Home / Spyware Help / TreasureHunter Removal Guide

TreasureHunter Removal Guide

by 0 Comments

Do you know what TreasureHunter is?

TreasureHunter is a Trojan from 2014. The reason we are discussing such an old threat is that it was recently spotted once again. The interesting part is that the malware was not renewed and the same as before it is compatible only with Windows XP systems. Meaning if you are not using this particular operating system, your device should be safe. However, if your computer is vulnerable to this Trojan, you ought to know it can steal passwords and other valuable information. Thus, if you want to protect your privacy, it is best to eliminate TreasureHunter rather sooner than later. The removal guide available below this report should help you get rid of the malicious application manually, but if you think the instructions are a bit too complicated, we encourage you to use a reputable antimalware tool instead. Also, do not forget you can leave us a message below in the comments section if you have any questions about this Trojan.

It is unknown how exactly TreasureHunter is being spread, but our computer security specialists believe it could be delivered through Spam emails, unreliable file-sharing web pages, and so on. Also, it is possible the hackers could drop the Trojan on targeted devices by exploiting their vulnerabilities. Therefore, in addition to being cautious with suspicious email attachments or when downloading data from the Internet, users should try to strengthen the system too. To make the computer more secure, you should replace weak passwords, update old software, and employ a reputable antimalware tool that could guard it against various threats.

If TreasureHunter enters the system, it should create a copy of itself titled jucheck.exe or similarly in a subfolder with a long title from random characters placed in %APPDATA%. Plus, the malicious application could create a Registry entry in the HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run directory. It might be titled similarly to the malware’s copy, for example, jucheck. Because of this Registry Entry, the Trojan should be able to restart with the operating system. While running, the threat is supposed to try to read passwords or other valuable information alike from the device’ memory. Provided, it obtains any information it should save it on a particular file that later ought to be sent to the cybercriminals responsible for the TreasureHunter’s distribution. The malicious application transfers the collected information via the hacker’s server.

No doubt, the faster you delete TreasureHunter, the safer your private information will be. As for the passwords the malicious application might have been able to steal while it was on the computer, we advise replacing them soon after the Trojan gets erased. To eliminate it manually you should complete the steps listed in our removal guide available below the text. Another way to get rid of it is to employ a reputable antimalware tool. In such a case, all you would have to do is perform a full system scan and wait for the results. Once they appear, you should be able to remove all discovered detections at the same time.

Get rid of TreasureHunter

  1. Press Ctrl+Alt+Delete simultaneously.
  2. Click Task Manager.
  3. Take a look at the Processes tab.
  4. Locate a process associated with this Trojan.
  5. Select this process and tap the End Task button.
  6. Click Windows Key+E.
  7. Navigate to the suggested paths:
    %TEMP%
    %USERPROFILE%Desktop
    %USERPROFILE%Downloads
  8. Find a file launched when the system got infected, right-click the malicious file and select Delete.
  9. Navigate to %APPDATA%
  10. Find a folder with a long title from random characters and open it.
  11. Locate a malicious file titled jucheck.exe or similarly, right-click it and choose Delete.
  12. Close File Explorer.
  13. Press Windows Key+R.
  14. Insert Regedit and select OK.
  15. Navigate to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  16. Look for a value name called juchec or similarly, right-click it and press Delete.
  17. Exit Registry Editor.
  18. Empty Recycle bin.
  19. Restart the computer.

In non-techie terms:

TreasureHunter is a malicious threat that could steal your passwords and valuable data alike. However, the research revealed the malware works only on Windows XP systems, so if you are using a newer operating system, it is unlikely you could encounter it. The malicious application may have the ability to restart with the operating system, so it might relaunch itself with each restart and continue to gather user’s information. For this reason, we advise erasing it immediately. More experienced users could try deleting the malware manually. The removal guide available above this paragraph lists all the necessary steps, so if you think you are up to the task, we encourage you to check it out. As for less experienced users, we recommend erasing the Trojan with a reputable antimalware tool of their choice.