Trojan:js/medfos.b Appears Every Five Minutes, How to Remove

Trojan:js/medfos.b Problems

Problem 1:
When searching the Internet, random pop up concerning a random tool bar or the like pay-per-click advertising websites appears; clicking the “X” will close out the popup but not stop the detection of Trojan:js/medfos.b.

Problem 2:
Going over to MBAM (Microsoft BitLocker Administration and Monitoring) and remove some detections will not stop Trojan:js/medfos.b, the quarantine won’t either.

Problem 3:
An extension called “ChromeUpdateManager 1.0” will be installed onto the installed browsers (IE, Firefox, Chrome, Opera) without permission to redirect search queries.

What makes PC users concerned is that alert about Trojan:js/medfos.b will pop up every five minutes no matter what has been taken against it. With that, the overall PC performance is degraded a lot to result in freezes sometimes and unstable CPU usage. The problems caused by Trojan:js/medfos.B should not be the very reason for PC users to remove it in a hurry, it is should be the dangers the Trojan horse brings.

 

Trojan:js/medfos.b Harms Computers

As its name suggests, Trojan:js/medfos.b is categorized as Trojan horse specialized in exploiting the vulnerability within JavaScript, which is commonly used as part of web browsers and in adopting uniform resource identifier (URI)  methods to perform its search-redirection payload. Therefore, web mass is the most noticeable symptom of its infiltration.

One should be informed that the technique helping remember accounts and corresponding passwords is JavaScript; once it is captured by Trojan:js/medfos.b, the related information will be collected to be transferred to cyber criminals. Don’t you doubt the capability of it. Trojan:js/medfos.b is a Trojan horse, it is endowed with the ability to take advantage of the seldom used ports to form a backdoor which would allow unsolicited access from unknown third-party.

Besides, Trojan:js/medfos.b numerates and modifies the drivers concerning some pivotal parts such as security service. Consequently, some background processes will be affected and the Trojan horse will be then enabled to call system service to fulfill its motive of stealing confidential information without being removed automatically.

In sum, Trojan:js/medfos.b modifies critical items to lead to a loose structure; also it opens up backdoor which can be either easily captured by other infections or used to make money by introducing in additional vicious items. As a consequence, much internal resources will be occupied.

Note: with randomly modified settings, affected running processes and few available CPU, a compromised system will not be able to ward off infections embedded on the Internet. Therefore it is recommended to remove Trojan:js/medfos.b as soon as possible before it is too late. As what has been explained in the preceding paragraphs that the Trojan horse involves too many parts of a target machine, there’s no simple method to take it down. Below is the instruction to show how. Should you run into difficulty when carrying out the steps due to deficient computer skills and virus knowledge, you are welcome to start a live chat window here to contact VilmaTech Online Support and get specialized technical help.

 

Expert Shows How to Remove Trojan:JS/Medfos.B

Step1. remove restore file to prevent Trojan:js/medfos.b from restoring the removed items.

1. Press down Win key and R key together.
   
2. When a Run box prompts up, please put in “cmd” and hit Enter key.
3. You will then see a little black box with flashing line/slash.
4. Please then type “-h -r C:\_RESTORE” and hit Enter key.
5. When another flashing line occurs, please type “DELETE _RESTORE” and hit Enter key.

 
 
Step2. Disable System restore function in case Trojan:js/medfos.b affects restore points and sticks to the affected machine.

1. Right click on My Computer”/”Computer” to select Property in the drop-down list.
2. Hit on System Restore tab to tick “Turn off System Restore” option.
   
3. Finally press on OK button to confirm the change.

 
 
Step3. End the processes related to or generated by Trojan:js/medfos.B.

1. Press down and hold Ctrl+Alt+Delete (Ctrl+Shift+Esc for Windows8 users) key combination to enable Task Manager.
2. Hit on View tab to choose “Select Columns” and tick “Image Path Name” as well as PID.
3. When you see full path name of programs please leave it there and go to Start Menu (Start screen for Windows8 users) for All Programs (All Apps Windows8 users).
   
4. Click on Accessories and select System Tools.
5. Please then select System Information to expand “Software Environment” there.
6. Hit on Running Tasks to view the path for each service and program in the right pane.
7. Combine the processes listed in the Task Manager and the services in the “Running Tasks” to remove the ones directing to the path that doesn’t belong to system or where Trojan:js/medfos.B is reported to settle.
   

 
 
Step4. Remove temp files created by Trojan:js/medfos.B.

1. Bring up Run box again to put in “%Temp%” and hit Enter key.
2. You’ll be listed with all temp files.
3. Remove the ones that are not loaded by system.
4. When done, return to the previous menu to click open “Temporary Internet Files”.
5. Locate the folder “Content.[the browser you are using]+[the version you are using] ”, for example, content.ie5.
6. Remove all the files there (except index.dat).

 
 
Step5. Remove the extensions created on the day when Trojan:js/medfos.B was firstly detected.

Internet Explorer

1. Click on Tools menu and select “Manage add-ons”.
2. Please navigate to ‘Toolbars and Extensions’ and ‘Search Providers’ respectively to remove the extensions installed when Trojan:js/medfos.B firstly appeared.
   

 
Mozilla Firefox

1. Click on Tools menu to select “Options”.
2. Please then navigate to  ‘Extension’ as well as ‘Plugins’ panel respectively to remove the extensions installed when Trojan:js/medfos.B firstly appeared.
   

 
Google Chrome

1. Hit on the spanner icon to select “Tools”.
2. Please browse to ‘Extensions’  to remove the extensions installed when Trojan:js/medfos.B firstly appeared.
   

 
Opera

1. Click on Opera menu to choose “Extensions”.
2. Select “Manage Extensions” then and remove the extensions installed when Trojan:js/medfos.B firstly appeared.
   

 
 

Trojan:JS/Medfos.B Conclusion

Trojan:JS/Medfos.B is a malicious JavaScript file that redirects search queries. Vulnerability within JavaScript is what the Trojan horse targets. Usually, an extension called “ChromeUpdateManager 1.0” will be seen to install on installed browsers and browser mass will occur when Trojan:JS/Medfos.B affects a machine. The file “manager.js” contained in its package contains is the very item detected as Trojan:JS/Medfos.B.
 

Trojan:JS/Medfos.B Consequence

1. Additional virus, Trojan horse especially can be anticipated.
2. CPU will be considerably consumed to cause BSoD or freezes.
3. Browser redirecting and hijacking problem will not stop.
4. Random popup ads would ruin the whole surfing experience.
5. Installed anti-virus programs as well as security services will be disabled.
6. Unknown and strange processes emerge to run in the background.

 

Trojan:JS/Medfos.B Removal Tips

With the backdoor program, Trojan:js/medfos.b’s infiltration would result in additional infections, which would complex and worsen the situation. In such case, one should remove all the additional items so as to prevent its re-image. In the event that failure occurs and you can’t figure out the reason, please do not hesitate to start a live chat window and contact VilmaTech Online Support for quick fix according to your concrete situation.

 

Defrag after Removing Trojan:js/medfos.b

As there are some data files scattered around in the affected  computer, it is recommended to execute a defrag after the removal of Trojan:js/medfos.b to enhance PC performance and exterminate the error messages. Here’s the video to show how.

Published & last updated on May 5, 2014 by Erik V. Miller