What is jusched.exe?

MartinJ

>jusched.exe is supposed to be JavaUpdateScheduler but this might be just another file abusing the trust to Sun.
>Summary:
>Key under HKLM\Software\Microsoft\Windows NT\WinLogon changes to:
>explorer jusched.exe
>
>Symtomps (XP SP2-SP1 or earlier wouldn't give this symptom unless you manually adjusted):
>When you try to browse to a webpage, you start to get "Page not found" on second attempt if not on first.
>Checking events shows a warning event ID 4226 (TCP/IP has reached security limit...) - this means there were connection attempts over 10/secs. If tcpip.sys is patched to remove limit or SP2 is not installed (win2003 SP1) you wouldn't get these symptoms nor event logged. However you might notice slowdown in network connections.
>Checking from DOS prompt:
>netstat -no
>reveals connections on port 445 all with same PID (PID points to jusched.exe).
>
>PS: Remember in my case it was jusched.exe. Whatever it's currently unidentified by virus scanners as a virus. SP2 firewall warned or not I don't know (I'm not the user of affected boxes only admin here - after they said they can't connect to internet since wednesday these were what I found and fixed, during fix I saw jusched was added in firewall exceptions list, probably users don't know what to do when they see alert and simply choose unblock).
>
>Fix: Well I only edited registry to remove all entries I found and it's gone. Just luck believe me:)
>
>Cetin