TreasureHunter

Posted by Sarah Stewart on April 3, 2019

What is TreasureHunter?

TreasureHunter is a rather old Trojan, but it seems to be active to this day. According to our researchers at Anti-spyware-101.com, the malicious application was created around 2013 on a Windows XP computer. Apparently, the threat has not been updated ever since, and it still works only on devices running Windows XP. Thus, if your device uses any other operating system, you may have nothing to worry about. As for those who have encountered this infection we advise reading our full article. In it, we will talk about what the Trojan can do if it enters the system and how to eliminate TreasureHunter as soon as possible. In fact, to make the task easier for those who may want to get rid of the malicious application manually, we prepared step by step deletion instructions available just a bit below this article.

Where does TreasureHunter come from?

We do not think TreasureHunter is being spread widely considering it works only on Windows XP computers. Also, our researchers think hackers distributing it could use various methods. Probably one of the most popular ways to spread Trojans is to send targeted victims malicious email attachments. Therefore, users should always watch out for attachments that come from unknown senders. Such files might look like harmless photos, text documents, and other data the victim would not consider to be malicious. Thus, even if email attachments do not seem to be harmful, it is safer to scan them with reliable antimalware software first. Moreover, threats like this Trojan could enter the system through malicious software installers. Such data can be spread through various P2P file-sharing web pages, which is why we recommend staying away from them.

How does TreasureHunter work?

The Trojan is used for stealing passwords and other sensitive user’s information (e.g., payment card number, primary account number, etc.). It looks like the malware was designed to obtain such data by scanning the computer’s memory. Later on, it should send a file with the information it manages to steal to one of the remote servers the malware might be connected to. This is how the hackers behind TreasureHunter could get their hands on your passwords and other sensitive information. Needless to say, if such data gets leaked, it could cause you a lot of trouble, and if you fear it might have already happened, you should make sure you change all passwords as soon as the malicious application is gone. Another thing you should know is that the threat might not stop gathering information until it gets erased. Our researchers say that is because it creates a particular Registry entry, which allows it to restart with the operating system. Therefore, we recommend deleting TreasureHunter the moment you realize it is on your system.

How to erase TreasureHunter?

The Trojan can be erased manually, and if you take a look at the instructions available below this paragraph, you can learn how to do it yourself. However, when dealing with such malicious applications like TreasureHunter, it might be best to use a legitimate antimalware tool instead to make sure it gets eliminated. If you pick this option, you should scan the computer with a chosen security tool and then press the given removal button.

Remove TreasureHunter

  1. Click Ctrl+Alt+Delete.
  2. Pick Task Manager and select Processes.
  3. Locate a process belonging to the threat.
  4. Select it and click End Task.
  5. Exit Task Manager.
  6. Click Windows key+E.
  7. Locate these paths:
    %TEMP%
    %USERPROFILE%\Downloads
    %USERPROFILE%\Desktop
  8. Locate the malicious application’s launcher (some suspicious file downloaded recently).
  9. Right-click it and select Delete.
  10. Then go to %APPDATA%\b7ebc87227817ae862c92408178cf2e9
  11. Locate a file called jucheck.exe, right-click it and press Delete.
  12. Exit File Explorer.
  13. Press Windows key+R.
  14. Type regedit and press Enter.
  15. Find this path: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  16. Look for a value name called jucheck, right-click it and press Delete.
  17. Close Registry Editor.
  18. Empty your Recycle Bin.
  19. Restart the computer. 100% FREE spyware scan and
    tested removal of TreasureHunter*

Stop these TreasureHunter Processes:

4f18758bac433fa21ddc35eff40ab20d5894b605f81c83241ce9c644c46d9648.exe
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *