Win32.Jix

Win32.Jix is a backdoor Trojan with a built-in remote administration tool commonly referred to as Remote Access Technology or RAT.  Apparently, this program is in and of itself a Windows PE EXE file and it is approximately 15 KB in size.  It comes bundled with UPX.

Once this spyware has infected your system, it will copy itself in the Windows system directory and will use the following names: %Systemr%\upnphost.exe, %System%\pnphost.exe, %System%\winpnp.exe.

The backdoor component of the program will use TCP port 5533 which will then turn the user’s machine into an FTP server.  It will then await commands from its hacker by connecting to IRC server 203.167.78.35

Related Files:
%Systemr%\upnphost.exe
%System%\pnphost.exe
%System%\winpnp.exe

Category:
Backdoor Trojan

Recommended Action:

Remove at once.

AKA:
Backdoor.Win32.Jix.a
Exploit-MS04-011.gen
W32.Janx, WORM_JANZ.A
Worm/Zusha.A
Exploit.MS04-011
W32/Janx.A.worm
NewHeur_PE

It is possible to remove this pest manually.  It requires purging all related files, folders and processes from the system.  However, if manual removal leaves you feeling a bit skittish about the process, a program out there can remove all spyware and not just Win32.Jix.  ZookaWare PC Cleaner is a reliable and safe anti-spyware application from makers, ZookaWare.

Download Free Scan
ZookaWare runs on Windows Vista, 7, 8 and 10. It has no ads, popups or bundled software and fully uninstalls by clicking Start > All Programs > select ZookaWare and click Uninstall.

One Response

  1. Daniel Taylor says:

    Before I started using SpyZooka and RegZooka, my computer was affected by Win32.Jix, a spyware that my anti-virus software had not picked up. SpyZooka found and removed the malicious program and my computer was restored to its original state.
    Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php