Js:pdfka-aiu do I have a virus

Hello

new to avast. Had another anti virus. Anyway did a boot scan and found js:pdfka-aiu in my plugin folder I believe. Didn’t write it all down computer is still scanning. Is this a virus and once in chest is there anything else I need to do?

Quote:
JS:pdfka is a javascript trojan preprogrammed to make your system vulnerable to distant attacks. JS:pdfka may download additional malware such as spyware, rootkits, browser hijackers, worms and viruses. Upon injection, JS:pdfka may hide from security utilities by installig itself into low level system processes. JS:pdfka may track your keystrokes and forward the information to distant computers.

Check your computer for Malware with

Malwarebytes Anti-Malware 1.46 http://filehippo.com/download_malwarebytes_anti_malware/
after install click update so you have latest database before scan
click the remove selected button to quarantine anything found
you may post the scan log here

Thanks for the link… Did a full scan and looks like Avast caught it before it did any damage… Malwarebytes found “0” infected files :slight_smile: I wonder where I got the pdfka virus?!? It was in my appdata/local/temp/plugtmp-24/plugin-s_ob.pdf

Should I have avast fix the file in chest or just leave it alone? Thanks again! ;D

I wonder where I got the pdfka virus?!?
My guess is you have surfed an infected website or clicked an infected pdf file

Every 3.6 seconds a website is infected http://www.scmagazineus.com/every-36-seconds-a-website-is-infected/article/140414/

Should I have avast fix the file in chest or just leave it alone? Thanks again!
Clean, Quarantine, or Delete? http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

Lots of info here if you want to read about it
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=js/pdfka

The differenet antivirus vendors don`t use the same name so see under " alias "

and this is almost the same info on all the versions

quote:

Exploit:JS/Pdfjsc.B is a detection for specially crafted PDF files that target software vulnerabilities in Adobe Acrobat and Adobe Reader.

Exploit:JS/Pdfjsc.B usually arrives in the system when the user visits a Web page that contains a malicious PDF file or opens an e-mail containing the PDF file as an attachment.

So remember to update all adobe programs
you can scan your computer with " Secunia " and it will tell you what programs that need to be updated
http://secunia.com/vulnerability_scanning/online/

Update: so a couple weeks ago after the pdfku virus was found and put in avast chest and recheck with a clean bill of health I was going to walmart.com and avast bubble came up saying attack with the same virus and it was caught. I freaked and ran all the scans again and nothing in computer per avast and malwarebytes. Then I get a call from my CC saying an online purchase at walmart.com was stopped. When I went to login at walmart there was another persons email address in my login space but I was unable to login because they changed my user name. Anywho, cxl cc and walmart account but worried something may still be lingering in my computer since I thought it was taking care of prior to this happening. :frowning: what can I do to make sure my computer is “really” free of viruses? thanks a million.

did scans suggested and this is what it said (first errors then deleted)

Scanning file system…

Scanning: prescan

Scanning: C:*.*

C:\System Volume Information{18ba5043-86c3-11df-beea-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{18ba5044-86c3-11df-beea-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{18ba506c-86c3-11df-beea-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{18ba50ef-86c3-11df-beea-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{18ba50f0-86c3-11df-beea-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{18ba50f6-86c3-11df-beea-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{1a9a7059-7891-11df-82a4-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{1e3fa2f9-8a9f-11df-8900-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{1e3fa334-8a9f-11df-8900-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{1e3fa33b-8a9f-11df-8900-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{1edb8a75-6807-11df-b06a-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{2044ae7c-6f21-11df-9880-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{2044af1a-6f21-11df-9880-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{2403b049-90e5-11df-afc1-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{2403b12f-90e5-11df-afc1-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{254c5037-74ef-11df-aaa5-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{3b5c9866-69a0-11df-bcc5-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{3b5c9867-69a0-11df-bcc5-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{3b5c9875-69a0-11df-bcc5-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{46e936ce-8dda-11df-bbe1-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{5488c904-8f8c-11df-bcd3-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{5488c925-8f8c-11df-bcd3-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{5488c92a-8f8c-11df-bcd3-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{5829fd07-641d-11df-9df2-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{591d8200-6427-11df-befd-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{591d8203-6427-11df-befd-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{591d8211-6427-11df-befd-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{6642ccf4-98c1-11df-b069-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{6642ccf8-98c1-11df-b069-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{6d4098a9-94d9-11df-b039-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{6d4098fd-94d9-11df-b039-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{6d4098fe-94d9-11df-b039-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{7891c671-7961-11df-8165-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{7891c6b1-7961-11df-8165-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{7891c6b6-7961-11df-8165-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{9d9f5c31-8623-11df-a1db-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{9d9f5c32-8623-11df-a1db-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{9d9f5c56-8623-11df-a1db-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{9d9f5c66-8623-11df-a1db-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{9d9f5c6a-8623-11df-a1db-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{abe8a18c-7f79-11df-81ac-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{abe8a18d-7f79-11df-81ac-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{abe8a1c1-7f79-11df-81ac-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{abe8a1da-7f79-11df-81ac-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{abe8a1db-7f79-11df-81ac-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{abe8a2a1-7f79-11df-81ac-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{cfb48a31-7568-11df-b01e-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{cfb48a32-7568-11df-b01e-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{d7c32882-7d49-11df-9e3e-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{dacb4416-8e9d-11df-aade-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{dacb4419-8e9d-11df-aade-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{dacb441d-8e9d-11df-aade-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{dcc0cc05-7ed0-11df-8a3d-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{dcc0ccd0-7ed0-11df-8a3d-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information{ff609be8-8455-11df-bf96-00116780d535}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\75a4ca15-61c639d4/Is.class (Infected with JAVA/Dloader.J)
Deleted file

C:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\75a4ca15-61c639d4/MyName.class (Infected with JAVA/Exploit.AB)
Deleted file

C:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\75a4ca15-61c639d4/Phone.class (Infected with Java/Exploit.AA)
Deleted file

C:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f9c4770-4bffdee5/gogol/Emailer.class (Infected with JAVA/Dloader.H)
Deleted file

C:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f9c4770-4bffdee5/gogol/Familie.class (Infected with Java/Agent.X)
Deleted file

C:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\f9c4770-4bffdee5/gogol/PhonBook.class (Infected with JAVA/Dloader.I)
Deleted file

Scanning: postscan

other scan Dr… said: google installer - status probably dloader.trojan

not sure what any of this means… :frowning:

I suggest:

  1. Clean your temporary files.
  2. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, it is better and safer to send the infected file(s) to quarantine (Chest), rather than simply deleting them.
  4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
  6. Clean your Hosts file (replacing it) with HostsMan tool.
  7. Disable System Restore and then reenable it again. It will delete the infected points.
  8. Immunize your system with SpywareBlaster.
  9. Check if you have insecure applications with Secunia Software Inspector.

hijack this log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:47:36 AM, on 7/28/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\eCopy\PaperWorks\Bin\eCopyPWPrntHlpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\eCopy\PaperWorks\Bin\eCopyPaperWorks.exe
C:\Users\Tracey\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [avast5] “C:\Program Files\Alwil Software\Avast5\avastUI.exe” /nogui
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User ‘NETWORK SERVICE’)
O4 - Startup: BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe


End of file - 5431 bytes


After analyzing your HJT log with 2 analyzers, nothing was found to worry about.


sorry it took me so long to respond… Thank you for checking for me. :slight_smile: You all rock! Take care~