Hey, I found my computer is infected by a dangerous Trojan which is
named JS/Nemucod.L yesterday. It was reported by my AVG but it failed to delete
it. I feel tired as it can come back again and again on my PC after deletion.
Then, I try using another antivirus program, but still have no luck to remove
this threat. The infection still existed there. I have no idea how to actually
get rid of it from my computer. Anyone can help me totally eliminate such kind
of Trojan horse?
JS/Nemucod.L Description:
As its name reminding, JS/Nemucod.L is classed as Trojan horse. This
stubborn virus usually gets in a computer by being bundled with some free
software. It should be noted that many Trojan horses are imbedded into the
installation folders of free software, and usually they have a file name which
looks legitimate, such as JPG.EXE and TXT.EXE, so that they can mislead users
into running the malicious files. The virus’s name is associated with the
characteristics of the system to destroy the original file attributes with the
fake one. Users would think it is a common picture or txt file and click on it.
Especially when they have no idea about this virus infection. It may drops
harmful codes to your registry to corrupt your system severely. The hacker will
make use of various vulnerabilities he can find to implant the malicious Trojan
horse into the targeted computer successfully. Commonly, computer users like to
use anti-virus to do a system full scan. The function of antivirus program
depends on the embedded code of the Trojan, hence, cyber hacker usually add the
codes into the directories of the program to help the malware avoid the scanner.
Different from other computer infection, Trojan horse doesn’t focus on
destruction of system data; it plays the role of monitoring users’ operation on
the compromised computer and stealing important information such as users’ bank
account number, password information, identity data, and login account and so
on. In the old days, Trojan horses were just written and spread to play tricks
on users or pry into their privacy. These days, Trojan horses have been a tool
used to steal the victims’ personal information for the purpose of gaining
illegal profits. There would be no absolute limit between Internet and reality
since the sensitive information stored on computer will make a great difference
in real life. It can get through barrier between internal and external network
to filch files information.
The following instructions show you how to effectively deal with the
Trojan, but you are required to have enough computer expertise and skills. If
you are afraid of making mistakes during the removal, we suggest you use a
professional anti-malware tool instead.
How dangerous is JS/Nemucod.L?
1.It degrades your PC performance and speed considerably. 2. It can stop
some programs from working and cause system crash. 3. It brings other malicious
process to your computer by passing through your security tools. 4. It traces
browsing history and collects confidential information & valuable data.
Manual steps to remove the Trojan:
JS/Nemucod.L is a dangerous computer Trojan that usually enters the PC
in tricky ways without letting you know. It can cause a series of computer
problems and downloads more malware to the compromised system. Besides, it is
used by hacker to spy on your privacy and filch personal data. It is highly
suggested that users should remove it as soon as possible. Users can try the
manual removal solution to remove it.
Step one: Boot up your computer in safe mode.
1) Restart your affected
computer and hit F8 key multiple times before Windows Advanced Options Menu
starts.
2) Use the up and down arrow keys to navigate the "Safe Mode with
Networking" option when the Windows starts. And then hit Enter key to process.
Step two: Eliminate show hidden files and folders.
Open Control Panel from
Start menu and go to Folder Options.
Under View tab, check Show hidden files and folders and non-check Hide
protected operation system files (Recommended). Finally, click OK.
Search for and eliminate all the following files created by the Trojan from
your PC.
%AllUsersProfile%\[random]
%AppData%\Roaming\Microsoft\Windows\Templates\[random]
%AppData%\Local\[random].exe
Step three: Kill the process related to the Trojan in Windows Task
Manager.
Right-click on the taskbar (or press CTRL+SHIFT+ESC keys together)
to start Windows Task Manager.
Navigate to the Processes tab, search for its
running processes of the Trojan and then kill them by clicking on “End Process”
button.
Step four: Remove the registry entries of the Trojan.
Press Windows + R
keys and input regedit into the box and then click OK to open Registry Editor.
When Registry Editor opens, search for and remove all the registry entries of
the Trojan. You’d better make a backup of your registry in case of data loss.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM
CHARACTERS].exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
‘Random’
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Random
Step five: After all the steps are done, please reboot your computer normally
to apply all changes.
Conclusion
JS/Nemucod.L is potentially harmful to computer users. As it is
mentioned that though many Trojan horses always pretend to be harmless, they do
perform unwanted and malicious activities in the infected computers. Users may
experience Trojan infection symptoms such as slow PC reaction, unable to read
and write memory, mouse cursor freeze and stop, and Windows often shut down
expectedly. As soon completed its installation, it will start to carry out its
interference activities. The Trojan horse will change system settings and you
will be interrupted by lots of constant pop ups. The tricky Trojan hides behind
system rootkit, this is the reason why it is hard to be removed. Using a
powerful automatic removal tool will be the wise choice to get rid of the
vicious Trojan horse.