Remove virus

Have a virus the pop up is File Recovery and the quartined name Vipre found is exploit.PDF-JS.GEN (v).
How to get rid of this?
On a Win 7 32bit workstation
LVL 1
HubmanAsked:
Who is Participating?
 
younghvConnect With a Mentor Commented:
This sounds like an old exploit that is vectored through an unpatched version of Adobe.

A sound method of attacking this is to use a rogue process stopper prior to starting your scanning tools.

Details in these EE Articles:
http://www.experts-exchange.com/A_4922.html Rogue-Killer-What-a-great-name
http://www.experts-exchange.com/A_5124.html Stop-the-Bleeding-First-Aid-for-Malware
0
 
Scott ThompsonComputer Technician / OwnerCommented:
I'm a big fan of bleepingcomputer.com.  They always have great guides for removal of infections just like this.  Here's a link to the remove guide for File Recovery.

http://www.bleepingcomputer.com/virus-removal/remove-file-recovery

Everything is listed out for you in easy to follow instructions.  Let me know if you have any issues.
0
 
JiggyKaTukraCommented:
Download Malwarebytes Anti-Malware freeware
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

install and run it.
Check for updates.
Perform a full scan (expect to wait at least an hour or two).
Look through the threats and manually remove it.

NB. Also it will give you a path to the file (typically PDF).
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
HubmanAuthor Commented:
I did update and run Malwarebytes, but it did not find anything, I'll try the other posted above.
0
 
younghvCommented:
@pc_solutions50501 -
I too am a big fan "Grinler" over at BleepingComputer, but please limit your referrals to actual solutions on other forums - not generic recommendations to go look somewhere else for a solution.

If you're interested, the EE Site Guidelines actually prohibit such posts:

http://www.experts-exchange.com/terms.jsp
Para 5 (i)
0
 
younghvCommented:
@Hubman -
After you get this cleaned up, please be sure to run patches/updates for your OS and all applications (especially Adobe products and Java.

Many security experts are recommending that you disable Java until good patches come out for their current vulnerability (I have).

Please notice in my articles that I also recommend the use of "TDSSKiller" after the MBAM scan - and post the logs generated by any scanner that you run.
0
 
HubmanAuthor Commented:
I agree younghv, you are correct Adobe has not up to date, I'll address that for the entire network. Going over your post above...Thanks
0
 
Scott ThompsonComputer Technician / OwnerCommented:
@younghv,

I do not know how to send you a message personally, so I would like to apologize to Hubman for this post.  EE is very confusing to me.  I keep trying to help people out, but keep apparently messing up.  I have gotten repremanded several times and had comments removed because I'm not posting original information, or other issues.  If a 'competitors' site contains a removal guide, how do I post the 'solution' without linking?  What is the best way to do this?
0
 
younghvCommented:
pc_solutions50501 -
If you point to an "Actual Solution" in another forum, that is OK.
Your link above is not to a solution for this variant of malware.

As you state: "Here's a link to the remove guide for File Recovery."

The "File Recovery" variants are a form of 'scare-ware' or 'scamware' and do not appear to be related to the problem at hand.

More to the point, none of us should be posting advice to anyone unless we are posting from our personal knowledge and experience.

We should all presume that the asker has done their own Google Searches and are in need of "Expert" advice on a particular problem.

I focus on the "Virus & Spyware" Zones because that is what I do for a living. Each of us should focus on what we know - and be prepared to give solid follow-up advice if our initial advice does not work.

For off-line contact, you can add "@experts-exchange.com" to my user name and I will get the email.

PS - I apologize to the other participants also, but thought this important information to post.
0
 
HubmanAuthor Commented:
One of this removed it...after running them and reboot.
0
 
younghvCommented:
@Hubman -
I really appreciate that you closed out this question promptly, but I am more concerned with an actual solution than more points (I have all I need).

If you still have the 'Logs' from RK and TDSSKiller, please post them and let us take a look.
There may still be remnants of the malware.

Again - thank you for staying active in your question. That is really important to all the volunteers who help out here.
0
 
HubmanAuthor Commented:
Did not save them, I always give credit where it is due. Thanks for all the help
0
 
younghvCommented:
Good stuff - thank you for responding.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.