What is Power Cam TSS?
The Malwarebytes research team has determined that Power Cam TSS is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.
How do I know if my computer is affected by Power Cam TSS?
You will see this screen as soon as you reboot the system:
and this browser window after running the installer:
How did Power Cam TSS get on my computer?
Tech Support Scammers use different methods for distributing themselves. This particular one was installed by a bundler.
How do I remove Power Cam TSS?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection this will require a few extra steps.
- When confronted with the lockscreen shown above, click on the "CMD" button.
- Maximize the Command Prompt that will open and type taskmgr.
- Then use the Enter key to execute the command. That will open the "Task Manager".
- In Taskmanager select the process called "fatalerror.exe".
- Click on "End Process" to stop the screenlocker.
- Then type the command explorer in the Command Prompt and hit "Enter" to execute.[/b]
- In the explorer window navigate to the folder "C:\Program Files (x86)\Power Cam" and delete the file fatalerror(.exe) inside that folder.
- go back to the command prompt and use the command shutdown /r to reboot the computer.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to:
Launch Malwarebytes Anti-Malware - Then click Finish.
- Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
- If an update is available, it will be implemented before the rest of the scanning procedure.
- When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
- Restart your computer when prompted to do so.
- Is there anything else I need to do to get rid of Power Cam TSS?
- No, Malwarebytes' Anti-Malware removes Power Cam TSS completely.
We hope our application and this guide have helped you eradicate this hijacker.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.
Technical details for experts
You may see these entries in FRST logs:
HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\Power Cam\fatalerror.exe [110592 ] () <=== ATTENTION HKCU\...\Winlogon: [Shell] C:\Program Files (x86)\Power Cam\fatalerror.exe [110592 2016-07-26] () <==== ATTENTION C:\Program Files (x86)\Power Cam
Alterations made by the installer:
File system details [View: All details] (Selection) --------------------------------------------------- Adds the folder C:\Program Files (x86)\Power Cam Adds the file fatalerror.exe"="7/26/2016 6:26 AM, 110592 bytes, A Adds the file sr60.bat"="7/26/2016 6:25 AM, 59 bytes, A Registry details [View: All details] (Selection) ------------------------------------------------ [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell" = REG_SZ, "C:\Program Files (x86)\Power Cam\fatalerror.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Power Cam\Power Cam] "Path"="REG_SZ", "" [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="REG_SZ", "C:\Program Files (x86)\Power Cam\fatalerror.exe"
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 11/22/2016 Scan Time: 1:33 PM Logfile: mbamPowerCam.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.11.22.08 Rootkit Database: v2016.11.20.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {username} Scan Type: Threat Scan Result: Completed Objects Scanned: 301827 Time Elapsed: 9 min, 40 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 Rogue.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\Program Files (x86)\Power Cam\fatalerror.exe, Quarantined, [c58b863d99012e089fecff55956ebc44] Registry Data: 1 Hijack.Shell, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\Program Files (x86)\Power Cam\fatalerror.exe, Good: (explorer.exe), Bad: (C:\Program Files (x86)\Power Cam\fatalerror.exe),Replaced,[d080dbe8dfbbf343e981fe565ba89e62] Folders: 1 Ransom.TechSupportScam, C:\Program Files (x86)\Power Cam, Quarantined, [d47cbe0556442a0c7ea46f344eb501ff], Files: 3 Ransom.TechSupportScam, C:\Users\{username}\Desktop\PowerCam.exe, Quarantined, [064adfe4405a42f46fb2733029da49b7], Ransom.TechSupportScam, C:\Program Files (x86)\Power Cam\fatalerror.exe, Quarantined, [054b6063366483b32bf5e7bc4eb5b34d], Ransom.TechSupportScam, C:\Program Files (x86)\Power Cam\sr60.bat, Quarantined, [d47cbe0556442a0c7ea46f344eb501ff], Physical Sectors: 0 (No malicious items detected) (end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention