Prevx Research Division
JTJNET.EXE
Currently being reviewedThe most common objects with the name of JTJNET.EXE are considered safe.
You can use our free Prevx Scanner to thoroughly check your PC for spyware and other infections. It is free and takes less than 2 minutes to run. To start the scan just click the blue button.
File Behavior
JTJNET.EXE has been seen to perform the following behavior:
- This process creates other processes on disk
- Can communicate with other computer systems using HTTP protocols
- This Process Deletes Other Processes From Disk
- Executes Processes stored in Temporary Folders
- Executes a Process
- Writes to another Process's Virtual Memory (Process Hijacking)
- Creates system tray popups, messages, errors and security warnings
- Visits web sites on your PC without you knowing
JTJNET.EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed from Temporary Folders
- Executed as a Process
- Deleted as a process from disk
- Has code inserted into its Virtual Memory space by other programs
Country Of Origin
The filename JTJNET.EXE was first seen on Jun 15 2008 in the following geographical regions of the Prevx community:
- Spain on Jun 15 2008
- South Africa on Jun 15 2008
Filesizes
This file has been seen with the following file size:
- 41,535 bytes
Vendor, Product and Version Information
This file has no vendor, product or version information specified in the file header.
File Type
The filename JTJNET.EXE refers to an executable program.
File Activity
One or more files with the name JTJNET.EXE creates, deletes, copies or moves the following files and folders:
- Deletes c:\docume~1\user\locals~1\temp\nskB.tmp
- Deletes c:\docume~1\user\locals~1\temp\nsaD.tmp
- Creates c:\docume~1\user\locals~1\temp\nsad.tmp\InetLoad.dll
- Creates c:\docume~1\user\locals~1\temp\setup1j.exe
- Opens/modifes c:\autoexec.bat
- Deletes c:\docume~1\user\locals~1\temp\setup1j.exe
- Creates c:\docume~1\user\locals~1\temp\Setup_ver1.142
- Deletes c:\docume~1\user\locals~1\temp\nsad.tmp\InetLoad.dll
- Creates c:\docume~1\user\locals~1\temp\smcheck.exe
- Creates c:\docume~1\user\locals~1\temp\media.ph
- Creates c:\docume~1\user\locals~1\temp\bindsrv2.exe
- Creates c:\docume~1\user\locals~1\temp\atmadm2.exe
- Creates c:\docume~1\user\locals~1\temp\378_appcompat.txt
- Creates c:\docume~1\user\locals~1\temp\21A93.dmp
- Deletes c:\docume~1\user\locals~1\temp\SETUP_~1.EXE
- Creates c:\docume~1\user\locals~1\temp\user32
- Creates c:\windows\system32\iifcBqRH.dll
- Copies filec:\windows\system32\iifcBqRH.dll to c:\windows\system32\mlJBQKBs.dll
- Creates c:\docume~1\user\locals~1\temp\removalfile.bat
- Deletes c:\windows\resources\ServiceSetDrive.dll
- Creates c:\windows\resources\ServiceSetDrive.dll
- Deletes c:\program files\bho.exe
- Creates c:\program files\bho.exe
- Deletes c:\program files\antiviirus.exe
- Creates c:\program files\antiviirus.exe
- Creates c:\z3gdf45.bat
- Deletes c:\docume~1\user\locals~1\temp\bindsrv2.exe
- create folder C:\WINDOWS\system32\977751
- Creates c:\windows\system32\977751\977751.dll
- Creates c:\42356d3.bat
- Copies filec:\program files\antiviirus.exe to c:\program files\tmp0.exe
- Copies filec:\program files\antiviirus.exe to c:\program files\tmp1.exe
- Copies filec:\program files\antiviirus.exe to c:\program files\tmp2.exe
- Deletes c:\docume~1\user\locals~1\temp\atmadm2.exe
- Deletes c:\z3gdf45.bat
Website Activity
One or more files with the name JTJNET.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- Remote server connection to www .infopan .co
- Remote server connection to www .jtjnet .co
- Port 80 IP:64.22.95.92
- Port 80 IP:74.52.223.34
- Port 80 IP:64.247.39.247
- Port 80 IP:77.91.227.179
- Port 80 IP:193.33.61.166
- Port 80 IP:85.255.119.133
- Port 80 IP:77.91.228.187
- Port 80 IP:85.255.120.35