Home Malware Programs Trojans Trojan.Jokra

Trojan.Jokra

Posted: March 21, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 39
First Seen: March 21, 2013
OS(es) Affected: Windows

Trojan.Jokra is a Trojan that wipes the hard drive of the affected PC by overwriting the default data with one of several predetermined text strings. Trojan.Jokra is compatible with multiple types of operating systems, and some members of the PC security industry speculate that a variant of Trojan.Jokra was involved in the recent South Korean DarkSeoul (or Mal/EncPk-ACE) attacks. Although Trojan.Jokra's worldwide distribution numbers are low, given the potential damage of Trojan.Jokra's attacks, SpywareRemove.com malware researchers stress the usefulness of preventative security steps that will block a Trojan.Jokra infection from occurring. However, if your PC does need Trojan.Jokra removed, then a strong anti-malware program should be the readiest solution for deleting Trojan.Jokra without harming anything else on your hard drive.

How Trojan.Jokra Jokes Around with Your Files

Trojan.Jokra is a fairly rare type of Trojan: Trojan.Jokra is designed to destroy information rather than steal it and doesn't include any revenue-generating functions that other PC threats have popularized. Given Trojan.Jokra's main function, the simplest way to protect your computer from a Trojan.Jokra attack is to regularly backup all of your hard drive data so that it can be restored even if Trojan.Jokra does succeed in wiping all information on your hard drive. SpywareRemove.com malware experts warn that Trojan.Jokra's attack includes any removable drives that are plugged in to your computer at the time and is compatible with both Windows and Linux-based OSes.

Trojan.Jokra's initial functions disable a small amount of programs that are related to PC security. Afterward, Trojan.Jokra proceeds with overwriting all information on any available drives with one of several phrases, the meaning of which currently is unclear (even though in a general way one of them give the appearance of been derived from the warfare-related terminology of the Roman Empire). Data that's overwritten includes your operating system, essentially 'bricking' the hard drive; at least until everything can be reinstalled from scratch.

It's worth noting that, although Trojan.Jokra's payload is very similar to the previously-identified Shamoon and that some PC security researchers have speculated that Trojan.Jokra is used for similar state espionage-related purposes, Trojan.Jokra is not related to the Shamoon worm (which targets Middle Eastern companies). Certain attacks against South Korean ISPs and associated companies, including television networks, are speculated to be caused by a variant of Trojan.Jokra, although currently that PC threat is identified as Mal/EncPk-ACE.

The Punchline that Will Sock Trojan.Jokra in the Jaw

Hard drive backups that are stored on removable devices (DVDs, USB drives or CDs) can be used to restore any information that Trojan.Jokra may have overwritten, making its attacks alarmist but harmless. However, it must be emphasized a second time that any removable devices that are attached to your PC at the time of Trojan.Jokra's attack also will be wiped. Trojan.Jokra's infection routes haven't yet been firmly identified, but may be related to e-mail spam messages that target various ISPs and media-based businesses in South Korea (one of the most common methods of attacking specific targets).

Trojan.Jokra hasn't been found to include any ability to infect new computers through removable devices, self-sent spam or other methods that are common to worms. However, other PC threats may be employed for Trojan.Jokra's distribution and can include such features. Because of the possible damage of a Trojan.Jokra attack, SpywareRemove.com malware research team recommends keeping anti-malware products that can detect Trojan.Jokra before its attack begins and remove Trojan.Jokra once Trojan.Jokra is detected.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 29.18 KB (29184 bytes)
MD5: dd9a67cd71b06eb25cc6dc399b2a6ca9
Detection count: 78
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 26, 2013
file.exe File name: file.exe
Size: 491 KB (491008 bytes)
MD5: b1718ed1310dfcffbc9372de2a4683d2
Detection count: 75
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 26, 2013
file.exe File name: file.exe
Size: 1.18 KB (1186 bytes)
MD5: dc789dee20087c5e1552804492b042cd
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 26, 2013
file.exe File name: file.exe
Size: 24.72 MB (24720625 bytes)
MD5: d49ac73293956c617e0bb0491b0faf5d
Detection count: 48
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 26, 2013
file.exe File name: file.exe
Size: 14.59 KB (14594 bytes)
MD5: ba05b50ccea60437d340a95eb2f67d3e
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 26, 2013
%Temp%\AgentBase.exe File name: %Temp%\AgentBase.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\conime.exe File name: %Temp%\conime.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\~pr1.tmp File name: %Temp%\~pr1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Temp%\~v3.log File name: %Temp%\~v3.log
Mime Type: unknown/log
Group: Malware file
%Temp%\alg.exe File name: %Temp%\alg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Loading...