JF.SYS – Unclassified Malware

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

JF.SYS – Unclassified Malware removal

FileMD5Virus Alias

JF.SYS size: 37870 bytes

Created files:

%Program Files%\CNNIC\Cdn\cdnaux.dll
%Program Files%\CNNIC\Cdn\cdnforie.dll
%Program Files%\CNNIC\Cdn\cdnprh.dll
%Program Files%\CNNIC\Cdn\cdnunins.exe
%Program Files%\CNNIC\Cdn\cdnup.exe
%Program Files%\CNNIC\Cdn\idnconvs.dll
%SysDir%\drivers\cdnprot.sys
%SysDir%\drivers\jf.sys
%TEMP%\13jrqz.dll
%TEMP%\63\cdn.dll
%TEMP%\63\cdnaux.dll
%TEMP%\63\cdnforie.dll
%TEMP%\63\cdnins.dll
%TEMP%\63\cdnprh.dll
%TEMP%\63\cdnprot.sys
%TEMP%\63\cdnunins.exe
%TEMP%\63\cdnup.exe
%TEMP%\63\idnconvs.dll
%TEMP%\63\setup.exe
%TEMP%\vpj.dll

Autostart registry keys:

HKLM\Software\Classes\CLSID\{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}\InprocServer32 : C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\run\CdnCtr: %Program Files%\CNNIC\Cdn\cdnup.exe
HKLM\System\CurrentControlSet\Services\cdnprot\type: 01000000
HKLM\System\CurrentControlSet\Services\cdnprot\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\cdnprot\DisplayName: cdnprot
HKLM\System\CurrentControlSet\Services\cdnprot\ImagePath: 730079007300740065006D00330032005C0064007200690076006500720073005C00630064006E00700072006F0074002E007300790073000000
HKLM\System\CurrentControlSet\Services\cdnprot\DescriptionName: cdnprot
HKLM\System\CurrentControlSet\Services\cdnprot\SystemRoot: %WinDir%
HKLM\System\CurrentControlSet\Services\cdnprot\InstallPath: %Program Files%\CNNIC\Cdn
HKLM\System\CurrentControlSet\Services\cdnprot\Security\Security: 01001480900000009C000000140000003000000002001C000100000002801400FF010F000101000000000001000000000200600004000000000014008D01020001010000000000050B000000000018009D0102000102000000000005200000002302000000001800FF010F000102000000000005200000002002000000001400FD010200010100000000000512000000010100000000000512000000010100000000000512000000
HKLM\System\CurrentControlSet\Services\jf\Type: 01000000
HKLM\System\CurrentControlSet\Services\jf\Start: 03000000
HKLM\System\CurrentControlSet\Services\jf\ErrorControl: 01000000
HKLM\System\CurrentControlSet\Services\jf\DisplayName: jf
HKLM\System\CurrentControlSet\Services\jf\ImagePath: %WinDir%\System32\drivers\jf.sys

Detected by UnHackMe:

JF.SYS
Default location: %SYSDIR%\DRIVERS\JF.SYS

Dropper information:
MD5: 514330748ccba37a17daf3096c328686
File size: 1247297 bytes

Leave a Reply