?
Solved

Remove virus

Posted on 2012-09-11
13
Medium Priority
?
946 Views
Last Modified: 2013-11-22
Have a virus the pop up is File Recovery and the quartined name Vipre found is exploit.PDF-JS.GEN (v).
How to get rid of this?
On a Win 7 32bit workstation
0
Comment
Question by:Hubman
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38387558
I'm a big fan of bleepingcomputer.com.  They always have great guides for removal of infections just like this.  Here's a link to the remove guide for File Recovery.

http://www.bleepingcomputer.com/virus-removal/remove-file-recovery

Everything is listed out for you in easy to follow instructions.  Let me know if you have any issues.
0
 
LVL 38

Accepted Solution

by:
younghv earned 2000 total points
ID: 38387637
This sounds like an old exploit that is vectored through an unpatched version of Adobe.

A sound method of attacking this is to use a rogue process stopper prior to starting your scanning tools.

Details in these EE Articles:
http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
0
 
LVL 1

Expert Comment

by:JiggyKaTukra
ID: 38387640
Download Malwarebytes Anti-Malware freeware
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

install and run it.
Check for updates.
Perform a full scan (expect to wait at least an hour or two).
Look through the threats and manually remove it.

NB. Also it will give you a path to the file (typically PDF).
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 1

Author Comment

by:Hubman
ID: 38387648
I did update and run Malwarebytes, but it did not find anything, I'll try the other posted above.
0
 
LVL 38

Expert Comment

by:younghv
ID: 38387656
@pc_solutions50501 -
I too am a big fan "Grinler" over at BleepingComputer, but please limit your referrals to actual solutions on other forums - not generic recommendations to go look somewhere else for a solution.

If you're interested, the EE Site Guidelines actually prohibit such posts:

http://www.experts-exchange.com/terms.jsp
Para 5 (i)
0
 
LVL 38

Expert Comment

by:younghv
ID: 38387663
@Hubman -
After you get this cleaned up, please be sure to run patches/updates for your OS and all applications (especially Adobe products and Java.

Many security experts are recommending that you disable Java until good patches come out for their current vulnerability (I have).

Please notice in my articles that I also recommend the use of "TDSSKiller" after the MBAM scan - and post the logs generated by any scanner that you run.
0
 
LVL 1

Author Comment

by:Hubman
ID: 38387670
I agree younghv, you are correct Adobe has not up to date, I'll address that for the entire network. Going over your post above...Thanks
0
 
LVL 8

Expert Comment

by:Scott Thompson
ID: 38387715
@younghv,

I do not know how to send you a message personally, so I would like to apologize to Hubman for this post.  EE is very confusing to me.  I keep trying to help people out, but keep apparently messing up.  I have gotten repremanded several times and had comments removed because I'm not posting original information, or other issues.  If a 'competitors' site contains a removal guide, how do I post the 'solution' without linking?  What is the best way to do this?
0
 
LVL 38

Expert Comment

by:younghv
ID: 38387752
pc_solutions50501 -
If you point to an "Actual Solution" in another forum, that is OK.
Your link above is not to a solution for this variant of malware.

As you state: "Here's a link to the remove guide for File Recovery."

The "File Recovery" variants are a form of 'scare-ware' or 'scamware' and do not appear to be related to the problem at hand.

More to the point, none of us should be posting advice to anyone unless we are posting from our personal knowledge and experience.

We should all presume that the asker has done their own Google Searches and are in need of "Expert" advice on a particular problem.

I focus on the "Virus & Spyware" Zones because that is what I do for a living. Each of us should focus on what we know - and be prepared to give solid follow-up advice if our initial advice does not work.

For off-line contact, you can add "@experts-exchange.com" to my user name and I will get the email.

PS - I apologize to the other participants also, but thought this important information to post.
0
 
LVL 1

Author Closing Comment

by:Hubman
ID: 38388084
One of this removed it...after running them and reboot.
0
 
LVL 38

Expert Comment

by:younghv
ID: 38388164
@Hubman -
I really appreciate that you closed out this question promptly, but I am more concerned with an actual solution than more points (I have all I need).

If you still have the 'Logs' from RK and TDSSKiller, please post them and let us take a look.
There may still be remnants of the malware.

Again - thank you for staying active in your question. That is really important to all the volunteers who help out here.
0
 
LVL 1

Author Comment

by:Hubman
ID: 38388220
Did not save them, I always give credit where it is due. Thanks for all the help
0
 
LVL 38

Expert Comment

by:younghv
ID: 38388760
Good stuff - thank you for responding.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question