JS Shadraem.a

A PC detected the JS Shadraem a virus.  This machien was up to date with anti-vrus, but log said cure failed and fiel was restored.  I looked online but there is not much out there about this one.

Does anyone have any removal tips?

Thank you.
Who is Participating?
JeremySBrownConnect With a Mentor Commented:
Run a temporary file remover...CCleaner is a good one and it's free.

Download Combofix by sUBs.

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.
joefreedomConnect With a Mentor Commented:
I've had pretty good luck with CCleaner over the years but I always tell people to scan with more than one product because not all are exactly the same.

Download trustworthy virus scanners such as A-squared, Malware Bytes, etc.  Update all virus scanners to the most recent virus definitions.

Turn off System restore on your machine temporarily.  Go to 'My Computer', 'System Restore', select 'Turn off system restore'.

Reboot your machine into Safe Mode, press F8 after you see your computer manufacturer 'splash screen'.

Run the tools using Deep Scans or Full Scans and remove any malicious items they find.  Reboot your computer normally, re-enable system restore if you want and away you go.
Thomas Zucker-ScharffConnect With a Mentor Systems AnalystCommented:
I agree with what joefreedom said, but you should note that turning off System restore deletes all your restore points.  This is important because restore points contain protected files which will not be deleted by any program no matter what it says.  Once SR is off the points are deleted, but as has been said, you should run your software to be sure.

Before doing this make sure your computer reboots.  Try to make sure your system is clean of viruses except in system restore.  Do NOT follow these directions if you have tried to restore to an earlier time before you were infected.  An infected restore point is better than none at all.  But once you have a clean machine, the following procedure is the ONLY way I know of to clean your restore points because they are protected files.  

No matter what your software says it is doing it cannot clean your restore points.

WARNING:  This will DELETE ALL your system restore points

Disable System Restore:
Click Start, right-click My Computer, and then click Properties.
In the System Properties dialog box, click the System Restore tab.
Click to select the Turn off System Restore check box. Or, click to select the Turn off System Restore on all drives check box.
Click OK.
When you receive the following message, click Yes to confirm that you want to turn off System Restore:
"You have chosen to turn off System Restore. If you continue, all existing restore points will be deleted, and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?"
After a few moments, the System Properties dialog box closes.

Reboot your system

Follow the above steps to reenable system restore

Create a manual restore point:
click the start button
all programs
system tools
system restore

choose to create a restore point and follow the prompts - name it appropriately
MagicFarmerConnect With a Mentor Commented:
I would also consider running an antiroot kit -- Sophos makes a very good one:
Thomas Zucker-ScharffSystems AnalystCommented:
Yes but don't just run one antiroot kit, I usually run 3 to make sure.  Try the sophos one suggested above (an excellent one) and these 2:

F-Secure: http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/blacklight/index.html
Panda: http://www.softpedia.com/progDownload/Panda-Anti-Rootkit-Download-61553.html

They seem to have varying sensitivities.  I believe that the Sophos app is the most sensitive, the downside being that it will find false positives, depending on your computer usage.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.