Malware

About “Jaiko.2739 (B)” infection

Malware Removal

The Jaiko.2739 (B) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Jaiko.2739 (B) virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Mimics the system’s user agent string for its own requests
  • Reads data out of its own binary image
  • HTTP traffic contains suspicious features which may be indicative of malware related traffic
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Behavior consistent with a dropper attempting to download the next stage.
  • Exhibits behavior characteristic of Locky ransomware
  • Exhibits possible ransomware file modification behavior
  • Attempts to modify proxy settings
  • Appends a known Locky ransomware file extension to files that have been encrypted
  • Creates a known Locky ransomware decryption instruction / key file.

Related domains:

igrovie-awtomaty-play.ru

How to determine Jaiko.2739 (B)?



File Info:

crc32: 9EFF8816
md5: 7ee4deaba2d56979268d696bcafe152b
name: 7EE4DEABA2D56979268D696BCAFE152B.mlw
sha1: 3312f19463310acaf625d44c9446278871e886fc
sha256: 49949501854b84f5214d4f364001aed96e77edd31e514c5a01dcf17b039ea11a
sha512: da8dadaa92b7a16dbf645ca7a24c49e8081808bc5a807b1956edf03004130428d32335dc194cecbd7387cc93540576b55aab9a0f3b5c9f87c814b160e14d4f0b
ssdeep: 3072:kNuO421vKt+LRtw/H2eK4w9SC3XBq40Rxqg9bvx8ZOlBLKrtOeV:kK2tKILRtw/w9SCnBqjxqMbpYOj+Ie
type: MS-DOS executable, MZ for MS-DOS


Version Info:

LegalCopyright: Elaborate Bytes Copyright xa9.
Assembly Version: 8.6.80.6
InternalName: WellPotter
FileVersion: 8.6.80.6
CompanyName: Elaborate Bytes
PrivateBuild: 8.6.80.6
LegalTrademarks: Elaborate Bytes Copyright xa9.
Comments: Thinkers Move Vote Vision
ProductName: WellPotter
Languages: English
ProductVersion: 8.6.80.6
FileDescription: Thinkers Move Vote Vision
OriginalFilename: WellPotter
Translation: 0x0409 0x04b0

Jaiko.2739 (B) also known as:

BkavW32.AIDetect.malware1
K7AntiVirusTrojan ( 004f00a01 )
DrWebTrojan.Encoder.3976
CynetMalicious (score: 100)
ALYacGen:Variant.Jaiko.2739
CylanceUnsafe
ZillyaTrojan.Locky.Win32.3360
SangforTrojan.Win32.Save.a
CrowdStrikewin/malicious_confidence_70% (D)
K7GWTrojan ( 004f00a01 )
Cybereasonmalicious.ba2d56
SymantecML.Attribute.HighConfidence
ESET-NOD32Win32/Filecoder.Locky.C
APEXMalicious
AvastWin32:Malware-gen
KasperskyTrojan-Ransom.Win32.Locky.xak
BitDefenderGen:Variant.Jaiko.2739
NANO-AntivirusTrojan.Win32.Locky.ekusix
MicroWorld-eScanGen:Variant.Jaiko.2739
TencentWin32.Trojan.Filecoder.Ange
Ad-AwareGen:Variant.Jaiko.2739
SophosMal/Generic-S
ComodoMalware@#138cqrv3kkuuc
BitDefenderThetaGen:NN.ZexaF.34692.pmuaamUnDAei
VIPRETrojan.Win32.Generic!BT
TrendMicroRansom_LOCKY.F117AN
McAfee-GW-EditionBehavesLike.Win32.Injector.dc
FireEyeGeneric.mg.7ee4deaba2d56979
EmsisoftGen:Variant.Jaiko.2739 (B)
SentinelOneStatic AI – Malicious PE
JiangminTrojanDownloader.Trik.ah
AviraTR/AD.Locky.opacx
eGambitUnsafe.AI_Score_80%
Antiy-AVLTrojan/Generic.ASMalwS.1DC9EC5
MicrosoftRansom:Win32/FileCryptor
ArcabitTrojan.Jaiko.DAB3
AegisLabTrojan.Win32.Locky.j!c
ZoneAlarmTrojan-Ransom.Win32.Locky.xak
GDataGen:Variant.Jaiko.2739
TACHYONRansom/W32.Locky.246784.C
McAfeeGeneric.awl
MAXmalware (ai score=100)
VBA32Hoax.Locky
PandaTrj/CI.A
TrendMicro-HouseCallRansom_LOCKY.F117AN
RisingRansom.Genasom!8.293 (CLOUD)
YandexTrojan.Locky!IXULvMKuSC4
IkarusTrojan.Win32.Filecoder
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Filecoder_Locky.C!tr
AVGWin32:Malware-gen
Paloaltogeneric.ml

How to remove Jaiko.2739 (B)?

Jaiko.2739 (B) removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment