Home / malware Trojan:Win32/Jarios.A
First posted on 13 November 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Jarios.A.
Explanation :
Threat behavior Trojan:Win32/Jarios.A is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
Trojan:Win32/Jarios.A creates the following files on your PC:
%windir% \assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\dfsvc.exe
\config\systemprofile\application data\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9 \config\systemprofile\application data\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9 - c:\documents and settings\administrator\avm0.dat
- c:\documents and settings\administrator\local settings\temp\malware.mnt
Payload
Contacts remote hosts
Trojan:Win32/Jarios.A may contact the following remote hosts using port 80:
- crl.microsoft.com
- jaoaarthur2015.com
Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 8e14702c1ff9021bc0cd17a46203151934576fa6.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
%windir%\assembly\nativeimages_v2.0.50727_32\temp\zape.tmp\dfsvc.exe
\config\systemprofile\application data\microsoft\cryptneturlcache\content\7b2238aaccedc3f1ffe8e7eb5f575ec9
\config\systemprofile\application data\microsoft\cryptneturlcache\metadata\7b2238aaccedc3f1ffe8e7eb5f575ec9
c:\documents and settings\administrator\avm0.dat
c:\documents and settings\administrator\local settings\temp\malware.mntLast update 13 November 2014
