2.jpg, %Windir%\Temp\7pp8em6k5.exe | |
4. | %Windir%\Temp\o6jv.exe | |
5. | %Windir%\SYSTEMIL.EXE, %AppData%\hil.exe | |
6. | %Windir%\Temp\ main.exe, %Temp%\2rogvoir.exe | |
7. | %FontsDir%\services.exe, %Windir%\svc2.exe | |
8. | %Windir%\Temp\index.html, %Windir%\Temp\ins3mlxqr.exe | |
9. | c:\Documents.exe | |
10. | %Windir%\Temp\ fb_spam_ab4.exe, %AppData%\yaor.exe | |
11. | %Temp%\34byl.exe, %Windir%\Temp\34byl.exe | |
12. | %Windir%\Temp\9cho4.log, %Windir%\Temp\file.exe | |
13. | %Windir%\Temp\1.jpg, %Windir%\Temp\12.tmp | |
14. | %System%\nwcwks.dll, %Windir%\Tasks\fbagent.job | |
15. | c:\2.txt, %Windir%\Temp\111.tmp | |
16. | %Temp%\4wa3x6e21.bat, %FontsDir%\mlog | |
17. | %Windir%\Temp\13.tmp, %Windir%\Temp\14.tmp |
Registry Details
WORM_JER.A may create the following registry entry or registry entries:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Alexa Internet
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Enum
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tbsolute
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Parameters HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NWCWorkstation\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000\Control
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NWCWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION\0000 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWCWORKSTATION\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWCWORKSTATION\0000
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.