Home Malware Programs Trojans Trojan.Jokra

Trojan.Jokra

Posted: March 21, 2013

Threat Metric

Threat Level: 9/10
Infected PCs: 39
First Seen: March 21, 2013
OS(es) Affected: Windows

Trojan.Jokra is a Trojan that wipes the hard drive of the affected PC by overwriting the default data with one of several predetermined text strings. Trojan.Jokra is compatible with multiple types of operating systems, and some members of the PC security industry speculate that a variant of Trojan.Jokra was involved in the recent South Korean DarkSeoul (or Mal/EncPk-ACE) attacks. Although Trojan.Jokra's worldwide distribution numbers are low, given the potential damage of Trojan.Jokra's attacks, SpywareRemove.com malware researchers stress the usefulness of preventative security steps that will block a Trojan.Jokra infection from occurring. However, if your PC does need Trojan.Jokra removed, then a strong anti-malware program should be the readiest solution for deleting Trojan.Jokra without harming anything else on your hard drive.

How Trojan.Jokra Jokes Around with Your Files

Trojan.Jokra is a fairly rare type of Trojan: Trojan.Jokra is designed to destroy information rather than steal it and doesn't include any revenue-generating functions that other PC threats have popularized. Given Trojan.Jokra's main function, the simplest way to protect your computer from a Trojan.Jokra attack is to regularly backup all of your hard drive data so that it can be restored even if Trojan.Jokra does succeed in wiping all information on your hard drive. SpywareRemove.com malware experts warn that Trojan.Jokra's attack includes any removable drives that are plugged in to your computer at the time and is compatible with both Windows and Linux-based OSes.

Trojan.Jokra's initial functions disable a small amount of programs that are related to PC security. Afterward, Trojan.Jokra proceeds with overwriting all information on any available drives with one of several phrases, the meaning of which currently is unclear (even though in a general way one of them give the appearance of been derived from the warfare-related terminology of the Roman Empire). Data that's overwritten includes your operating system, essentially 'bricking' the hard drive; at least until everything can be reinstalled from scratch.

It's worth noting that, although Trojan.Jokra's payload is very similar to the previously-identified Shamoon and that some PC security researchers have speculated that Trojan.Jokra is used for similar state espionage-related purposes, Trojan.Jokra is not related to the Shamoon worm (which targets Middle Eastern companies). Certain attacks against South Korean ISPs and associated companies, including television networks, are speculated to be caused by a variant of Trojan.Jokra, although currently that PC threat is identified as Mal/EncPk-ACE.

The Punchline that Will Sock Trojan.Jokra in the Jaw

Hard drive backups that are stored on removable devices (DVDs, USB drives or CDs) can be used to restore any information that Trojan.Jokra may have overwritten, making its attacks alarmist but harmless. However, it must be emphasized a second time that any removable devices that are attached to your PC at the time of Trojan.Jokra's attack also will be wiped. Trojan.Jokra's infection routes haven't yet been firmly identified, but may be related to e-mail spam messages that target various ISPs and media-based businesses in South Korea (one of the most common methods of attacking specific targets).

Trojan.Jokra hasn't been found to include any ability to infect new computers through removable devices, self-sent spam or other methods that are common to worms. However, other PC threats may be employed for Trojan.Jokra's distribution and can include such features. Because of the possible damage of a Trojan.Jokra attack, SpywareRemove.com malware research team recommends keeping anti-malware products that can detect Trojan.Jokra before its attack begins and remove Trojan.Jokra once Trojan.Jokra is detected.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Trojan.Jokra may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria .

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



file.exe File name: file.exe
Size: 14.59 KB (14594 bytes)
MD5: ba05b50ccea60437d340a95eb2f67d3e
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: March 26, 2013
%Temp%\AgentBase.exe File name: %Temp%\AgentBase.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\conime.exe File name: %Temp%\conime.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Temp%\~pr1.tmp File name: %Temp%\~pr1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Temp%\~v3.log File name: %Temp%\~v3.log
Mime Type: unknown/log
Group: Malware file
%Temp%\alg.exe File name: %Temp%\alg.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

More files