Infostealer.Jginko

Posted: September 29, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	6,989

First Seen:	September 29, 2011
Last Seen:	May 10, 2024
OS(es) Affected:	Windows

Infostealer.Jginko is a spyware program that's designed to steal Japanese banking information. Although SpywareRemove.com malware experts didn't expect to see a resurgence of this 2005-era spyware, there has been a recent resurgence of Infostealer.Jginko attacks, focused specifically on Japanese e-mail accounts. Infostealer.Jginko e-mail messages mimic messages from legitimate banking institutions and request that you open a file attachment to fill out a form that will renew your credit card. However, once you fill out this form, Infostealer.Jginko will take a screenshot of the information that's on it and send this data to its criminal maintainers. If you think that your bank account has been compromised by Infostealer.Jginko, take appropriate steps to increase the security of your bank account and use a suitable anti-malware program to delete Infostealer.Jginko itself.

Infostealer.Jginko – An E-mail Thief That's Aging but Active

Infostealer.Jginko, also known as TSPY_BANCOS.ANM, PWSteal.Jginko, Trojan-Spy.Win32.Banker.vt, PWS-Jginko and Troj/Jginko-A, is most-commonly encountered in spam e-mail messages. The currently-circulating Infostealer.Jginko e-mail template uses a simple deception that tries to convince you that the e-mail message was sent by a Japanese bank. Naturally, SpywareRemove.com malware experts have traced the sender addresses back to fraudulent third-party sources, although externally they strongly resemble an e-mail address from a well-known Japanese banking institution such as the DBJ or JFC.

Infostealer.Jginko's e-mail asks you to fill out a form in an accompanying file attachment to renew your credit card. SpywareRemove.com malware researchers note that unusual file attachments like Infostealer.Jginko's are often a key sign of malicious e-mail messages and are almost never used by legitimate companies, including banks.

The Consequences of Trusting an Infostealer.Jginko File Attachment

If you open Infostealer.Jginko's file attachment, your PC will become infected by Infostealer.Jginko. However, there is a form included with the attachment – rather craftily, the criminals included this form to allow Infostealer.Jginko to grab the information in a screen capture after you've filled it out! If you suspect that your bank account has been compromised in this fashion, you should call your bank to look into necessary procedures for reestablishing the account's security.

Deleting Infostealer.Jginko should also be considered a high priority, since Infostealer.Jginko may be capable of making other forms of spyware attacks, such as keylogging and will use up system resources until you've deleted Infostealer.Jginko from your PC. As SpywareRemove.com malware experts typically recommend, the usage of up-to-date anti-malware software is the simplest way to remove Infostealer.Jginko while insuring that no harm is caused to your operating system. Removing Infostealer.Jginko by manual methods isn't recommended if it can be avoided, since this may damage Windows, cause a loss of Internet connectivity or create other types of undesired side effects.

Infostealer.Jginko is capable of attacking most versions of Windows, including the following: Windows 95, Windows 98, Windows 2K, Windows Me, Windows NT, Windows Server 2003 and Windows XP.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

UFJ.exe

File name: UFJ.exe
Size: 711.68 KB (711680 bytes)
MD5: bf45f320ccbfd8ccc7815d6004b5c953
Detection count: 60
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: October 3, 2011

C:\system.exe

File name: C:\system.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"system.exe" = "C:\system.exe"