{"id":6306,"date":"2013-01-28T20:10:42","date_gmt":"2013-01-28T20:10:42","guid":{"rendered":"http:\/\/malwaretips.com\/blogs\/?p=6306"},"modified":"2013-01-28T20:10:42","modified_gmt":"2013-01-28T20:10:42","slug":"remove-exploit-win32-pdfjsc-afu","status":"publish","type":"post","link":"https:\/\/malwaretips.com\/blogs\/remove-exploit-win32-pdfjsc-afu\/","title":{"rendered":"Remove Exploit:Win32\/Pdfjsc.AFU (Removal Instructions)"},"content":{"rendered":"<p>Exploit:Win32\/Pdfjsc.AFU is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader.<br \/>\nYour computer has been infected with Exploit:JS\/Cooexp.A, after you have visited a malicious or compromised webpage containing a \u00a0malicious \u00a0script, which exploited known vulnerabilities in Adobe Acrobat, and Adobe Reader.The following versions of Adobe Acrobat and Adobe Reader are vulnerable to this exploit:<br \/>\n<em>Adobe Acrobat and Adobe Reader earlier than 8.2.1<br \/>\nAdobe Acrobat and Adobe Reader earlier than 9.3.1<\/em><br \/>\nThe PDF file contains a malicious JavaScript that exploits a vulnerability, discussed in CVE-2010-0188.If Exploit:Win32\/Pdfjsc.AFU successfully exploits a vulnerable computer, it attempts to download and install arbitrary files which may be detected as malware.<br \/>\nThis malicious program is also known as:<br \/>\nEXP\/Pidief.dqz.1.B (Avira)<br \/>\nExploit.PDF (Ikarus)<br \/>\nExploit.PDF.3178 (Dr.Web)<br \/>\nJS\/ShellCode.A (Command)<br \/>\nPDF:Exploit.PDF-JS.SU (BitDefender)<br \/>\nTroj\/PDFJs-ACY (Sophos)<br \/>\nTROJ_PIDIEF.ENR (Trend Micro)<br \/>\nIf you received a pop-up warning for Exploit:Win32\/Pdfjsc.AFU while you were surfing a website, chances are that the threat was blocked and there\u2019s nothing to remove, however if you suspect that a malicious file has been downloaded to your computer, we strongly recommend taht you perform the following removal guide.<\/p><div id=\"mwtad3042111018\" class=\"gas_fallback-ad_309684--placement_360520\" style=\"margin-top: 30px;margin-bottom: 30px;\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-7750719144850257\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-7750719144850257\" \ndata-ad-slot=\"3957935887\" \ndata-ad-format=\"auto\" data-full-width-responsive=\"true\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n<h3>STEP 1: Remove Exploit:Win32\/Pdfjsc.AFU infection with Kaspersky TDSSKiller<\/h3>\n<p>As part of its self defense mechanism, Exploit:Win32\/Pdfjsc.AFU will install a rootkit on the infected computer.In this first step, we will run a system scan with Kaspersky TDSSKiller to remove this rookit.<\/p>\n<ol>\n<li>Please <strong>download<\/strong> the latest official version of Kaspersky TDSSKiller.<br \/>\n<a href=\"http:\/\/support.kaspersky.com\/downloads\/utils\/tdsskiller.exe\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>KASPERSKY TDSSKILLER DOWNLOAD LINK<\/strong><\/a><em>(This link will automatically download Kaspersky TDSSKiller on your computer.)<\/em><\/li>\n<li>Before you can run Kaspersky TDSSKiller, you first need to\u00a0<strong>rename\u00a0it<\/strong> so that<br \/>\nyou can get it to run.\u00a0To do this, right-click on the TDSSKiller.exe icon and select\u00a0<em>Rename<\/em>.<br \/>\nEdit the name of the file from TDSSKiller.exe to <strong>iexplore.exe<\/strong>, and then double-click on it to\u00a0launch.<\/li>\n<li>Kaspersky TDSSKiller will now start and display the welcome screen and we will need to click on <em>Change Parameters<\/em>.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5543\" title=\"Kaspersky TDSSKiller - Change Parameters\" alt=\"Kaspersky TDSSKiller change settings\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-change-parameters.jpg\" width=\"392\" height=\"360\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-change-parameters.jpg 392w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-change-parameters-300x275.jpg 300w\" sizes=\"(max-width: 392px) 100vw, 392px\" \/><\/li>\n<li>In the new open window,we will need to enable <em>Detect TDLFS file system<\/em>, then click on <strong>OK<\/strong>.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5544\" title=\"Kaspersky TDSSKiller - Detect TDLFS file system\" alt=\"Kaspersky TDSSKiller Detect TDLFS file system\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-detect-tdfls.jpg\" width=\"392\" height=\"360\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-detect-tdfls.jpg 392w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-detect-tdfls-300x275.jpg 300w\" sizes=\"(max-width: 392px) 100vw, 392px\" \/><\/li>\n<li>Next,we will need to start a scan with Kaspersky, so you&#8217;ll need to press the\u00a0<strong>Start Scan<\/strong>\u00a0button.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5546\" title=\"Kaspersky TDSSKiller - Start a system scan\" alt=\"Kaspersky TDSSKiller start scan\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-start-scan.jpg\" width=\"392\" height=\"360\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-start-scan.jpg 392w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-start-scan-300x275.jpg 300w\" sizes=\"(max-width: 392px) 100vw, 392px\" \/><\/li>\n<li>Kaspersky TDSSKiller will now scan your computer for Exploit:Win32\/Pdfjsc.AFU infection.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5545\" title=\"Kaspersky TDSSKiller while scanning\" alt=\"Kaspersky TDSSKiller scan\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-scan.jpg\" width=\"392\" height=\"360\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-scan.jpg 392w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/12\/tdsskiller-scan-300x275.jpg 300w\" sizes=\"(max-width: 392px) 100vw, 392px\" \/><\/li>\n<li>When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.<br \/>\n<img decoding=\"async\" title=\"Kaspersky TDSKiller scan results\" alt=\"Kaspersky TDSSKiller results\" src=\"\/\/malwaretips.com\/images\/removalguide\/tdsskiller4.png\" width=\"450\" height=\"349\" border=\"0\" \/><\/li>\n<li>To remove the infection simply click on the\u00a0<strong>Continue<\/strong>\u00a0button and TDSSKiller will attempt to clean the infection.A\u00a0reboot\u00a0will be require to completely remove any infection from your system.<\/li>\n<\/ol>\n<hr \/>\n<h3>STEP 2: Remove Exploit:Win32\/Pdfjsc.AFU malicious files with Malwarebytes Anti-Malware<\/h3>\n<p>Malwarebytes Chameleon technologies will allow us to install and run a Malwarebytes Anti-Malware scan without being blocked by Trojan:Win32\/QHosts and Trojan:W32\/Qhost.<\/p><div id=\"mwtad3043045734\" class=\"gas_fallback-ad_381396-ad_309691-placement_360566\" style=\"margin-top: 30px;margin-bottom: 30px;\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-7750719144850257\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-7750719144850257\" \ndata-ad-slot=\"1471373341\" \ndata-ad-format=\"auto\" data-full-width-responsive=\"true\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n<ol>\n<li><strong>Download Malwarebytes Chameleon<\/strong> from\u00a0the below link and <strong>extract it<\/strong> to a folder in a convenient location.<br \/>\n<strong><a title=\"Download Malwarebytes Chameleon\" href=\"https:\/\/store.malwarebytes.org\/342\/cookie?affiliate=17877&amp;redirectto=http%3a%2f%2fwww.malwarebytes.org%2fproducts%2fchameleon%2f&amp;redirecthash=395481034C2C490CC5E8608F1732B639&amp;product=29945\" target=\"_blank\" rel=\"noopener noreferrer\">MALWAREBYTES CHAMELEON DOWNLOAD LINK<\/a><\/strong>\u00a0 <em>(This link will open a new web page from where you can download Malwarebytes Chameleon)<\/em><\/li>\n<li>Make certain that your infected computer is connected to the internet and then open the Malwarebytes Chameleon folder and double-click on <strong>svchost.exe<\/strong>.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-4982\" title=\"Start Malwarebytes Chameleon\" alt=\"Malwarebytes Chameleon\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-file.jpg\" width=\"538\" height=\"284\" \/><br \/>\n<strong>IF<\/strong>\u00a0Malwarebytes Chameleon will not open, double-click on the other renamed files until you find one will work, which will be indicated by a black DOS\/command prompt window.<\/li>\n<li><strong>Follow the onscreen instructions<\/strong> to press a key to continue and Chameleon will proceed to download and install Malwarebytes Anti-Malware for you.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-4975\" title=\"Press any key to start Malwarebytes Chameleon \" alt=\"Malwarebytes Chameleon press key\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon.jpg\" width=\"452\" height=\"210\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon.jpg 452w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-300x139.jpg 300w\" sizes=\"(max-width: 452px) 100vw, 452px\" \/><\/li>\n<li>Once it has done this, it will update Malwarebytes Anti-Malware, and you&#8217;ll need to click\u00a0<strong>OK<\/strong>\u00a0when it says that the database was updated successfully.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-4977\" title=\"Malwarebytes Chameleon updating database\" alt=\"Malwarebytes Chameleon updating its database\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-update.jpg\" width=\"762\" height=\"401\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-update.jpg 762w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-update-300x157.jpg 300w\" sizes=\"(max-width: 762px) 100vw, 762px\" \/><\/li>\n<li><strong>Malwarebytes Anti-Malware will now attempt to kill all the malicious process<\/strong> associated with Trojan:Win32\/QHosts and Trojan:W32\/Qhost.Please be aware that this process can take up to 10 minutes, so please be patient.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-4976\" title=\"Malwarebytes Chameleon killing malicious processes\" alt=\"Malwarebytes Chameleon killing malware\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-killing-malware.jpg\" width=\"474\" height=\"206\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-killing-malware.jpg 474w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/malwarebytes-chameleon-killing-malware-300x130.jpg 300w\" sizes=\"(max-width: 474px) 100vw, 474px\" \/><\/li>\n<li>Next, Malwarebytes Anti-Malware will automatically open and <strong>perform a Quick scan<\/strong> for Exploit:Win32\/Pdfjsc.AFU malicious files as shown below.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-6077\" title=\"Malwarebytes Anti-Malware scanning for Trojan:Win32\/QHosts and Trojan:W32\/Qhost\" alt=\"[Image: Malwarebytes Anti-Malware scanning for Trojan:Win32\/QHosts and Trojan:W32\/Qhost]\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-scan.jpg\" width=\"521\" height=\"397\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-scan.jpg 521w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-scan-300x228.jpg 300w\" sizes=\"(max-width: 521px) 100vw, 521px\" \/><\/li>\n<li>Upon completion of the scan, click on\u00a0<strong>Show Result<\/strong><br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-6078\" title=\"Malwarebytes when the system scan has completed\" alt=\"[Image: Malwarebytes Anti-Malware scan results]\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-scan-results.jpg\" width=\"521\" height=\"397\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-scan-results.jpg 521w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-scan-results-300x228.jpg 300w\" sizes=\"(max-width: 521px) 100vw, 521px\" \/><\/li>\n<li>You will now be presented with a screen showing you the malware infections that Malwarebytes Anti-Malware has detected.<br \/>\nMake sure that everything is <strong>Checked (ticked)<\/strong>,then\u00a0click on the <strong>Remove Selected <\/strong> button.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-6079\" title=\"Click on Remove Selected to get rid of Trojan:Win32\/QHosts and Trojan:W32\/Qhost\" alt=\"[Image:Malwarebytes removing virus]\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-virus-removal.jpg\" width=\"521\" height=\"397\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-virus-removal.jpg 521w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2013\/01\/malwarebytes-virus-removal-300x228.jpg 300w\" sizes=\"(max-width: 521px) 100vw, 521px\" \/><\/li>\n<li>After your computer restarts, open\u00a0<strong>Malwarebytes Anti-Malware<\/strong>\u00a0and <strong>perform a Full System scan<\/strong> to verify that there are no remaining threats<\/li>\n<\/ol>\n<hr \/>\n<h3>STEP 3 : Remove the malicious registry keys added by the Trojan:Win32\/QHosts and Trojan:W32\/Qhost<\/h3>\n<p>Trojan:Win32\/QHosts and Trojan:W32\/Qhost\u00a0has added some malicious registry keys to your Windows installation,to remove them we will need to perform a scan with RogueKiller.<\/p>\n<ol>\n<li>You can\u00a0download RogueKiller from the below link.<br \/>\n<strong><a href=\"http:\/\/www.sur-la-toile.com\/RogueKiller\/RogueKiller.exe\" target=\"_blank\" rel=\"noopener noreferrer\">ROGUEKILLER DOWNLOAD LINK<\/a><\/strong> <em>(This link will automatically download RogueKiller on your computer)<\/em><\/li>\n<li><strong>Double click on RogueKiller.exe<\/strong> to start this utility and then <strong>wait for the Prescan to complete<\/strong>.This should take only a few seconds and then you can <strong>click the Start button<\/strong> to perform a system scan.<br \/>\n<img decoding=\"async\" title=\"Click on the Start button to perform a system scan\" alt=\"[Image: RogueKiller while scanning]\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/04\/roguek-1.png\" width=\"600\" height=\"450\" border=\"0\" \/><\/li>\n<li>After the scan has completed, <strong>press the Delete button<\/strong> to remove any malicious registry keys.<br \/>\n<img decoding=\"async\" title=\"Press Delete to remove the malicious registry keys\" alt=\"[Image: RogueKiller removing Trojan:Win32\/QHosts and Trojan:W32\/Qhost]\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/04\/roguek-2.png\" width=\"600\" height=\"450\" border=\"0\" \/><\/li>\n<\/ol>\n<hr \/>\n<h3>STEP 4: Remove Exploit:Win32\/Pdfjsc.AFU rootkit with HitmanPro<\/h3>\n<ol>\n<li>you can <strong>download HitmanPro<\/strong> from the below link,then double click on it to start this program.<br \/>\n<a href=\"https:\/\/www.cleverbridge.com\/747\/cookie?affiliate=17877&amp;redirectto=http%3a%2f%2fwww.surfright.nl%2fen%2fhitmanpro%2f&amp;product=69061s\" target=\"_blank\" rel=\"noopener noreferrer\"> <strong>HITMANPRO DOWNLOAD LINK<\/strong><\/a> <em>(This link will open a new web page from where you can download HitmanPro)<\/em><br \/>\n<strong>IF<\/strong> you are experiencing problems while trying to start HitmanPro, you can use the <em>Force Breach<\/em> mode.To start HitmanPro in Force Breach mode,<strong> hold down the left CTRL-key when you start HitmanPro<\/strong> and all non-essential processes are terminated, including the malware process. (<a href=\"http:\/\/www.youtube.com\/watch?feature=player_embedded&amp;v=m6eRWTv2STk\" target=\"_blank\" rel=\"noopener\">How to start HitmanPro in Force Breach mode &#8211; Video<\/a>)<\/li>\n<li>HitmanPro will start and you&#8217;ll need to follow the prompts (by clicking on the <strong>Next<\/strong> button) to start a system scan with this program.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5176\" title=\"HitmanPro startup screen (Click Next)\" alt=\"HitmanPro scanner\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-install.jpg\" width=\"497\" height=\"393\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-install.jpg 497w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-install-300x237.jpg 300w\" sizes=\"(max-width: 497px) 100vw, 497px\" \/><br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5179\" title=\"HitmanPro installation options (Click Next)\" alt=\"HitmanPro installation\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmapro-start-scan.jpg\" width=\"497\" height=\"393\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmapro-start-scan.jpg 497w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmapro-start-scan-300x237.jpg 300w\" sizes=\"(max-width: 497px) 100vw, 497px\" \/><\/li>\n<li>HitmanPro will start scanning your computer for Exploit:Win32\/Pdfjsc.AFU malicious files\u00a0as seen in the image below.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5177\" title=\"HitmanPro while scanning for Win 7 Defender\" alt=\"HitmanPro scan after Win 7 Defender\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-scan.jpg\" width=\"497\" height=\"393\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-scan.jpg 497w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-scan-300x237.jpg 300w\" sizes=\"(max-width: 497px) 100vw, 497px\" \/><\/li>\n<li>Once the scan is complete,you&#8217;ll see a screen which will display all the infected files that this utility has detected, and you&#8217;ll need to click on <strong>Next<\/strong> to remove this malicious files.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5178\" title=\"HitmanPro reporting scan results\" alt=\"HitmanPro scan results\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-scan-results.jpg\" width=\"497\" height=\"393\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-scan-results.jpg 497w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-scan-results-300x237.jpg 300w\" sizes=\"(max-width: 497px) 100vw, 497px\" \/><\/li>\n<li>Click <strong>Activate free license <\/strong>to start the free 30 days trial and remove all the malicious files from your computer.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5175\" title=\"Activate HitmanPro free 30 days trial license\" alt=\"HitmanPro 30 days activation button\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-activation.jpg\" width=\"497\" height=\"393\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-activation.jpg 497w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/hitmanpro-activation-300x237.jpg 300w\" sizes=\"(max-width: 497px) 100vw, 497px\" \/><\/li>\n<\/ol>\n<hr \/>\n<h3>STEP 5: Double check for any left over infections with Emsisoft Emergency Kit<\/h3>\n<ol>\n<li>You can <strong>download Emsisoft Emergency Kit<\/strong> from the below link,then <strong>extract it<\/strong> to a folder in a convenient location.<br \/>\n<a href=\"https:\/\/shop.emsisoft.com\/34\/cookie?affiliate=17877&amp;redirectto=http%3a%2f%2fwww.emsisoft.com%2fen%2fsoftware%2feek%2f&amp;product=2414\" target=\"_blank\" rel=\"noopener noreferrer\"> <strong>EMSISOFT EMERGENCY KIT DOWNLOAD LINK<\/strong><\/a> <em>((This link will open a new web page from where you can download Emsisoft Emergency Kit)<\/em><\/li>\n<li>Open the Emsisoft Emergency Kit folder and double click <strong>EmergencyKitScanner.bat<\/strong>, then allow this program to update itself.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5180\" title=\"Double click on EmergencyKitScanner.bat to start EEK\" alt=\"EmergencyKitScanner.bat file\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-bat.jpg\" width=\"767\" height=\"370\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-bat.jpg 767w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-bat-300x144.jpg 300w\" sizes=\"(max-width: 767px) 100vw, 767px\" \/><\/li>\n<li>After the Emsisoft Emergency Kit has update has completed,click on the <strong>Menu<\/strong> tab,then select <strong>Scan PC<\/strong>.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5183\" title=\"Scan tab on Emsisoft Emergency Kit\" alt=\"Emsisoft Emergency Kit scan tab\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-scan-pc.jpg\" width=\"520\" height=\"374\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-scan-pc.jpg 520w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-scan-pc-300x215.jpg 300w\" sizes=\"(max-width: 520px) 100vw, 520px\" \/><\/li>\n<li>Select <strong>Smart scan<\/strong> and click on the <strong>SCAN<\/strong> button to search for Exploit:Win32\/Pdfjsc.AFU malicious files.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5184\" title=\"Select Smart Scan and start a scan with EEK\" alt=\"Emsisoft Emergency Kit smart scan\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-start-scan.jpg\" width=\"520\" height=\"374\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-start-scan.jpg 520w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-start-scan-300x215.jpg 300w\" sizes=\"(max-width: 520px) 100vw, 520px\" \/><\/li>\n<li>When the scan will be completed,you will be presented with a screen reporting which malicious files has Emsisoft detected on your computer, and you&#8217;ll need to click on\u00a0<strong>Quarantine selected objects<\/strong> to remove them.<br \/>\n<img decoding=\"async\" class=\"alignnone size-full wp-image-5181\" title=\"Quarantine the malicious files\" alt=\"Emsisoft Emergency Kit removing malware\" src=\"\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-remove-malware.jpg\" width=\"520\" height=\"374\" srcset=\"https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-remove-malware.jpg 520w, https:\/\/malwaretips.com\/blogs\/wp-content\/uploads\/2012\/11\/emsisoft-emergency-kit-remove-malware-300x215.jpg 300w\" sizes=\"(max-width: 520px) 100vw, 520px\" \/><\/li>\n<\/ol>\n<hr \/>\n<p>Next,we will remove the tools that we&#8217;ve used in our malware removal process.<br \/>\n<strong>Kaspersky TDSSKiller and RogueKiller<\/strong> can be removed by deleting the utilities.<br \/>\nWe strongly recommend that you keep <strong>Malwarebytes Anti-Malware and HitmanPro<\/strong> installed on your machine and run regular scans with this tools.If you however,wish to remove them,you can go into the <strong>Add or Remove programs<\/strong> and uninstall this two on-demand scanners.<\/p>\n<p>If you are still experiencing problems while trying to remove Exploit:Win32\/Pdfjsc.AFU from your machine, please start a new thread in our <a href=\"http:\/\/malwaretips.com\/Forum-Malware-Removal-Assistance\">Malware Removal Assistance<\/a> forum.<\/p><div id=\"mwtad218592701\" class=\"gas_fallback-ad_309686-ad_309691-placement_360569\" style=\"margin-top: 30px;margin-bottom: 30px;\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-7750719144850257\" crossorigin=\"anonymous\"><\/script><ins class=\"adsbygoogle\" style=\"display:block;\" data-ad-client=\"ca-pub-7750719144850257\" \ndata-ad-slot=\"6935453015\" \ndata-ad-format=\"auto\" data-full-width-responsive=\"true\"><\/ins>\n<script> \n(adsbygoogle = window.adsbygoogle || []).push({}); \n<\/script>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Exploit:Win32\/Pdfjsc.AFU is a malicious PDF file that exploits a vulnerability in Adobe Acrobat and Adobe Reader. Your computer has been infected with Exploit:JS\/Cooexp.A, after you have visited a malicious or compromised webpage containing a \u00a0malicious &#8230; <\/p>\n<p class=\"read-more-container\"><a title=\"Remove Exploit:Win32\/Pdfjsc.AFU (Removal Instructions)\" class=\"read-more button\" href=\"https:\/\/malwaretips.com\/blogs\/remove-exploit-win32-pdfjsc-afu\/#more-6306\" aria-label=\"Read more about Remove Exploit:Win32\/Pdfjsc.AFU (Removal Instructions)\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2730],"tags":[],"class_list":["post-6306","post","type-post","status-publish","format-standard","hentry","category-pups","masonry-post","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/posts\/6306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/comments?post=6306"}],"version-history":[{"count":0,"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/posts\/6306\/revisions"}],"wp:attachment":[{"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/media?parent=6306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/categories?post=6306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/malwaretips.com\/blogs\/wp-json\/wp\/v2\/tags?post=6306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}