JS Shadraem.a

Posted on 2010-01-04
Medium Priority
Last Modified: 2013-11-22
A PC detected the JS Shadraem a virus.  This machien was up to date with anti-vrus, but log said cure failed and fiel was restored.  I looked online but there is not much out there about this one.

Does anyone have any removal tips?

Thank you.
Question by:LionelR2D2
LVL 13

Accepted Solution

JeremySBrown earned 500 total points
ID: 26173008
Run a temporary file remover...CCleaner is a good one and it's free.

Download Combofix by sUBs.

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.

Assisted Solution

joefreedom earned 500 total points
ID: 26173035
I've had pretty good luck with CCleaner over the years but I always tell people to scan with more than one product because not all are exactly the same.

Download trustworthy virus scanners such as A-squared, Malware Bytes, etc.  Update all virus scanners to the most recent virus definitions.

Turn off System restore on your machine temporarily.  Go to 'My Computer', 'System Restore', select 'Turn off system restore'.

Reboot your machine into Safe Mode, press F8 after you see your computer manufacturer 'splash screen'.

Run the tools using Deep Scans or Full Scans and remove any malicious items they find.  Reboot your computer normally, re-enable system restore if you want and away you go.
LVL 30

Assisted Solution

by:Thomas Zucker-Scharff
Thomas Zucker-Scharff earned 500 total points
ID: 26173277
I agree with what joefreedom said, but you should note that turning off System restore deletes all your restore points.  This is important because restore points contain protected files which will not be deleted by any program no matter what it says.  Once SR is off the points are deleted, but as has been said, you should run your software to be sure.

Before doing this make sure your computer reboots.  Try to make sure your system is clean of viruses except in system restore.  Do NOT follow these directions if you have tried to restore to an earlier time before you were infected.  An infected restore point is better than none at all.  But once you have a clean machine, the following procedure is the ONLY way I know of to clean your restore points because they are protected files.  

No matter what your software says it is doing it cannot clean your restore points.

WARNING:  This will DELETE ALL your system restore points

Disable System Restore:
Click Start, right-click My Computer, and then click Properties.
In the System Properties dialog box, click the System Restore tab.
Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
Click OK.
When you receive the following message, click Yes to confirm that you want to turn off System Restore:
"You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?"
After a few moments, the System Properties dialog box closes.

Reboot your system

Follow the above steps to reenable system restore

Create a manual restore point:
click the start button
all programs
system tools
system restore

choose to create a restore point and follow the prompts - name it appropriately

Assisted Solution

MagicFarmer earned 500 total points
ID: 26174846
I would also consider running an antiroot kit -- Sophos makes a very good one:
LVL 30

Expert Comment

by:Thomas Zucker-Scharff
ID: 26175119
Yes but don't just run one antiroot kit, I usually run 3 to make sure.  Try the sophos one suggested above (an excellent one) and these 2:

F-Secure: http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/blacklight/index.html
Panda: http://www.softpedia.com/progDownload/Panda-Anti-Rootkit-Download-61553.html

They seem to have varying sensitivities.  I believe that the Sophos app is the most sensitive, the downside being that it will find false positives, depending on your computer usage.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question