How to remove JS_MORPHE.SMO virus/trojan

Drive-In

Commendable
Jul 27, 2016
12
0
1,510
Unable to find information on how to remove JS_MORPHE.SMO trojan. Running TrendMicro - "Virus Removed" dialog pops us every few minutes.
 
Solution
Here's a guide that should cover everything: https://malwaretips.com/blogs/remove-medfos-trojan/ (the one in this guide has a slightly different name, but it's the "JS" suffix that makes it part of a family of malware that attacks JavaScript files)

Personally, I'd start with Malware Bytes, and see how your system is after running that.
Here's a guide that should cover everything: https://malwaretips.com/blogs/remove-medfos-trojan/ (the one in this guide has a slightly different name, but it's the "JS" suffix that makes it part of a family of malware that attacks JavaScript files)

Personally, I'd start with Malware Bytes, and see how your system is after running that.
 
Solution
edit: I spoke too soon. I'm not getting Trend Micro warnings, but Firefox keeps crashing. Also seems to have slowed down and I still see a thin horizontal line of pixelation flickering across the screen. Hmm.

edit 2: Running Malwarebytes produced this. Trend Micro had listed similar locations for the JS_Morphe.smo trojan so I don't know if any of these are related to that issue or not.

Registry Keys: 3
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-1599646560-1788235378-3630758219-1000\SOFTWARE\PlaythruPlayer, , [aa1c8b9ec4d6280e448a109f3ec52ad6],
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-1599646560-1788235378-3630758219-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\playthruplayer.com, , [b610e8412e6c53e3e6d3677c12f16e92],
PUP.Optional.ProductSetup, HKU\S-1-5-21-1599646560-1788235378-3630758219-1000\SOFTWARE\PRODUCTSETUP, , [24a2fd2c158576c03fd7fab7d42f47b9],

Registry Values: 1
PUP.Optional.ProductSetup, HKU\S-1-5-21-1599646560-1788235378-3630758219-1000\SOFTWARE\PRODUCTSETUP|tb, 0X1F1T1V1G1G, , [24a2fd2c158576c03fd7fab7d42f47b9]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.Movix, C:\Users\IAE Holdings\AppData\Roaming\Mozilla\Firefox\Profiles\trpqumoy.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack, , [893dec3d8218a29403434673768c4fb1],
PUP.Optional.Movix, C:\Users\IAE Holdings\AppData\Roaming\Mozilla\Firefox\Profiles\trpqumoy.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage, , [893dec3d8218a29403434673768c4fb1],

Files: 1
PUP.Optional.Movix, C:\Users\IAE Holdings\AppData\Roaming\Mozilla\Firefox\Profiles\trpqumoy.default\jetpack\caa1-aDOiCAxFFMOVIX@jetpack\simple-storage\store.json, , [893dec3d8218a29403434673768c4fb1],

sorry if this is an unreadable format. let me know if there's a better way to do this. and thank you for your help. :)

woodson75, thank you for this. I dl TDSS and ran it, but it found nothing. Trend Micro stopped throwing up malware removal warnings and firefox stopped crashing. I still seem to have some artifacts appearing on js-enabled apps but less so. I'm not sure where things stand but for now my system seems to have settled down. I don't even know where I picked up the little nasty but I'll just keep an eye on things.

Again, thank you for the help. I'll select your answer as the solution but hopefully the problem's been resolved.