JZip

By GoldSparrow in Potentially Unwanted Programs

Translate To:

Threat Scorecard

Popularity Rank:	8,625
Threat Level:	10 % (Normal)
Infected Computers:	17,573

First Seen:	November 3, 2015
Last Seen:	June 13, 2026
OS(es) Affected:	Windows

The JZip software is promoted through free application platforms and hxxp://jzip[.]online/ as the "Most popular File Compression Utility For Windows." The official page for the JZip software consists of a single image with a short description, a logo that says "over 1 billion downloads!" and a simple download box that points to 'jzip_installer.exe' (MD5: 37dbceb025029a68b24cd2e17bec2f7f). What you should know is that hxxp://jzip[.]online/ was created on 2018-07-02 according to records at https://whois.icann.org/en/lookup?name=jzip.online maintained by ICANN (Internet Corporation for Assigned Names and Numbers). The JZip software was reported to travel with adware and bloatware twenty-five days later. We believe that the promotional statements at hxxp://jzip[.]online/ regarding the '1 billion downloads' might have been exaggerated.

Also, the 'File Version Information' section for 'jzip_installer.exe' says that it contains the product 'Maligefo Setup.' The Windows 10's software execution protection is known to block the users from loading 'jzip_installer.exe.' Lab tests showed that JZip features the publisher name 'Prssto Inc.,' which does not appear on the Internet. An interesting discovery was that the 'Help' menu of JZip shows that the application is based on the 7Zip file compression instrument by Igor Pavlov, which you can find at hxxps://www.7-zip[.]org. Another discovery made in lab conditions was that JZip loads seemingly blank pages in the Web browser from time to time. Upon closer inspection, we found that the pages were not blank entirely and featured hidden advertisements. The JZip software may be used to click on advertisements without the user's knowledge and expose you to links that point to harmful programs. In contrast, 7Zip is a respected utility that is offered free of charge and come with continuous support. JZip has poor presentations, uses code from another program, has no legitimate publisher and may introduce adware to your system. JZip is categorized as a Potentially Unwanted Program (PUP) by Prssto Inc. that may enable users to process some types of file archives. Running JZip on your system may cause browser redirects, and you may want to remove the program using a credible cybersecurity solution.

Table of Contents

SpyHunter Detects & Remove JZip

File System Details

JZip may create the following file(s):

Expand All | Collapse All

#	File Name	MD5	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	A0297020.exe	aa340b9abbba967b1bff31a65c108f1f	74
Name: A0297020.exe MD5: aa340b9abbba967b1bff31a65c108f1f Size: 3.77 MB (3777472 bytes) Detections: 74 Type: Executable File Path: C:\System Volume Information\_restore{A2C79734-23F9-472B-B4DF-2D0ECF46665C}\RP1222\A0297020.exe Group: Malware file Last Updated: March 10, 2022
2.	jZip.exe.1759F49F39CFA634ABF2896D028D10EC	c0c14f67b4649f0b76b0590573864b45	23
Name: jZip.exe.1759F49F39CFA634ABF2896D028D10EC MD5: c0c14f67b4649f0b76b0590573864b45 Size: 3.77 MB (3777472 bytes) Detections: 23 Path: C:\WINDOWS\Temp\sentry_temp\jZip.exe.1759F49F39CFA634ABF2896D028D10EC Group: Malware file Last Updated: March 27, 2023
3.	JZIP.exe.vir	57b7379cc7397d0a89362b420d88ef59	11
Name: JZIP.exe.vir MD5: 57b7379cc7397d0a89362b420d88ef59 Size: 1.69 MB (1692672 bytes) Detections: 11 Path: C:\COMPUTER TOOLS\AdwCleaner\Quarantine\C\Program Files (x86)\jZip\JZIP\JZIP.exe.vir Group: Malware file Last Updated: February 12, 2022
4.	JZIP.exe	3c32b076846964993f5dd4c51901ad28	4
Name: JZIP.exe MD5: 3c32b076846964993f5dd4c51901ad28 Size: 1.11 MB (1116730 bytes) Detections: 4 Type: Executable File Path: C:\Users\<username>\AppData\Local\Temp\JZIP.exe Group: Malware file Last Updated: November 16, 2021

More files

Registry Details

JZip may create the following registry entry or registry entries:

CLSID

{3ED98568-A949-49CB-8ED0-3A703F6D4166}

{49C042E8-2509-41D4-A5C4-D06BA2E0E093}

{672B1330-7E4A-4D61-BE04-E2A132F04E1E}

{7523EAC7-936A-4636-B77B-FEFE20D2239B}

{7B286609-DA97-47E1-AC6B-33B8B4732C95}

{9175E343-1C41-4490-B178-14F36504F07E}

{94047607-3841-4CE6-AE4D-14FF23AF9458}

{9684C656-95A2-497D-9C8D-AD98DD1B48D0}

{C2FCC408-5801-4647-AA1D-A24D5FD6DB87}

{D5F850C7-FF97-4309-890D-3302499C3899}

{E677C7AD-2B66-4539-AA29-3771A1CFEDA9}

File name without path

JZIP.lnk

www.jzip[1].xml

HKEY..\..\..\..{RegistryKeys}

SOFTWARE\Bandoo Media Inc\jZip.exe

SOFTWARE\Classes\*\shellex\ContextMenuHandlers\JZContextMenuExt

SOFTWARE\Classes\*\shellex\ContextMenuHandlers\jZip

SOFTWARE\Classes\*\shellex\ContextMenuHandlers\JZipShlExt

SOFTWARE\Classes\*\shellex\PropertySheetHandlers\{7523EAC7-936A-4636-B77B-FEFE20D2239B}

SOFTWARE\Classes\.zip\jZip.file

SOFTWARE\Classes\AppID\jZipShell.DLL

SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\JZipShlExt

SOFTWARE\Classes\Directory\shellex\DragDropHandlers\JZHardLinkShlExt

SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\JZipShlExt

SOFTWARE\Classes\Drive\shellex\DragDropHandlers\JZHardLinkShlExt

SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip

SOFTWARE\Classes\Folder\ShellEx\DragDropHandlers\JZHardLinkShlExt

SOFTWARE\Classes\jZip.exe

SOFTWARE\Classes\jZip.file

SOFTWARE\Classes\jZipShell.jZipShellExt

SOFTWARE\Classes\Wow6432Node\AppID\jZipShell.DLL

Software\imeshjzipmusictoolbar

SOFTWARE\JZIP

Software\Microsoft\Internet Explorer\DOMStorage\jzip.com

Software\Microsoft\Internet Explorer\DOMStorage\www.jzip.com

SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\jzip.com

SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.jzip.com

SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\JzShlobj

SOFTWARE\RegisteredApplications\jZip

SOFTWARE\RegisteredApplications\jZip.exe

SOFTWARE\Wow6432Node\Classes\AppID\jZipShell.DLL

SOFTWARE\Wow6432Node\JZIP

SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}

SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe

SOFTWARE\Wow6432Node\RegisteredApplications\jZip

SOFTWARE\WOW6432Node\RegisteredApplications\jZip.exe

HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}

jZip

Directories

JZip may create the following directory or directories:

%LOCALAPPDATA%\imeshjzipmusictoolbar

%LOCALAPPDATA%\jZip

%PROGRAMFILES%\jZip

%PROGRAMFILES(x86)%\SystemManager\Systemmgr

%PROGRAMFILES(x86)%\jZip

%Temp%\jZip

%USERPROFILE%\AppData\LocalLow\imeshjzipmusictoolbar

%USERPROFILE%\Application Data\imeshjzipmusictoolbar

%UserProfile%\Local Settings\Application Data\imeshjzipmusictoolbar

%UserProfile%\Local Settings\Application Data\jZip

EnigmaSoft’s Payment Processor Digital River GmbH Filing for Bankruptcy Does Not Impact SpyHunter Customers’ Anti-Malware Protection

Search

Change Region

JZip

Threat Scorecard

EnigmaSoft Threat Scorecard

SpyHunter Detects & Remove JZip

File System Details

Registry Details

Directories

Submit Comment

Related Posts

Search.jzip.com

Trending

Hybridgermandespicable.com

Trojan.Injector.RDD

Trojan.Stealer.ACJ

Most Viewed

Pornktube.porn

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen