JasperLoader - How to remove

JasperLoader is malware that spreads other malware, both into your PC, and from it to others. The malware sneaked into your PC can vary in its severity, but in theory could include miners, spyware, adware, even ransomware. The Trojan can also hijack the infected computer to complete tasks for cybercriminals, such as sending infected emails from your computer to others.

Specifically, JasperLoader has been used to inject and distribute GoodKit — a sophisticated and dangerous banking Trojan. Your computer could be a zombie and you might not even know it.

Even though it is used to distribute GoodKit, a banking Trojan, JasperLoader can allow other viruses to infect a system, like miners, adware, or ransomware.

What does a banking Trojan do?

• Steals private information, can watch what a computer is sending over the internet.
• GoodKit modifies how a particular bank’s website behaves on the user’s end (they target a number of banks mostly in Western Europe).
• Uses the information it stole to hijack bank accounts and drain all the money.

Sophisticated malware, like GoodKit, can be difficult for cybersecurity researchers to investigate because it can, for example, detect when it’s running on a virtual machine.

How does an infection happen?

Spam emails carrying files infected with macro viruses, or links to infected websites.

The emails can entice recipients to open their files and links by implying that they have received a large sum of money. Other times they try to scare people by saying that they have little time left to pay a debt, or that there has been a misunderstanding. These emails have few details, as if you’re supposed to know what the message is about. The cybercriminals who crafted them are betting on recipients being too afraid to ignore the email and the attached doc (it’s most often a doc file).

Once the file is opened, Microsoft Office automatically restricts execution of macros, as it does for safe files, too. To get around this restriction the infected documents have text written in their pages urging you to “Enable Editing” and “Enable Content”, lying that the document will not show properly without the macros. This is not done for normal documents. Not many documents need to run macros at all, actually. The infected ones do, but only so that they can install malware.

The cybercriminals could have received your email from a leak of one of the websites where you are registered. Usernames, emails and, sometimes, passwords stolen from databases and sold to online criminals. It’s important to regularly change your passwords and not to use the same password for multiple accounts, like too many people do, as well as come up with a complex password.

I would also encourage you to enable 2-factor authentication where you can so that you know when someone tries to break into one of your accounts.

Another common way for Jasperloader and similar Trojans to spread is by drive-by download. Visiting an infected website could automatically download malware. A person might install the malware without knowing what it does, or the downloaded bit of malicious code could invite the rest of the virus on the machine. The links to infected websites could also spread via email, or malicious ads.

How to avoid infections like JasperLoader?

Change your passwords periodically and make it complex. If JasperLoader caused your private info to be leaked, even if your accounts are not hacked now, some cybercriminals sell/buy emails and usernames in bulk to use in future cyberattacks.

Be careful about opening files and links that came with unexpected emails from unknown senders. Scan files with your antivirus before opening them.

Keep a professional and trusted antivirus program installed and updated.

How to remove JasperLoader

You should remove the JasperLoader and other malware, though how you do it is up to you. You can scan your system with an antivirus program, like Spyhunter and let it remove the threats that it finds. You can also remove JasperLoader and whatever other malware is on your system manually, and then scan your system to see if all the threats were removed.

Once you have removed the malware, do not stop scanning your machine. Threats like JasperLoader sometimes, if they weren’t completely deleted, have an ability to redownload themselves. If you find that the virus keeps returning, either try to find the files responsible, try another antivirus program, or seek more specialised support from your antivirus vendor.

Automatic Malware removal tools

How to remove JasperLoader using Windows Control Panel

Many hijackers and adware like JasperLoader install some of their components as regular Windows programs as well as additional software. This part of malware can be uninstalled from the Control Panel. To access it, do the following.

• Start→Control Panel (older Windows) or press Windows Key→Search and enter Control Panel and then press Enter (Windows 8, Windows 10).
• Choose Uninstall Program (if you don't see it, click in the upper right next to "View by" and select Category).
• Go through the list of programs and select entries related to JasperLoader . You can click on "Name" or "Installed On" to reorder your programs and make JasperLoader easier to find.
• Click the Uninstall button. If you're asked if you really want to remove the program, click Yes.
• In many cases anti-malware programs are better at detecting related parasites, thus I recommend installing Spyhunter to identify other programs that might be a part of this infection.