BleepingComputer.com: Jucheck.exe infected w/trojan

Anyway, I was minding my own business, but I got this XP Internet Security Alert.

It said it blocked jucheck.exe which is infected with torjan-BNK.Win32.keylogger.gen

It's all Greek to me, but I remember I had an issue with something called Win32.

To make a long story short, I went through Bleeping Computer's suggested list of AntiMalaware and Anti-Virus programs. I am supposedly downloading the programs, but when I click on them they do not run.

Help!!!

This post has been edited by Orange Blossom: 12 December 2011 - 08:54 PM
Reason for edit: Moved to AII. ~ OB

If your OS is xp

Right click on the security software

Select-Run as

Now uncheck protect my compouter against unauthorized activity option

Click ok

This should most probably make your security softwares run.

Good luck

jucheck.exe is related to Sun Java UpdateChecker Module. It could be infected or that same name could be used by malware but run from a different location. However, if a Rogue Application like XP Internet Security is making the detection, then most likely it is a bogus (fake) alert. Win32 is the Windows API for 32-bit applications but it is often used in naming schemes for various types of malware.

-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware. Suggestions for renaming or changing the file extension can also be used for other security tools.

Some malware infections will alter file associations and registry keys corresponding to them so programs will not work properly. In order to get them working again this modification needs to be repaired. If none of the about works, then try this.

Please download one of the following tools by Farbar for your Operating system.

ExeFix.scr for Windows XP
ExeFix.reg for Vista/Windows 7

• Save the file to a USB flash drive or to the root of the system drive (usually C:).[list]
  
• Important! Boot your computer into the user account that is having trouble running exe files.
  
• Double-click on the file you downloaded for your OS to run it.
  
• You may need to reboot the computer or confirm the prompt to allow it to merge into the registry.

CAUTION: Some of these steps involve making changes in the Windows registry. Always Create a New Restore Point and back up your registry before making any changes. Vista/Windows 7 users can refer to these instructions. If you're not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable. ERUNT or ERUNTgui is an excellent free tool that allows you to to take a snapshot (backup) of your registry before making changes and restore it when needed.

Note: ERUNT and NTREGOPT will only work correctly in Windows 7 and Vista if you turn off User Account Control (UAC) in Windows Control Panel.

Narenxp, that didn't work.

Quietman, I went to the link for those having trouble with Anti-Malaware, and I changed the extension. It didn't work. I downloaded the Farbar tools. I was not or unable to save it to a USB. If I click save link, the infection notice would pop up.
I restarted the computer, and I got the same thing.

Moreover, I have tried to get on Word, and I get the message:
winword.exe is infected w/Trojan.BNK.win32.keylogger.gen

Special Note: I do not have XP Internet Security. I have AVG, so why is XP Internet Security notices pop up? Should I just buckle down and buy it, or is this some kind of ploy to get my credit card number?

Update: I figured out that I have this notorious XP Internet Security 2012 wammy.

Anyway, I able to download FixNCR, but I am still not able to download Malaware or RKill. I am able -- for the moment -- to use Word.

Help!!!

This post has been edited by poetist: 13 December 2011 - 12:50 AM

If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected". Some flash drives have a switch on the side or on the back as shown here which could have accidentally been moved to write protect.

Okay, I'll try that tomorrow, thanks.

Not a problem. Good luck.