How can I remove a Trojan-downloader:Js/Cerber.10090bbd35!Online ?

Please help me. 

I was trying to make a backup and that failed three times. F-secure safe told me in the log that the computer (or the backup drive) was infected by above file.

what can I do to remove it. 

Thanks!

Comments

  • UkkoUkko Posts: 3,198 Superuser

    Hello,

     

    Usually with such situations (if required additional research and help) can be useful to contact F-Secure support directly:

     

    https://www.f-secure.com/en/web/home_global/contact-support

     

    They most likely able to provide proper (with all meanings of privacy and safely points) investigation.

     

    But if this is not option (or not work) in your situation can be helpful next things:

     

    --> Trojan-downloader:Js/Cerber.10090bbd35!Online

     

    Detection by "!Online" can be about false-positive situation or when there something fresh and unknown by signatures yet.

     

    With such situations there quite good to known which file  trigger detection (it should be visible under your Notification list - filename/destination and mainly 'action' - which F-Secure performed);

     

    And when it happened (if certain software launched or not) or does it repeated too much often;

     

    ---> In such situations - if file known for you and there maybe false positive detection.

    You able to transfer file to F-Secure SAS (for re-rate):

    https://www.f-secure.com/en/web/labs_global/submit-a-sample#sample-file

     

    If not - you able to run Full Scan (from F-Secure Main UI -> Tools -> Scanning options-FullScan) and see if there will be some results.

     

    All other meanings and steps should be based on additional information about file (which trigger detection); But you able to try research Google about ".js Crber"; How I can to understand - it can be spam/phishing try with attachment (.js file) - which planned to be as downloader for other malicious software.

     

    Sorry for my reply. Will be good  - if there will be more proper response from other users or from F-Secure Teams directly.


    Thanks!

This discussion has been closed.