What is close.js? Should you get rid of it?

by Lucia Danes - -

Key information about close.js file

Close.js serves as one of the execution element in the Spora ransomware campaign. Though the latter file-encrypting threat emerged on January 10th, it had already evolved into Spora 2.0 ransomware. Due to an exquisite execution, the malware has already earned the title of “the most sophisticated ransomware.” It attracted attention by offering an elaborate payment site. Recent discoveries reveal that the villains try to spread the malware as a Chrome Font plug-in. Thus, it is necessary to understand how this virus spreads in order to cease it on time. Speaking of the prevention, Google has declared to block .js files as email attachments, the prevalent instrument of ransomware threats, on February. Unfortunately, the cyber villains quickly found a workaround. 

In order to avoid prevention measures set by IT experts, the crooks of Spora have enwrapped the file into several layers. They try to deceive users by naming the attached files as invoices or important reports sent by official institutions. Close.js is disguised as a .hta attachment which is placed in a double zipped .zip folder. Once a victim extracts it, itplaces the malevolent file in %TEMP%\close.js folder. In fact, the latter file encompasses two types of files – .docx and .exe. Such peculiarity launches the counterfeited Word document with the message “Word can’t open this document. This document is either corrupt or protected under Rights Management.” Such message is displayed only to misguide users and win time so that they would not interfere with the execution of the malware. Behind this veneer, Spora malware silently starts running its processes. Furthermore, close.js file works in cooperation with .lnk files which activate the worm-like features of the malware. They imitate the existing legitimate system files and folders. They are rooted in the removable drivers and system drive. In short, whenever you surf through the system, you might only speed up Spora infection processes.

When does this file get into a PC?

Mainly, close.js and the main payload of Spora is delivered in a spam email attachment. Thus, it is of utmost importance to stay vigilant and not to rush open any emails even if they claim to be sent by the very FBI. The most recent version, Spora 2.0, includes an updated distribution campaign. The crooks decided to target Chrome users. If they visit an infected domain which contains exploit kit, they will be redirected to the web page full of unreadable text. The notification “TheHoeflerText wasn’t found” urges netizens to enable Chrome Font pack. Instead of the solution, users would enable Spora hijack. Thus, it is crucial not only to arm up with proper security application but to retain common sense and think twice before enabling any plug-ins or installing new applications.

Eliminating the malicious file and the virus

Even if you delete close.js file, it will hardly affect Spora malware. You need to remove all elements of the malware. For that purpose, ReimageIntego or Malwarebytes might be a proper solution. Update the software for it to perform its mission properly. Keep in mind that Spora removal would not decrypt the files. Currently, there is no official decryption software for this malware, but there are alternative methods to retrieve the data. Do not panic if you cannot remove the threat easily. You might need to launch your device in Safe Mode to fully remove Spora virus. You will find detailed instructions in the elimination instructions.

try it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Security Tools
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Security Tools
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
About the author
Lucia Danes
Lucia Danes - Virus researcher

If you found this free removal tutorial helpful, please consider making a donation to support us. Even the smallest amount will be appreciated and will help to keep this service alive.

Contact Lucia Danes
About the company Esolutions

Source: https://www.2-spyware.com/file-close-js.html
Uninstall guides in different languages

Your opinion about close.js