Home Malware Programs Malware Exploit:Win32/Pdfjsc.VS

Exploit:Win32/Pdfjsc.VS

Posted: January 19, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 16
First Seen: January 19, 2012
OS(es) Affected: Windows

Exploit:Win32/Pdfjsc.VS is a group of JavaScript-based PDF files that are created especially to take advantage of security vulnerabilities in Adobe Reader and Adobe Acrobat. Although Exploit:Win32/Pdfjsc.VS can be configured for a variety of payloads, common misuse of Exploit:Win32/Pdfjsc.VS has involved the installation of other PC threats, such as backdoor Trojans, rogue security programs and browser hijackers. If you have Adobe software installed, SpywareRemove.com malware researchers recommend for you to keep your software up-to-date as a way of minimizing the presence of vulnerabilities that Exploit:Win32/Pdfjsc.VS can use to its advantage. However, computers that lack the relevant software to exploit can be considered totally safe from Exploit:Win32/Pdfjsc.VS attacks even if the Exploit:Win32/Pdfjsc.VS file is manually-launched.

Exploit:Win32/Pdfjsc.VS – Not the Harmless PDF You Thought It Was

Malicious PDF files like Exploit:Win32/Pdfjsc.VS are commonly distributed in mass mailed e-mails and through social engineering scams that lead you to open the file on the presumption that Exploit:Win32/Pdfjsc.VS is harmless for your PC. Avoiding PDF files from unusual sources should, therefore, be considered a primary way to defend your computer against Exploit:Win32/Pdfjsc.VS attacks, although SpywareRemove.com malware experts also note that Exploit:Win32/Pdfjsc.VS may be inaccurately labeled as a different file format. Fake UPS notifications and Facebook Wall links are just two examples of common methods of propagation that are used by PC threats that are highly reminiscent of Exploit:Win32/Pdfjsc.VS.

Once open, Exploit:Win32/Pdfjsc.VS will make use of a range of exploits for Adobe software to launch its JavaScript-based functions. These vulnerabilities include CVE-2009-0927, CVE-2007-5659, CVE-2008-2641 and CVE-2008-2992. Affected programs are limited to Adobe Reader and Acrobat. However, many versions of these programs are vulnerable to these attacks, including Adobe Reader and Acrobat 8.1.1 and previous versions of the same, versions 7.0.9 and previous versions of the same, and 8.1.2 and previous versions of the same (depending on the exploit in question). Accordingly, SpywareRemove.com malware analysts note that patching these programs to their most recent versions can reduce the possibility of Exploit:Win32/Pdfjsc.VS attacks.

Dangerous Instructions Buried Inside of Exploit:Win32/Pdfjsc.VS's Java

Because Exploit:Win32/Pdfjsc.VS can be used to execute a wide range of malicious functions, Exploit:Win32/Pdfjsc.VS's payload and symptoms may differ between variants. However, typical threats that SpywareRemove.com malware researchers have found out can be associated with Exploit:Win32/Pdfjsc.VS and similar types of PDF exploits include:

  • Blocked anti-malware and security programs (to prevent you from removing Exploit:Win32/Pdfjsc.VS's payload in an appropriate manner).
  • The installation of browser hijackers that redirect your browser to hostile sites, potentially-including phishing sites, fraudulent search engines, sites that use drive-by-download scripts or sites that promote scamware.
  • Information stolen by spyware such as keyloggers; targeted information can consist of passwords, browser cache info and banking data.
  • The creation of inaccurate warning messages, alerts and infection notifications that are caused by ransomware Trojans or rogue security applications.

Once Exploit:Win32/Pdfjsc.VS's payload is installed, SpywareRemove.com malware researchers recommend that you scan your PC with suitable anti-malware products to delete Exploit:Win32/Pdfjsc.VS and associated PC threats. Attempting to remove Exploit:Win32/Pdfjsc.VS or its payload by other methods can result in harm to your computer or fail to remove all components.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%AllUsersProfile%\Win32/RANDOM CHARACTERS.exe File name: %AllUsersProfile%\Win32/RANDOM CHARACTERS.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\ CURRENTVERSION\RUN\RANDOM CHARACTERS.exe
Loading...