Jump to content

Recommended Posts

  • Staff
What is Power Cam TSS?

The Malwarebytes research team has determined that Power Cam TSS is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by Power Cam TSS?

You will see this screen as soon as you reboot the system:


and this browser window after running the installer:


How did Power Cam TSS get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was installed by a bundler.

How do I remove Power Cam TSS?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection this will require a few extra steps.
  • When confronted with the lockscreen shown above, click on the "CMD" button.
  • Maximize the Command Prompt that will open and type taskmgr.
  • Then use the Enter key to execute the command. That will open the "Task Manager".
  • In Taskmanager select the process called "fatalerror.exe".
  • Click on "End Process" to stop the screenlocker.
  • Then type the command explorer in the Command Prompt and hit "Enter" to execute.[/b]
  • In the explorer window navigate to the folder "C:\Program Files (x86)\Power Cam" and delete the file fatalerror(.exe) inside that folder.
  • go back to the command prompt and use the command shutdown /r to reboot the computer.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • Is there anything else I need to do to get rid of Power Cam TSS?
    • No, Malwarebytes' Anti-Malware removes Power Cam TSS completely.
    How would the full version of Malwarebytes Anti-Malware help protect me?

    We hope our application and this guide have helped you eradicate this hijacker.

    As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.


    Technical details for experts

    You may see these entries in FRST logs:
     HKLM-x32\...\Winlogon: [Shell] C:\Program Files (x86)\Power Cam\fatalerror.exe [110592 ] () <=== ATTENTION
     HKCU\...\Winlogon: [Shell] C:\Program Files (x86)\Power Cam\fatalerror.exe [110592 2016-07-26] () <==== ATTENTION
     C:\Program Files (x86)\Power Cam
    Alterations made by the installer:
    File system details [View: All details] (Selection)
        Adds the folder C:\Program Files (x86)\Power Cam
           Adds the file fatalerror.exe"="7/26/2016 6:26 AM, 110592 bytes, A
           Adds the file sr60.bat"="7/26/2016 6:25 AM, 59 bytes, A
    Registry details [View: All details] (Selection)
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
           "Shell" = REG_SZ, "C:\Program Files (x86)\Power Cam\fatalerror.exe"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Power Cam\Power Cam]
           "Path"="REG_SZ", ""
        [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
           "Shell"="REG_SZ", "C:\Program Files (x86)\Power Cam\fatalerror.exe"
    Malwarebytes Anti-Malware log:
    Malwarebytes Anti-Malware
    Scan Date: 11/22/2016
    Scan Time: 1:33 PM
    Logfile: mbamPowerCam.txt
    Administrator: Yes
    Malware Database: v2016.11.22.08
    Rootkit Database: v2016.11.20.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: {username}
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 301827
    Time Elapsed: 9 min, 40 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 1
    Rogue.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\Program Files (x86)\Power Cam\fatalerror.exe, Quarantined, [c58b863d99012e089fecff55956ebc44]
    Registry Data: 1
    Hijack.Shell, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, C:\Program Files (x86)\Power Cam\fatalerror.exe, Good: (explorer.exe), Bad: (C:\Program Files (x86)\Power Cam\fatalerror.exe),Replaced,[d080dbe8dfbbf343e981fe565ba89e62]
    Folders: 1
    Ransom.TechSupportScam, C:\Program Files (x86)\Power Cam, Quarantined, [d47cbe0556442a0c7ea46f344eb501ff], 
    Files: 3
    Ransom.TechSupportScam, C:\Users\{username}\Desktop\PowerCam.exe, Quarantined, [064adfe4405a42f46fb2733029da49b7], 
    Ransom.TechSupportScam, C:\Program Files (x86)\Power Cam\fatalerror.exe, Quarantined, [054b6063366483b32bf5e7bc4eb5b34d], 
    Ransom.TechSupportScam, C:\Program Files (x86)\Power Cam\sr60.bat, Quarantined, [d47cbe0556442a0c7ea46f344eb501ff], 
    Physical Sectors: 0
    (No malicious items detected)
    As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
    We use different ways of protecting your computer(s):
    • Dynamically Blocks Malware Sites & Servers
    • Malware Execution Prevention
    Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.