I seem to have a trojan JS:ScriptSH-inf [Trj]. AVG says it has already removed it but it keeps popping up. Should I smash my laptop and throw it to the trash can? This sounds a little self-mocking. Anyhow, this virus can really make people go crazy!

Details about JS:ScriptSH-inf [Trj]

JS:ScriptSH-inf [Trj], if you are not familiar with it, you’d better learn something about it. Let’s read those information from Microsoft Malware protection center: JS:ScriptSH-inf [Trj] is a component of Win32/Sirefef – a multi-component family of malware that moderates your Internet experience by modifying search results, and generates pay-per-click advertising revenue for its controllers. The family consists of multiple parts that perform different functions, such as downloading updates and additional components, hiding existing components, or performing the main payload. So when your computer gets such Trojan infection.

It may show different symptoms. Initially, your browser search results will be redirected to some unknown webpages which may be full of malicious advertisements and phishing websites. Just like the Microsoft reports, some part of it will download more other additional malware to your computer. So later, you may find more virus will pop up in your computer, as a result, your computer works more and more slowly as if it’s an old machine out of date. Along with Trojan:Win32/Sirefef.AK, Luhe.Sirefef.A, they are brethren in Win32/Sirefef family. Why has your anti-virus detected the virus but can’t get it away from your computer? JS:ScriptSH-inf [Trj] prevents the firewall from working properly by stopping the service “MpsSvc“, which is a part of the firewall. It also opens and listens on port 25700, possibly for commands from a remote attacker. So the infection will lead to your malware defender in paralytic position.

Can’t get rid of the virus? To have a better and safe solution, you can contact YooCare/YooSecurity for help here:

How Do I Know If My computer Has Been Infected by JS:ScriptSH-inf [Trj]?

When you get infected by JS:ScriptSH-inf [Trj], the first thing may catch your eye is some changes of your internet browser. If you scrutinize your browser, you may find that the toolbar may be added some litter you never see and use before. And your homepages or favorites are totally changed to some unknown websites. The further symptom is that when you browse some pages, the browser often pops up irritating webpages or advertisements. If you restart your PC, you may find that windows always starts something automatically you don’t want them start. Gradually, you can find more and more changes and feel that your PC works more and more slowly. Finally, your PC will be full of faults until the system crashes.

How to Safely Remove JS:ScriptSH-inf [Trj]?

Step 1: Press CTRL+ALT+DEL or CTRL+SHIFT+ESC. Open the Windows Task Manager.
If that didn’t work, try another way. Press the Start button and click on the Run option. This will start the Run tool. Type in taskmgr and press OK. This should start the Windows Task Manager

Step 2: In the Windows Task Manager click on the Processes tab. Find the process by name. random.exe. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button. This will kill the process.

Step 3: Delete malicious registry entries related to JS:ScriptSH-inf [Trj].

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\random
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\wow64YRIK821024 “(Default)”=”1?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“UninstallString” = “‘%AppData%\[RANDOM]\[RANDOM].exe” -u
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“ShortcutPath” = “‘C:\Documents and Settings\All Users\Application Data\wow64YRIK821024.exe” -u’”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “wow64YRIK821024” = “‘C:\Documents and Settings\All Users\Application Data\random.exe’

Step 4: Remove malicious files of JS:ScriptSH-inf [Trj]

C:\WINDOWS\assembly\JYG_64\Desktop.ini
C:\Windows\assembly\JYG_32\Desktop.ini
C:\WINDOWS\system32\ping.exe

Video of Key Steps on How to Modify or Change Windows Registry:

Obviously, this virus should be removed as soon as possible. If you leave it alone, it will not only stay in your computer, but also can put your IP in very dangerous condition. However, if you can remove it in time, it can’t do any harm to your computer and won’t ask for money any more. Also please don’t pay money to this scam, even if you pay to the hackers, they won’t unlock your computer. Never believe those so called free software! Don’t download to install those stuffs in your computer. They can not only remove the JS:ScriptSH-inf [Trj] for you, but also bring you much more other virus such as ransomware, scam virus even fake things. You may not be aware that those so called free software can be another cheater, which will make you gain just more loss. Please don’t take a chance to have a try. It’s nonsense. There is no free lunch! If you really can’t remove JS:ScriptSH-inf [Trj] yourself, please find an expert for assistance. This is the best choice.

Note: there may be some differences according to different computers. If you really don’t know what to do, Consult with YooCare/YooSecurity Experts to permanently fix the pain.

Published by Leo R. Oscar & last updated on May 31, 2013 7:40 am

Comments are closed.