This virus is coded in JavaScript and mostly this infects the computers that have Adobe Acrobat and Adobe Reader versions earlier than 9.3.1. Once it is installed on any computer, it crashes the Acrobat applications, and it also changes the security settings of the infected computer due to which the computer becomes venerable for other malware programs. Once it infects your machine, it completely blocks your computer, and you are asked to purchase the licensed version of the Exploit:Win32/Pdfjsc.AHT to unlock your PC, but actually this is a trap to take your money away. Once you detect this malicious application on your computer, you have to remove it either by using an automatic removal tool, or through the manual removal method.


Manual Removal of Exploit:Win32/Pdfjsc.AHT

After detecting the Exploit:Win32/Pdfjsc.AHT in your system, you have to remove this threat at your earliest. There are some automatic tools available that helps you to get rid of this parasite, but if you want to do it manually, you have to perform the following steps:-


Deactivate System Restore

There is a useful function in the windows operating system which is called “System Restore” this is used to recover the deleted files, but when you want to remove Exploit:Win32/Pdfjsc.AHT, this function stops you from doing this. You have to deactivate the System Restore temporarily by right clicking the My Computer icon on the desktop and select properties.


Restart the Computer in Safe Mode

After deactivating the system restore, you have to reboot your machine, and while the computer is restating you have to press F8 key. This will bring you a boot menu option where you have to select the Safe Mode option and hit Enter button to start your computer in safe mode.


Delete Files and Folders

Once your computer restarts in safe mode, you have to find and delete the following files in order to remove this malicious application completely from your computer. Make sure that you also delete all the files from your temporary files folder.

  • %AppData%\random
  • C:\WINDOWS\system32\svchost.exe
  • C:\WINDOWS\system32\spoolsv.exe
  • C:\Windows\system32\DllHost.exe
  • C:\Program Files\Java\jre6\bin\jqs.exe
  • C:\WINDOWS\system32\services.exe_Trojan horse Exploit:Win32/Pdfjsc.RM
  • C:\Windows\system32\DRIVERS\epfwwfp.sys

Delete Associated Registry Entries

After getting rid of the malicious files and folders, you need to clean the windows registry also in order to complete the manual removal process. In this regard, you need to click on the start button, select run option, and type regedit in the box to start the registry editor. Once the registry editor started, you can navigate to the following associated registry entries and delete them one by one.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
  • HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List
  • “%windir%\Network Diagnostic\xpnetdiag.exe”=

After deleting the above mentioned registry entries, you have to close the registry editor and restart the computer in the normal mode. Do not forget to activate the system restore function again.


How to Remove Exploit:Win32/Pdfjsc.AHT?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>