Jusched.exe
So you have been Jusched?
 Current page : Home      Dangers of Jusched
 
     

Dangers of jusched


As this process runs by default on any system with Java installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.

Some malicious files will have the same name but will be stored somewhere other than in %ProgramFiles%\Java. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as jusched.exe:

  • W32/Agobot-OW (Registry entry called "jusched.exe")
    • This is a network worm that spreads through network shares. It also connects to a remote IRC server to accept commands from an attacker.
  • Troj/Banker (%SystemRoot%, Startup directory)
  • Troj/DwnLdr-FUX (%SystemRoot%)
    • This is a trojan that has the capability to automatically download additional malware.
  • Troj/Flat-E (%SystemRoot%)
There should not be more than one instance of jusched running at a given time. If more than one instance is running on your system, it may be a symptom of a malware infection.

Common problems
  • "jusched.exe has encountered a problem and needs to close. We are sorry for the inconvenience."
    • There are a myriad causes for this problem. Try turning off automatic updates in the Java control panel. If that does not work, reinstall Java.