The Application Database suggests you which Windows startup programs are usefual and which are bad. The recommended tool for quickly removing the useless programs is RegRun Startup Optimizer. www.startupapps.com

---

Purchase RegRun Suite Download RegRun Suite

Search Database for:

RegRun > Greatis Startup Application Database > Dangerous > J

 

jacksim.exe
jade.exe
jammer2nd.exe
jammerkillah.exe
java.exe
joke.exe
jushed32.exe

jacksim.exe

Remote Access / Steals passwords
The VB6 files kan be tricked on a victim when he/she runs the game Father Jack Simulator (JackSim.exe).

jade.exe

Remote Access / FTP trojan
Also adds itself to the Start Menu to ensure autostart at Windows boot. The code has been packed with Neolite compressor.

jammer2nd.exe

The W32.Netsky.Z@mm worm is a Netsky variant that scans for the email addresses on all non-CD-ROM drives on an infected computer.
Scans drives C through Z (excluding CD-ROM drives) and retrieves the email addresses from any files with the predefined extensions.
Then, the worm uses its own SMTP engine to send itself to the email addresses that it finds to jamainlbbbsdef@yahoo.com
The From line of the email is spoofed, and its Subject, Message, and Attachment vary. The attachment has a .zip extension.
Also known as W32/Netsky.z@MM

Copies itself as %WinDir%\Jammer2nd.exe.
Creates a zip file containing the worm to %Windir%\PK_ZIP_ALG.LOG.

Listens on TCP port 665 for an attacker to send an executable file.
The worm will automatically run the executable when it is downloaded.
If the date of the system clock is between May 2, 2004 and May 5, 2004, the worm will attempt to perform Denial of Service (DoS) attack against the following Web sites:
www.nibis.de; www.medinfo.ufl.edu; www.educa.ch

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Jammer2nd" = %WinDir%\JAMMER2ND.EXE

jammerkillah.exe

Remote Access / Anti anti-trojan trojan / Trojan dropper
Kills the anti-trojan program Jammer and installs a modified Back Orifice server.

java.exe

I-Worm.Mydoom.m spreads via the Internet as an attachment to infected messages.
The worm contains a backdoor function.
The worm searches the victim machine for email addresses to harvest, and then sends itself to these addresses by directly connecting to the recipient's SMTP server.
It also harvests addresses by using popular search engines.
The worm opens TCP port 1034 in order to receive remote commands.

Manual removal:
Locate the keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
and remove the entry: JavaVM = %windir%\java.exe
Then locate the keys:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
and remove the entry: Services = %windir%\services.exe

joke.exe

Worm / File virus
Alters Win.ini. "Between midnight and 2.00am on Wednesdays the worm attempts to display an animated graphic of Adolf Hitler shooting himself in the head." (Sophos)

jushed32.exe

One of the CoolWebSearch parasites.
CoolWebSearch is a name given to a wide range of different browser hijackers.
They are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.
Can be installed by pop-ups exploiting security holes in IE.

See also, http://www.doxdesk.com/parasite/CoolWebS...