JS:Trojan.Cryxos.4890
Hi there!
Today Bitdefender warned me about a malicious/infected website which is a bit strange because I didn't click on any link during my internet search.
Anyways, Bitdefender blocked the website and informed me that the potential malware that was ready to infect my system is called " JS:Trojan.Cryxos.4890 ". Apparently, it's a trojan which I definitely not want on my computer.
As soon as I read the information, I closed my browser. My history is being deleted after that. To be sure I reset my browser, I deleted any temporary files in safe mode, searched for programs that could've been downloaded and let Bitdefender run several scans (quick scan, full scan and even rescue environment).
So far, there is nothing suspicious.
Hence my question: is it possible that the trojan still got into my system and is laying low? How do I notice a trojan? Is there anything else I can try to find it and remove it?
I'd appreciate your answers. Maybe someone has experienced this kind of trojan.
Regards
Best Answer
-
You are safe, and ReadyBoost cannot be deleted since ReadyBoost speeds up the Windows system mainly by utilizing a USB drive to store cache data.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1
Answers
-
Let's start again from scratch:
1) Restart your PC in Safe Mode. You can follow this guide: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234
2) Open the Run command and execute the following commands one by one:
temp – delete all the files in the folder.
%temp% – delete all the files in the folder.
prefetch – delete all the files in the folder.
3) Restart your PC in normal mode by unselecting the option to run the system in Safe Mode, then click 'Apply.'
4) Reset your web browsers:
Google Chrome: https://support.google.com/chrome/answer/3296214?hl=en
Mozilla Firefox: https://support.mozilla.org/en-US/kb/refresh-firefox-reset-add-ons-and-settings
Microsoft Edge: https://malwaretips.com/blogs/reset-microsoft-edge/
Opera: https://browsersolution.com/reset-opera-browser
Vivaldi: https://help.vivaldi.com/desktop/install-update/full-reset-of-vivaldi/
Brave: https://support.brave.com/hc/en-us/articles/360017903152-How-do-I-reset-Brave-settings-to-default-
5) Reset the Windows host file to default. You can find instructions here: https://support.microsoft.com/en-us/topic/how-to-reset-the-hosts-file-back-to-the-default-c2a43f9d-e176-c6f3-e4ef-3500277a6dae
6) Run Disk Cleanup using this guide: https://support.microsoft.com/en-us/windows/disk-cleanup-in-windows-8a96ff42-5751-39ad-23d6-434b4d5b9a68
7) Run a full scan with your Bitdefender product.
If you still suspect a malware on your system, you can try using below stated PORTABLE antimalware software which do not require ANY INSTALLATION. It is totally upto you whether you want to try all of them or as per your choice.
1) Malwarebytes AdwCleaner: https://www.malwarebytes.com/adwcleaner
2) ESET Online Scanner: https://www.eset.com/in/home/online-scanner/
3) Kaspersky Virus Removal Tool: https://usa.kaspersky.com/downloads/free-virus-removal-tool
4) F‑Secure Online Scanner: https://www.f-secure.com/en/online-scanner
5) Trend Micro HouseCall: https://www.trendmicro.com/en_ca/forHome/products/housecall.html
6) Norton Power Eraser: https://support.norton.com/sp/en/us/home/current/solutions/kb20100824120155EN
7) Dr.Web CureIt!: https://free.drweb.com/cureit/
Hope this will resolve your issue
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
Hi Flexx,
Thank you for responding!
I did all the steps you provided and even used four of these tools. Fortunately, they all detected nothing.
Though there was one folder in the prefetch control that could not be deleted. It's called ReadyBoot and contains seven files:
rblayout.xin
ReadyBoot.etl
Trace1.fx Trace2.fx Trace3.fx
Trace9.fx Trace10.fx
I don't think they are malicious, but rather necessary for Windows Boot. I also remember that they were there before I got the trojan warning. They just change/created new once in a while.
Regards
0 -
Thank you! I appreciate your help.
Regards
1