Trojan.Jokra

Trojan.Jokra is a Trojan that wipes the hard drive of the affected PC by overwriting the default data with one of several predetermined text strings. Trojan.Jokra is compatible with multiple types of operating systems, and some members of the PC security industry speculate that a variant of Trojan.Jokra was involved in the recent South Korean DarkSeoul (or Mal/EncPk-ACE) attacks. Although Trojan.Jokra's worldwide distribution numbers are low, given the potential damage of Trojan.Jokra's attacks, SpywareRemove.com malware researchers stress the usefulness of preventative security steps that will block a Trojan.Jokra infection from occurring. However, if your PC does need Trojan.Jokra removed, then a strong anti-malware program should be the readiest solution for deleting Trojan.Jokra without harming anything else on your hard drive.

How Trojan.Jokra Jokes Around with Your Files

Trojan.Jokra is a fairly rare type of Trojan: Trojan.Jokra is designed to destroy information rather than steal it and doesn't include any revenue-generating functions that other PC threats have popularized. Given Trojan.Jokra's main function, the simplest way to protect your computer from a Trojan.Jokra attack is to regularly backup all of your hard drive data so that it can be restored even if Trojan.Jokra does succeed in wiping all information on your hard drive. SpywareRemove.com malware experts warn that Trojan.Jokra's attack includes any removable drives that are plugged in to your computer at the time and is compatible with both Windows and Linux-based OSes.

Trojan.Jokra's initial functions disable a small amount of programs that are related to PC security. Afterward, Trojan.Jokra proceeds with overwriting all information on any available drives with one of several phrases, the meaning of which currently is unclear (even though in a general way one of them give the appearance of been derived from the warfare-related terminology of the Roman Empire). Data that's overwritten includes your operating system, essentially 'bricking' the hard drive; at least until everything can be reinstalled from scratch.

It's worth noting that, although Trojan.Jokra's payload is very similar to the previously-identified Shamoon and that some PC security researchers have speculated that Trojan.Jokra is used for similar state espionage-related purposes, Trojan.Jokra is not related to the Shamoon worm (which targets Middle Eastern companies). Certain attacks against South Korean ISPs and associated companies, including television networks, are speculated to be caused by a variant of Trojan.Jokra, although currently that PC threat is identified as Mal/EncPk-ACE.

The Punchline that Will Sock Trojan.Jokra in the Jaw

Hard drive backups that are stored on removable devices (DVDs, USB drives or CDs) can be used to restore any information that Trojan.Jokra may have overwritten, making its attacks alarmist but harmless. However, it must be emphasized a second time that any removable devices that are attached to your PC at the time of Trojan.Jokra's attack also will be wiped. Trojan.Jokra's infection routes haven't yet been firmly identified, but may be related to e-mail spam messages that target various ISPs and media-based businesses in South Korea (one of the most common methods of attacking specific targets).

Trojan.Jokra hasn't been found to include any ability to infect new computers through removable devices, self-sent spam or other methods that are common to worms. However, other PC threats may be employed for Trojan.Jokra's distribution and can include such features. Because of the possible damage of a Trojan.Jokra attack, SpywareRemove.com malware research team recommends keeping anti-malware products that can detect Trojan.Jokra before its attack begins and remove Trojan.Jokra once Trojan.Jokra is detected.

Technical Details