What is close.js? Should you get rid of it?

by Lucia Danes - -

Key information about close.js file

Close.js serves as one of the execution element in the Spora ransomware campaign. Though the latter file-encrypting threat emerged on January 10th, it had already evolved into Spora 2.0 ransomware. Due to an exquisite execution, the malware has already earned the title of “the most sophisticated ransomware.” It attracted attention by offering an elaborate payment site. Recent discoveries reveal that the villains try to spread the malware as a Chrome Font plug-in. Thus, it is necessary to understand how this virus spreads in order to cease it on time. Speaking of the prevention, Google has declared to block .js files as email attachments, the prevalent instrument of ransomware threats, on February. Unfortunately, the cyber villains quickly found a workaround. 

In order to avoid prevention measures set by IT experts, the crooks of Spora have enwrapped the file into several layers. They try to deceive users by naming the attached files as invoices or important reports sent by official institutions. Close.js is disguised as a .hta attachment which is placed in a double zipped .zip folder. Once a victim extracts it, itplaces the malevolent file in %TEMP%\close.js folder. In fact, the latter file encompasses two types of files – .docx and .exe. Such peculiarity launches the counterfeited Word document with the message “Word can’t open this document. This document is either corrupt or protected under Rights Management.” Such message is displayed only to misguide users and win time so that they would not interfere with the execution of the malware. Behind this veneer, Spora malware silently starts running its processes. Furthermore, close.js file works in cooperation with .lnk files which activate the worm-like features of the malware. They imitate the existing legitimate system files and folders. They are rooted in the removable drivers and system drive. In short, whenever you surf through the system, you might only speed up Spora infection processes.

When does this file get into a PC?

Mainly, close.js and the main payload of Spora is delivered in a spam email attachment. Thus, it is of utmost importance to stay vigilant and not to rush open any emails even if they claim to be sent by the very FBI. The most recent version, Spora 2.0, includes an updated distribution campaign. The crooks decided to target Chrome users. If they visit an infected domain which contains exploit kit, they will be redirected to the web page full of unreadable text. The notification “TheHoeflerText wasn’t found” urges netizens to enable Chrome Font pack. Instead of the solution, users would enable Spora hijack. Thus, it is crucial not only to arm up with proper security application but to retain common sense and think twice before enabling any plug-ins or installing new applications.

Eliminating the malicious file and the virus

Even if you delete close.js file, it will hardly affect Spora malware. You need to remove all elements of the malware. For that purpose, Reimage or Plumbytes Anti-MalwareNorton Internet Security might be a proper solution. Update the software for it to perform its mission properly. Keep in mind that Spora removal would not decrypt the files. Currently, there is no official decryption software for this malware, but there are alternative methods to retrieve the data. Do not panic if you cannot remove the threat easily. You might need to launch your device in Safe Mode to fully remove Spora virus. You will find detailed instructions in the elimination instructions.

File is considered to be:
file is potentially dangerous
Advice: If you notice that your computer is running slow, or if you are experiencing various interferences while browsing the Internet, such as pop-up ads or redirects to suspicious websites, you should scan your computer with a trustworthy anti-spyware software. Run a few FREE system scans - you might find some potentially unwanted programs that might be liable for these computer issues.
We might promote some affiliate products. An entire disclosure is provided in our Terms and Conditions. By Downloading any recommended Anti-spyware program, you accept our privacy policy and terms and conditions.
try it now!
Problem detection tool Happiness
Problem detection tool Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage, submit a question to our support team and provide as much details as possible.
Reimage is a highly recommended anti-spyware program to scan your computer system for threats and insecure software. The trial version of is capable of detecting and deleting malicious programs from your computer.
You can find more details about this program in Reimage review.
Press mentions on Reimage
Alternative Security Tools
Alternative Security Tools

About the author

Lucia Danes
Lucia Danes - Virus researcher

If you found this free removal tutorial helpful, please consider making a donation to support us. Even the smallest amount will be appreciated and will help to keep this service alive.

Contact Lucia Danes
About the company Esolutions

Source: https://www.2-spyware.com/file-close-js.html

Uninstall guides in different languages