File Investigation Report
JWDSRCH.EXE
Currently being reviewedThe filename JWDSRCH.EXE is used by objects that are classified as safe. It has not yet been seen to be associated with malicious software.
If you are concerned that your PC might be infected why not try our Free Prevx Scanner. It will thoroughly check your PC for millions of active Spyware and malware infections and takes less than 2 minutes. Don't put your confidential data, or your identity at risk, check your PC now with Prevx.
File Behavior
JWDSRCH.EXE has been seen to perform the following behavior:
- The Process is polymorphic and can change its structure
- Creates new file extentions so that Internet Explorer will automatically open and potentially execute additional file types
- Adds new menu items in the Internet Explorer Right Click menu
- Executes a Process
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Can communicate with other computer systems using HTTP protocols
- Registers a Dynamic Link Library File
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Adds a Registry Key (RUNONCE) to auto start Programs on system start up
- Adds a Registry Key (EXPLORER) to auto start Programs on system start Boot up
- This Process Deletes Other Processes From Disk
- This process creates other processes on disk
JWDSRCH.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Deleted as a process from disk
- Executed as a Process
- Terminated as a Process
Country Of Origin
The filename JWDSRCH.EXE was first seen on Sep 29 2007 in the following geographical regions of the Prevx community:
- Japan on Sep 29 2007
- Spain on Oct 14 2007
- Taiwan on Feb 10 2009
File Name Aliases
JWDSRCH.EXE can also use the following file names:
- NSW10.TMP
- NSBE938.TMP
- NSUA.TMP
- NSZ17.TMP
- NSDA1.TMP
- NSE3C.TMP
- 31873048.DAT
Filesizes
The following file size has been seen:
- 136,576 bytes
- 26,208 bytes
- 91,480 bytes
- 124,560 bytes
- 132,952 bytes
Vendor, Product and Version Information
Files with the name JWDSRCH.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
- JWord Inc.; JWord Plugin Search; 2, 4, 4, 14
- JWord Inc.; VeriSign Class 3 Code Signing 2009-2 CA;
- JWord Inc.; JWord Plugin Search; 2, 0, 0, 4
- JWord Inc.; VeriSign Class 3 Code Signing 2004 CA;
- JWord Inc.; JWord Plugin Search; 2, 0, 0, 1
- JWord Inc.; JWord Plugin Search; 2, 0, 1, 6
- JWord Inc.; JWord Plugin Search; 2, 1, 0, 0
- JWord Inc.; JWord Plugin Search; 2, 1, 0, 2
- JWord Inc.; GlobalSign ObjectSign CA;
- JWord Inc.; JWord Plugin Search; 2, 3, 2, 10
File Type
The filename JWDSRCH.EXE refers to many versions of an executable program.
File Activity
One or more files with the name JWDSRCH.EXE creates, deletes, copies or moves the following files and folders:
- Creates c:\documents and settings\all users\application data\jword\plugin2\livelog.ini
- Creates c:\documents and settings\all users\application data\jword\plugin2\jwd.ini
Registry Activity
One or more files with the name JWDSRCH.EXE creates or modifies the following registry keys and values:
- HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow *.jword.jp [REG_BINARY, size: 0 bytes