[SOLVED] Removing Spora ransomware?


I stupidely ran the fake “Chrome Font Pack” mentioned in this article:

But actually, my files seem OK. The only issue is the “All your work and personal files were encrypted” page that pops up when I open Chrome. Maybe CIS stopped Spora before it did anything serious.

I’m currently running CIS and its virus DB is up-to-date.

Does Comodo provide a way to remove all traces of Spora, or should I go ahead and install other solutions such as those from Kaspersky?

Thank you.

Edit: Installed and ran Kaspersky Virus Removal Tool… which found nothing.

Still, when I stop/restart Google Chrome, it displays this page :-/


[Comodo Cleaning Essentials]

Thanks for the link.

After performing a full scan over four hours, Comodo Cleaning Essentials only found six threats, five of which I knew about (OpenCandy adware in some installers), but it did point out one new threat:

“Abnormal System Settings
Modified Hosts”

Actually, the hosts file was edited by Yours Truly, but CCE couldn’t know that, and proceeded by making a backup copy and commenting out every line in the hosts file.

Next, I told CCE to reboot to complete the scan.

After rebooting, CCE started again, and displayed the malware it detected, which I removed by clicking on the Tools menu and hitting Delete.

For some reason, CCE isn’t listed in Control Panel > Programs, so can’t uninstall it. I hope it won’t interfer with CIS which I already had.

Launching Google Chrome no longer displays the Spora page, although it might be because I deleted some files in Windows’ Temp directory.

Either I got lucky, CIS did its job to stop Spora before it went to work, or maybe Google Chrome has some protection against malware.

Cleaning Essentials is great removal tool :-TU Maybe you should consider another malware scanner to be sure yourself.
[Zemana AntiMalware]