W32/Fujacks ... ... also known as SPOCLSV.EXE -- PLEASE HELP ME REMOVE IT!!

[Guest]

[jambokimani]

I've just picked up SPOCLSV.EXE, which I understand is a worm. It was in a friend's thumb disk. I scanned using COMODO Antivirus on the thumb disk before using it. What exactly happened? And how can I get rid of it? It's messing up my security system  

PLEASE HELP!!!

[panic]

Fujacks.e manual removal:

Follow these steps - in this order.

Kill the following processes using Task Manager
gamesetup.exe, setup.exe, spoclsv.exe
(N.B. Not all of these may be active, depending on the variant)

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\svcshare

REBOOT IN SAFE MODE

Delete files:
gamesetup.exe, setup.exe, spoclsv.exe, desktop_.ini

FILE LOCATIONS :
desktop_.ini - most local folders
spoclsv.exe - C:\WINDOWS\System32\drivers or C:\WINNT\System32\drivers
gamesetup.exe, setup.exe - the root of local and mapped network drives

REBOOT IN NORMAL MODE.

Manually check for the re-appearance of any of the abovenamed files.

Hope this helps,
Ewen :-)

[panic]

[at] wilferd

In response to your PM for greater detail;

REBOOT IN SAFE MODE
Assuming you are starting from scratch and your PC is turned off;

1. Turn PC on
2. When you have the usual startup display on screen (memory count or manufacturers "splash" screen), start ing tapping the F8 key at a rate of about once per second.
3. Eventually you will see the text based Windows startup menu
4. Select SAFE MODE
5. SAFE MODE will start Windows with the bare minimum it needs to operate, but no network and no internet

DELETE REGISTRY VALUES

Before I start on this, please be aware of the following - the reigstry is a CRITICAL database of Windows settings and application settings. If you stuff up the registry, you have effectively stuffed up Windows.

Follow the steps below ONLY IF YOU ARE AWARE OF THE RISKS AND ARE PREPARED TO TAKE RESPONSIBILITY FOR ANY AND ALL CONSEQUENCES.

1. Click START - RUN
2. In the RUN dialogue box, type REGEDIT and press ENTER. This will start the Registry Editor
3. Once the Registry Editor has started,press and hold teh CTRL key. While holding this key, press the "f" key. This will open the FIND dialogue box.
4. In the FIND box, type SVCSHARE and press ENTER
5. The registry key holding the value SVCSHARE will be highlighted
6. Delete only the highlighted key

I repeat, ONLY EDIT YOUR REGISTRY IF YOU ARE BOTH COMFORTABLE AND CONFIDENT IN DOING SO. IF YOU ARE NOT CONFIDENT AND COMFORTABLE - STOP.

Hopefully these additional details will help.

Cheers,
Ewen :-)

[3xist]

Topic Locked.

Reason: Out-Dated post.

Josh

[Tags:]