jushed.exe/jre.exe Removal


Trojan.Buzus.asuu:

First seen in July of 2009, this Trojan is just on the release. Doesn't create much damage to the system. However, the files once executed, try to spread with the help of Removable drives. The Trojan can thus enter your system through a Removable Disk or from another Trojan-dropper in your system. It targets the "C:\WINDOWS\System" folder as soon as it is executed and registers several DLLs. These DLLs are injected into several crucial windows processes that are run during the Startup. Like any other Trojan, this one also Creates/Modifies some of the Registry entries. It may also disturb your Firewall and Antivirus softwares by disabling their capacity to scan or report about the problem. 

                                  When a Removable disk is inserted into the infected computer, the Trojan makes sure that three files are created. First one is redmond.exe, second autorun.inf and Desktop.ini. Yes, thats right. Since the Desktop.ini file is always ignored, the virus tries this way to enter the target computer. Cleverly, this redmond.exe file that needs to be executed is being stored safely in the "Recycler" folder. Thus, the virus wouldn't be removed even if you format your computer. Now lets take a look at the removal of this Trojan. 

Instructions to remove Trojan.Buzus.asuu:

  1. Let us begin with repairing the registry. Reboot your system in the safe mode (Click here to know how to enable safe mode booting).
  2. Now goto Start --> Run and type Regedit. Navigate to the following key

    HKLM\Software\Microsoft\Security Center

    and delete the values UpdatesDisableNotify, AntiVirusDisableNotify or atleast set both of them to 0 (zero). This will enable the Antivirus scanning. 
  3. After you're done with that one, delete the following from the registry

    HKLM\System\CurrentControlSet\Control\Lsa
    Here, delete the key with the name "Notification Packages = "scecli%System%\fitozeba.dll"" on your righ.

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Delete the keys "moyubazime = "Rundll32.exe "%System%\wituloru.dll",s" and "SunJavaUpdateSched v3.3 = "%System%\jushed.exe" on the right.

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
    Delete "AppInit_DLLs = "%System%\fitozeba.dll"".

    HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    Delete the path "%System%\jushed.exe = "%System%\jushed.exe" from the Explorer key.


  4. Using Ctrl+F, search for "wukoraga.dll" and "fitozeba.dll". If you found them along with them embedded in a process, just remove the path. If you find a whole key with the name, get rid of it.
  5. Cleaning your registry = you're almost done. All that is left is deleting the files created by the virus in your Hard Disk Drive. Reboot your System and delete the following files from their respective directories

    • C:\WINDOWS\System\jushed.exe

    • C:\WINDOWS\System\jre.exe

    • C:\WINDOWS\System\zarukige

  6. Now unregister the following DLLs

    • %System%\wituloru.dll

    • %System%\wukoraga.dll

    • %System%\fitozeba.dll

  7. Sit back and relax. You've successfully deleted the Trojan.
VShop
Get the best security software for your compter here!

powered by Blogger | WordPress by Newwpthemes | Converted by BloggerTheme