jucheck.exe?

Hello.

I’m not really sure if this a virus or not so I need some help. jucheck.exe just appeared on my laptop and is trying to get access to my computer. I keep refusing but it just pops up again. Does anyone know how to remove it if is a virus? Thanks!

Also I’m running a full virus scan right now.

Probably it is Java Update checker
http://www.file.net/process/jucheck.exe.html

http://www.file.net/process/jucheck.exe.html
http://answers.microsoft.com/en-us/windows/forum/windows_7-security/what-is-jucheckexe-keep-it-or-remove/ffc8fbb4-ee38-4fc4-a022-8bd71b8dd256

Thanks.
I’m pretty sure it’s not the real Java updater and really malware. What should I do now? I’m really worried. :-[

Also I need to head to bed. Will check back in the morning.

upload suspicious file(s) to www.virustotal.com and test with 43 malware scanners
when you have the result, copy the URL in the addressbar and post it here so we can see

alternatives
Jotti`s malware scan http://virusscan.jotti.org/en
VirSCAN http://virscan.org/

You can also check what you have got against: http://www.backgroundtask.eu/Systeemtaken/taakinfo/6347/jucheck.exe/

polonus

I want to try scanning it but I can’t seem to find the source file for it.

And I stopped the real jucheck.exe in task manager but the other is still popping up. I’m guessing it means it really is a virus after all.

have you run Malwarebytes ?

if not try a quick scan and post the log here

Malwarebytes Anti-Malware 1.51.1 http://filehippo.com/download_malwarebytes_anti_malware/
always make sure the program is updated before you scan
click on the remove selected button to quarantine anything found

Thanks.

Scan type: Quick scan
Objects scanned: 167018
Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

It still hasn’t stopped the problem with the jucheck though. I did find the source file though and scanned it. Avast didn’t come up with anything but VirusTotal did find some stuff.
http://www.virustotal.com/file-scan/report.html?id=77c2e0d82ecadc0c6ef3454c11b5543379bea6ad50256a986871ca4dda5c2ec9-1311435866

Hi Siyanaify,

Can you upload the file here: http://anubis.iseclab.org/
Do it down the page where you read

Choose the file that you want to analyze. The file must be a Windows executable. (details)
Then
Enter the code that you see in the image on the left and your submission will be analyzed before all automatic submissions.
and give us the link to the anubis report. Would be interesting to evaluate the results from the link you will come up with,
The the category and platform of the malware that was apparently found, if not FP, is win32, so attacking all 32 bit platforms, family is 3, sequence Packed means is a lab name meaning a very recent new variant, aka Trojan.AVKill is a generic trojan dropper find that also contains code designed to subvert a variety of popular antivirus applications, his program opens up a large security hole on your computer and is a very dangerous threat to the security of your personal and financial data,

polonus

Okay, here it is
http://anubis.iseclab.org/?action=result&task_id=1298741db8085ecb4b5f322ee750ffa80

Hi Siyanaify,

As DrWebCureIt seems to be able to cleanse it, you should run that under guidance of a qualified removal expert. Our forum member, essexboy, has been informed and will give you instructions shortly, I will evaluate the Anubis link report and will elaborate on that later. Everything will be OK, just wait for essexboy to arrive in this thread,

polonus

One destruction set for Dr Web ;D

Download Dr Web from here Fill in the small form and download

It will download as an 8 digit file save it to your desktop

Restart in safe mode and run
Accept the enhanced version
Then run the quick scan
About halfway through you will be prompted to buy - just X the box closed
Once finished it will generate a log please attach that

Thank you!

I couldn’t figure out how to get the actual scan log, but I do know that two files (including jucheck.exe) were infected by trojan.AVKill.8449. They couldn’t be cured but were quarantined. I ran another quick scan to be safe and nothing came up. Is there anything else I should do now or is it fixed?

Locate the C: drive file CureIt.log

In Win7 c: \ Users \ ****** (you) \ DoctorWeb \

Ah, that’s how you do it. Thank you!

Should I still post the log (though it’s the results of the second scan I did which came up with nothing)?

Put all the same … and log in from the quarantine can follow any responses to send to virlab Avast, before it is packed.

Sorry, I don’t quite understand what you mean.

Sorry for my bad English, put a log - CureIt.log, and we can follow any responses from the quarantine to send it to the lab Avast Trojan to virus analysts added it to the next update.

It won’t let me post or attach the log it seems.

Well I need to go babysit soon so I’m going to quickly update my Avast and get off. Thank you for all your help and I’ll check back again later.