File Investigation Report

"JJ2.COM"

Malicious Software

PC Cleanup in 3 Easy Steps

Use Prevx 3.0 to remove JJ2.COM, along with any other viruses, spyware, adware, trojans, rootkits, worms, information stealers, keyloggers, bots, and other form of malicious threat that may reside on your PC.

Remove this Infection »

PC Magazine, Editors' Choice, May 2009

Think your PC might be Infected? Scan Now Prevx 3.0 will scan your PC in seconds to inform you whether your PC is clean or infected.
Malware Removal Prevx 3.0 removes adware infections for free. More complicated infections require purchase of a malware removal license.
Expert Assistance In the rare occurence that Prevx 3.0 malware removal fails - a Prevx Engineer will connect to your PC and manually disinfect.
Money Back Guarantee for Individual Users If within the first 14 days, the Prevx Engineer finds it impossible to clean an infection from your PC, we give you your money back.

File Behavior

JJ2.COM has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
This process creates other processes on disk
This Process Deletes Other Processes From Disk
Registers a Dynamic Link Library File
Drops known malicious software during execution
Modifies fixed, removable or USB drives using autorun to execute or spread infection

JJ2.COM has been the subject of the following behavior:

Added as a Registry auto start to load Program on Boot up
Copied to multiple locations on the system
Deleted as a process from disk
Executed as a Process

Country Of Origin

The filename JJ2.COM was first seen on May 31 2009 in the following geographical regions of the Prevx community:

SPAIN on May 31 2009
VIET NAM on Jul 18 2009

Filesizes

The following file size has been seen:

101,509 bytes
203,909 bytes

File Type

The filename JJ2.COM refers to many versions of an executable program.

File Activity

One or more files with the name JJ2.COM creates, deletes, copies or moves the following files and folders:

Deletes c:\windows\system32\drivers\cdaudio.sys
Copies file$�_CHAR(0x12)_\dllcache\cdaudio.sys to c:\windows\system32\drivers\cdaudio.sys
Deletes c:\windows\system32\uret463.exe
Deletes c:\windows\system32\lhgjyit0.dll
Creates c:\windows\system32\lhgjyit0.dll
Deletes c:\jj2.co
Copies filec:\windows\system32\uret463.exe to c:\jj2.co
Deletes c:\autorun.in
Creates c:\autorun.in
Deletes d:\jj2.co
Copies filec:\windows\system32\uret463.exe to d:\jj2.co
Deletes d:\autorun.in
Creates d:\autorun.in
Deletes c:\docume~1\user\locals~1\temp\cc1.rar
Opens/modifes c:\autoexec.bat
Creates c:\docume~1\user\locals~1\temp\cc1.rar

Website Activity

One or more files with the name JJ2.COM interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.

TCP:127.0.0.1:1068 Port:18
Port 80 IP:221.1.222.109

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.