Monday, May 5, 2014

Remove Trojan:js/medfos.B - ChromeUpdateManager and Manager.js Virus






OUTLINE
  • Trojan:js/medfos.B brief definition
  • How Trojan:js/medfos.B spreads?
  • Malicious Trojan:js/medfos.B
  • Follow steps to remove Trojan:js/medfos.B


Brief Definition 


Trojan:js/medfos.B is classified as Trojan horse. Such type of Trojan attacks the vulnerability within JavaScript. Combined with uniform resource identifier (URI) method to perform search-redirection payload, Trojan:js/medfos.B manages to steal some confidential information such as accounts and log-in credentials.

Once being attacked by Trojan:js/medfos.b, one might run into the following troubles:
  1. CPU/ internal resource is consumed considerably most of the time.
  2. BSoD, freezes and browser crash might occur occasionally.
  3. Additional items such as web applications or Trojan horse will be detected before long.
  4. Installed anti-virus programs might be disabled to the extent not to ward off infections effectively.
  5. Some background running processes are affected to wantonly breed.


How Trojan:js/medfos.B spreads?


From the most Trojan:js/medfos.B affection cases, it has been learned that people found the Trojan horse was detected after some pop-up ads or browser hijacking/redirecting. As what has been made clear that Trojan:js/medfos.B attacks JavaScript which is commonly used as part of web browsers, it spreads itself online.

In most cases, "ChromeUpdateManager 1.0" extension will be detected to be installed without permission when Trojan:js/medfos.B is detected. Obviously, the Trojan horse piggybacks on some web applications or bogus ones. Therefore, PC users should be extremely cautious when installing web applications or some luring and suspicious popup ads.

ChromeUpdateManager 1.0 installed by Trojan:js/medfos.B



Malicious Trojan:js/medfos.B


There are several aspects that PC users and victims should pay attention to.

Trojan:js/medfos.B opens up backdoor – there are 256*256 ports on each computer, according to TCP/IP protocol, while only 3 or four ports at most are used by PC users. When Trojan:js/medfos.b affects a machine, the drivers regarding security and web will be numerated to be modified. As a consequence, the ports will be called to allow unsolicited access.


Trojan:js/medfos.B steals confidential information – as the Trojan horse applies URI method and attacks JS technique, it manages to record any input details. With this information, the Trojan horse manages to empty out bank card, get to know where to put the virus for effective and rapid propagation and get money by reselling the information to other operators/spammers/cyber criminals.

Trojan:js/medfos.B disables security applications and services – by numerating drivers concerning security services and applications, the Trojan horse is capable of inserting its codes into the related .dll/.exe/.dat files to dodge automatic removal and conveniently call the internal processes to execute what it wants.

Trojan:js/medfos.B would bring in more infections – with modified configuration and weakened security services, the computer captured by the Trojan horse becomes more susceptible to the infections in the wild. Besides, the backdoor can be utilized by the Trojan to generate profitable income by bringing additional infections or taken advantage by other infections that capture that backdoor program.

Below is the instruction to show how to remove Trojan:js/medfos.B. If you don’t know how to carry out the steps, please do feel free to start a live chat with senior technician from Global PC Support Center and get one-to-one assistance.
live chat to get expert help in removing Trojan:js/medfos.B



Follow Steps to Remove Trojan:js/medfos.B 


A - Please log off / disconnect the Internet.




B - remove restore file that help Trojan:js/medfos.B to recover from removal.

Win+R key combination > Run box > type "CMD" > hit Enter key > type "-h -r C:\_RESTORE" > hit Enter key > type "DELETE _RESTORE" > hit Enter key.




C – end the processes related to Trojan:js/medfos.B.
(tip: if you are not able to access Task Manager with the key combination, please access Run box from Start menu and type “CMD”; hit Enter key to put in “taskkill.exe /im msblast.exe” or “taskkill.exe /im teekids.exe” or “taskkill.exe /im penis32.exe”)

Access Task Manager > View > select columns > tick "PID" and "Path name" > go to open up System Information > end the process with path name directing to  Trojan:js/medfos.B's path(according to the threat alert) or the path that doesn't belong to system.




D – Remove temp files created by Trojan:js/medfos.B.
(tip: if one owns Windows XP, it is suggested to execute the following steps after closing down System Restore function: right click on “My Computer”/”Computer” > Property > navigate to System Restore tab > tick “Turn off System Restore”)
turn off system restore to remove Trojan:js/medfos.B
  1. Press Win key and R key together, you’ll get a pop-up Run box.
  2. Type “%Temp%” in the box and hit Enter key, you’ll be led to all temp files.
  3. Remove the ones that are not loaded by system.
  4. When done, return to the previous menu to click open “Temporary Internet Files”.
  5. Locate the folder ”Content.[the browser you are using]+[the version you are using] ”, for example, content.ie5.
  6. Remove all the files there (except index.dat).



E – show hidden files and folders to remove the ones created by Trojan:js/medfos.B.

Windows 7/XP/Vista - Control Panel > user accounts and family safety > Folder Options > View tab > tick ‘Show hidden files and folders’ > non-tick ‘Hide protected operating system files (Recommended)’ > OK button.

Windows 8 - Windows Explorer > View tab > tick ‘File name extensions’ and ‘Hidden items’ > OK button.
  • Access the detected path and remove all the items there.
  • Access the following folders to remove the items generated on the day when  Trojan:js/medfos.B was firstly detected:
C:\Windows
C:\Windows\System32
C:\windows\winstart.bat
C:\windows\wininit.ini
C:\windows\Autoexec.bat
C:\Users\[your username]\Documents\
C:\users\user\appdata\local\
C:\Program Files\




F - remove the extensions created on the day when Trojan:js/medfos.B was firstly detected.

Internet Explorer
Tools > Manage add-ons > ‘Toolbars and Extensions’ > remove the extensions created on the day when Trojan:js/medfos.B appeared > ‘Search Providers’ > remove the extensions created on the day when Trojan:js/medfos.B appeared.

Mozilla Firefox
Tools > Options > ‘Extension’ > remove the extensions created on the day when Trojan:js/medfos.B appeared > ‘Plugins’ panel > remove the extensions created on the day when Trojan:js/medfos.B appeared.

Google Chrome
Spanner icon > "Tools" > ‘Extensions’ > remove the extensions created on the day when Trojan:js/medfos.B appeared.

Opera
Opera menu > Extensions > Manage Extensions > remove the extensions created on the day when Trojan:js/medfos.B appeared.

Safari
Safari Menu > Preferences > extensions tab > remove the extensions created on the day when Trojan:js/medfos.B appeared.



One may not succeed in removing Trojan:js/medfos.B as additional items have wormed into the target machine without your knowledge. In such case, more steps should be taken for a complete removal.If you are technically sound, please find out the additional item and get the corresponding solution in virus reservoir; otherwise, please do not hesitate to start a live chat window to contact VilmaTehc Online Support and ask its technicians for quick fix according to your concrete situation.


 live chat to get expert help in removing Trojan:js/medfos.b


Reference:

Uniform Resource Identifier (URI) - Wikipedia

TCP/IP protocol - Wikipedia

Trojan:js/medfos.b Appears Every Five Minutes, How to Remove - Global PC Support Center



No comments: