First of all, you should verify that the file is digitally signed and verified by the distributor of software. Jucheck.exe should be digitally signed by Sun Microsystems, Inc., but if the publisher is Unknown then it's probably some kind of malware.
Secondly, you should verify the file location. Legitimate Java software updater runs from C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe. This part \jre1.6.0_01\ may vary depending on the version of the Java software installed on your computer. Malicious software usually runs from Windows temporary folder (%Temp%) or Windows system folder (%Windir%). If the jucheck.exe runs from C:\Users\AppData\Local\Temp\jucheck.exe folder or from C:\Windows\jucheck.exe then you shouldn't allow it to run.
Finally, you can upload the suspicious file to VirusTotal, Jotti or VirScan to determine whether it's malicious or not. If the file is infected, you should get similar results: http://file.virscan.org/report/f1c42499897ee70aaa40cc4f1619571c.html
If you got the User Account Control (UAC) message about jucheck.exe from Unknown publisher asking you to make changes to your computer, please click No and scan your computer with legitimate anti-malware software.
Download recommended anti-malware software and run a full system scan to remove this Trojan from your computer.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
If you need help removing the jucheck.exe malware, please a comment below. Good luck and be safe online!
No comments:
Post a Comment