Exploit:Win32/Pdfjsc.VS
Posted: January 19, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 2/10 |
---|---|
Infected PCs: | 16 |
First Seen: | January 19, 2012 |
---|---|
OS(es) Affected: | Windows |
Exploit:Win32/Pdfjsc.VS is a group of JavaScript-based PDF files that are created especially to take advantage of security vulnerabilities in Adobe Reader and Adobe Acrobat. Although Exploit:Win32/Pdfjsc.VS can be configured for a variety of payloads, common misuse of Exploit:Win32/Pdfjsc.VS has involved the installation of other PC threats, such as backdoor Trojans, rogue security programs and browser hijackers. If you have Adobe software installed, SpywareRemove.com malware researchers recommend for you to keep your software up-to-date as a way of minimizing the presence of vulnerabilities that Exploit:Win32/Pdfjsc.VS can use to its advantage. However, computers that lack the relevant software to exploit can be considered totally safe from Exploit:Win32/Pdfjsc.VS attacks even if the Exploit:Win32/Pdfjsc.VS file is manually-launched.
Exploit:Win32/Pdfjsc.VS – Not the Harmless PDF You Thought It Was
Malicious PDF files like Exploit:Win32/Pdfjsc.VS are commonly distributed in mass mailed e-mails and through social engineering scams that lead you to open the file on the presumption that Exploit:Win32/Pdfjsc.VS is harmless for your PC. Avoiding PDF files from unusual sources should, therefore, be considered a primary way to defend your computer against Exploit:Win32/Pdfjsc.VS attacks, although SpywareRemove.com malware experts also note that Exploit:Win32/Pdfjsc.VS may be inaccurately labeled as a different file format. Fake UPS notifications and Facebook Wall links are just two examples of common methods of propagation that are used by PC threats that are highly reminiscent of Exploit:Win32/Pdfjsc.VS.
Once open, Exploit:Win32/Pdfjsc.VS will make use of a range of exploits for Adobe software to launch its JavaScript-based functions. These vulnerabilities include CVE-2009-0927, CVE-2007-5659, CVE-2008-2641 and CVE-2008-2992. Affected programs are limited to Adobe Reader and Acrobat. However, many versions of these programs are vulnerable to these attacks, including Adobe Reader and Acrobat 8.1.1 and previous versions of the same, versions 7.0.9 and previous versions of the same, and 8.1.2 and previous versions of the same (depending on the exploit in question). Accordingly, SpywareRemove.com malware analysts note that patching these programs to their most recent versions can reduce the possibility of Exploit:Win32/Pdfjsc.VS attacks.
Dangerous Instructions Buried Inside of Exploit:Win32/Pdfjsc.VS's Java
Because Exploit:Win32/Pdfjsc.VS can be used to execute a wide range of malicious functions, Exploit:Win32/Pdfjsc.VS's payload and symptoms may differ between variants. However, typical threats that SpywareRemove.com malware researchers have found out can be associated with Exploit:Win32/Pdfjsc.VS and similar types of PDF exploits include:
- Blocked anti-malware and security programs (to prevent you from removing Exploit:Win32/Pdfjsc.VS's payload in an appropriate manner).
- The installation of browser hijackers that redirect your browser to hostile sites, potentially-including phishing sites, fraudulent search engines, sites that use drive-by-download scripts or sites that promote scamware.
- Information stolen by spyware such as keyloggers; targeted information can consist of passwords, browser cache info and banking data.
- The creation of inaccurate warning messages, alerts and infection notifications that are caused by ransomware Trojans or rogue security applications.
Once Exploit:Win32/Pdfjsc.VS's payload is installed, SpywareRemove.com malware researchers recommend that you scan your PC with suitable anti-malware products to delete Exploit:Win32/Pdfjsc.VS and associated PC threats. Attempting to remove Exploit:Win32/Pdfjsc.VS or its payload by other methods can result in harm to your computer or fail to remove all components.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AllUsersProfile%\Win32/RANDOM CHARACTERS.exe
File name: %AllUsersProfile%\Win32/RANDOM CHARACTERS.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\ CURRENTVERSION\RUN\RANDOM CHARACTERS.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.