Sunday, December 30, 2012

Trouble with Trojan:js/medfos.b – How to Completely Remove Trojan:js/medfos.b?

Troubles with Trojan:js/medfos.b



When get infected with Trojan:js/medfos.b, the most obvious symptom may be redirections, sometimes with java alert saying something about code that was running. You are not clear what the contents is exactly since machine powers off and reboot shortly after the appearance of the alert. There were cases that some victims didn’t have one. However, they got suspicious service changes – service of firewall, your antivirus program, system defender, internet connection sharing and others were changed from auto start to disabled. And you can’t even see the above mentioned services in the services applet anymore. That’s why you can’t catch Trojan:js/medfos.b and remove it with the modified security utility and you may get Blue screen of death a couple of times after you attempt to remove it with your antivirus program and reboot as requested by the software. Want to remove Trojan:js/medfos.b immediately and completely? 

Better keep reading, you will know how stubborn it is and avoid vain attempts to save precious time.


Effort made



When tried to remove Trojan:js/medfos.b, many victims told Tee Support agents 24/7 online that they have done scans, scans in both normal and safe mode. Successfully deleted a couple hundred cookies and many related files yet Trojan:js/medfos.b kept coming back and the filed recreated at each reboot. Some uninstalled Java items from Control Panel because you consider removing all java item may kill the virus because the Trojan is a JS type, yet you get redirect issue and the virus still showed itself. Desperate? You don’t have to. Please keep reading and follow the steps hereinafter; should you get into troubles when you remove the Trojan, you are welcome to get professional by starting a live chat here.


Is there a way to Remove Trojan:js/medfos.b completely



Luckily the answer is absolutely positive. The above mentioned attempts made are not suffice to remove Trojan:js/medfos.b completely. You have to get to the root of Trojan:js/medfos.b to stop its start up items and its auto run values that resides within kernel part of your system. But when you get into the registry part and other protected folders area, please be careful and make the deletion selective, otherwise, you’ll break your machine at self. Once more attention: fix the redirect problem after the removal of Trojan:js/medfos.b since the redirect issue will not disappear right after the removal. Here we go!


Practical Instructions to Show How to Break down Trojan:js/medfos.b


1. Reboot your computer and log into Safe Mode with Networking.
Step: Reboot your computer. As the computer is booting but before Windows launches, tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to highlight "Safe Mode with Networking" option and press Enter key.  


2. Open Control Panel from Start menu and search for Folder Options;
   

3.Under View tab to tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK;  

4: Please stop the processes listed below

Press CTRL+ALT+DEL key to open Task Manager
                   
 
C:\Users\USER\awt43abr.exe


5. Go to the Registry Editor to delete all related entries listed below

Hold down the Windows key on your keyboard and press the "R" button. Type in "regedit" and hit "Enter" to gain access to the Registry Editor.

                         

Related registries:

HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" –launchedbylogin
HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" –autorun



6.Delete all related files and folders listed below.
 
Dropbox.lnk = Bill\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Owner\AppData\Local\chromeupdate.crx

 

Direct Video Tutorial on How to Remove Trojan:js/medfos.b

 

Kind Reminder: manual removal o Trojan:js/medfos.b  is a process of high complexity and should be performed with extreme caution, or mal-operation often results in loss of precious data even system crash. Therefore, if you're not familiar with that, it is suggested that you back up Windows registry first before carrying out the approach, or better get help from an Online Computer Expert here. Then your issue can be fixed directly and effectively.

No comments:

Post a Comment