Overclock.net › Forums › Software, Programming and Coding › Networking & Security › joc.exe Virus/Something
New Posts  All Forums:Forum Nav:

joc.exe Virus/Something

post #1 of 8
Thread Starter 
So my little brother isn't an experienced internet user yet, and doesn't quite know what websites look 'off' and to avoid them. Now, he has a virus, and, being that I'm the most computer-literate person in the family, I've been asked to fix it.

The problem: I have no idea how to get rid of this one.

It's something, and shows up under the task manager processes tab as 'joc.exe' with the description in Russian. This exe blocks any program that whoever created it feels would assist in removing it. This includes: A few anti-viruses I've tried as well as Malwarebytes. MSE and MWB were my go-to's for removing infections, and neither work as this program won't let me run them. And yes, I'm booted into safe mode, and the joc.exe program still runs. It won't let you onto the internet, as Firefox says the system is infected and won't open web pages.

I Googled it (so you douches that think you're clever with the 'lmgtfy' links need not apply here) and only found two things that refer to the virus - one says to use the command prompt to kill the task and then delete the file. This one doesn't work as the file doesn't exist where it says to look, and a Windows search doesn't bring up anything. The second link says to download a program called SpywareCease to delete it. I'm not downloading anything else until I get some advice from someone else.

So, how do I get rid of this crap?
post #2 of 8
Lately, not being able to run files is often the result of a patched MBR. Try running this tool: http://support.kaspersky.com/downloa...tdsskiller.exe

If that doesn't work, try RKill available here: http://www.bleepingcomputer.com/down...ti-virus/rkill

Please post the TDSS killer log. If it won't run, try rkill, then tdss killer, then malware bytes.
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
Workstation
(19 items)
 
  
CPUMotherboardGraphicsGraphics
Intel i7 920 c0 @ 3.50 Asus Sabertooth X58 Nvidia gtx 570 Nvidia gtx 210 
RAMHard DriveOptical DriveOptical Drive
12 GB (Patriot 4GB DDR3 1600 Mhz + G.Skill Ripj... OCZ Vertex II 60GB + x2 WD 1TB + WD 500 GB Lite-On DVD Burner LG Blu Ray Burner 
OSMonitorMonitorMonitor
Windows 8 Professional x64, Arch Linux x64 Samsung 22 inch 1920x1080 60Hz Asus 23 inch 1920x1080 IPS Acer 19 inch 1600x900 
KeyboardPowerCaseMouse
Logitech g11 Corsair 750 Watt NZXT Tempest Razer deathadder 3500 dpi 
Mouse PadAudioAudio
OCZ Audigy SE Sony MDR-V6 
  hide details  
Reply
post #3 of 8
The easiest way IMO is to use an Ubuntu CD to back up important files to an external Hard drive then re-install windows..
iSeven
(16 items)
 
Big Red
(11 items)
 
Ultimate rig 2013
(13 items)
 
CPUMotherboardGraphicsRAM
i7 3770k Gigabyte z77X-UD5H R9 290x HyperX Red 12 GB 
Hard DriveHard DriveCoolingOS
WD Caviar Blue 500GB SanDisk UltraPlus 240GB Corsair H100i Windows 8.1 
MonitorMonitorKeyboardPower
VG248QE VE248H x2 Ducky Shine Corsair 750w 
CaseMouseMouse PadAudio
NZXT H230 White Razer Ouroborous SteelSeries QcK+ Xonar DG 
CPUMotherboardGraphicsRAM
FX-8320 ASRock 970 extreme 4 XFX Radeon HD 6850 XMS3 
Hard DriveOSMonitorKeyboard
Western Digital Blue Windows 7 x64 Acer 21 inch x3 G510 
PowerCaseMouse
Cooler master 750w None ATM G9x 
CPUMotherboardGraphicsRAM
AMD FX 8350 ASRock 990FX Extreme 9 Asus Radeon HD 7970 32 GB Kingston 
Hard DriveOptical DriveCoolingOS
Force GT 240 none Hyper 212 Windows 7 
MonitorKeyboardPowerCase
Dell 27 inch Razer blackwidow Silverstone Strider Switch 810 
Mouse
Razer Naga Epic 
  hide details  
Reply
iSeven
(16 items)
 
Big Red
(11 items)
 
Ultimate rig 2013
(13 items)
 
CPUMotherboardGraphicsRAM
i7 3770k Gigabyte z77X-UD5H R9 290x HyperX Red 12 GB 
Hard DriveHard DriveCoolingOS
WD Caviar Blue 500GB SanDisk UltraPlus 240GB Corsair H100i Windows 8.1 
MonitorMonitorKeyboardPower
VG248QE VE248H x2 Ducky Shine Corsair 750w 
CaseMouseMouse PadAudio
NZXT H230 White Razer Ouroborous SteelSeries QcK+ Xonar DG 
CPUMotherboardGraphicsRAM
FX-8320 ASRock 970 extreme 4 XFX Radeon HD 6850 XMS3 
Hard DriveOSMonitorKeyboard
Western Digital Blue Windows 7 x64 Acer 21 inch x3 G510 
PowerCaseMouse
Cooler master 750w None ATM G9x 
CPUMotherboardGraphicsRAM
AMD FX 8350 ASRock 990FX Extreme 9 Asus Radeon HD 7970 32 GB Kingston 
Hard DriveOptical DriveCoolingOS
Force GT 240 none Hyper 212 Windows 7 
MonitorKeyboardPowerCase
Dell 27 inch Razer blackwidow Silverstone Strider Switch 810 
Mouse
Razer Naga Epic 
  hide details  
Reply
post #4 of 8
Boot this MS tool from a USB stick and let it scan your boot drive offline. Be sure to get the right 32bit/64bit version for your OS.

http://connect.microsoft.com/systemsweeper

Killing the specific malware that you know you have is good, but if you have a rootkit who knows what else they've put on your system in the meantime. Ideally you want to format and install OS fresh.
Nehalem
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 @ 4.3GHz Evga X58 3SLI 2X SLI Evga GTX 275 FTWs 756/1620/1296 6GB Mushkin Blackline 1600MHz 78720591T 
Hard DriveMonitorPower
OCZ Vertex2 60GB Sony FW900 Corsair 850TX 
  hide details  
Reply
Nehalem
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 @ 4.3GHz Evga X58 3SLI 2X SLI Evga GTX 275 FTWs 756/1620/1296 6GB Mushkin Blackline 1600MHz 78720591T 
Hard DriveMonitorPower
OCZ Vertex2 60GB Sony FW900 Corsair 850TX 
  hide details  
Reply
post #5 of 8
Quote:
Originally Posted by djk11 View Post
Boot this MS tool from a USB stick and let it scan your boot drive offline. Be sure to get the right 32bit/64bit version for your OS.

http://connect.microsoft.com/systemsweeper

Killing the specific malware that you know you have is good, but if you have a rootkit who knows what else they've put on your system in the meantime. Ideally you want to format and install OS fresh.
Quote:
Originally Posted by lapengu View Post
The easiest way IMO is to use an Ubuntu CD to back up important files to an external Hard drive then re-install windows..
These types of responses are rather annoying. It's not the most effective way it's just the lazy route. Unless you install all your updates offline, you're open and much more vulnerable, most of you will continue to use your machine as normal until you get AV and updates installed.

TDSSKiller first to see if it finds anything. Probably wont since it is very specific on what it is looking for.

Use Process Explorer to see if there's any DLL's being attached before LSASS loads. Use GMER to find anything that may be hidden, then delete any bad DLL's before LSASS loads by using GMER. Then finally you can us Autoruns to disable any bad instances or clean up what was left behind.
Lawl Mark II
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 @ 5ghz (air) Z77 Extreme6 SLI GTX 660 Ti SC 3GB (1228/1734) Patriot Viper 3 16GB 2133mhz 
Hard DriveCoolingOSKeyboard
OCZ Vertex 3 128GB XIGMATEK Dark Knight II Windows 7 Ultimate Razer Blackwidow Ultimate 
PowerMouseMouse PadAudio
CM Silent Pro 1000W Cyborg RAT 7 Razer Goliathus Xonar DG 
  hide details  
Reply
Lawl Mark II
(12 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 @ 5ghz (air) Z77 Extreme6 SLI GTX 660 Ti SC 3GB (1228/1734) Patriot Viper 3 16GB 2133mhz 
Hard DriveCoolingOSKeyboard
OCZ Vertex 3 128GB XIGMATEK Dark Knight II Windows 7 Ultimate Razer Blackwidow Ultimate 
PowerMouseMouse PadAudio
CM Silent Pro 1000W Cyborg RAT 7 Razer Goliathus Xonar DG 
  hide details  
Reply
post #6 of 8
click on my sig follow that guide
post #7 of 8
Thread Starter 
It worked, Rkill helped a ton. Then I scanned with SuperAntiSpyware, and Malwarebytes, and then MSE (reinstalled MBAM and MSE). Clean for now!
post #8 of 8
glad you sorted it out. just remember to uninstall older java versions and update it as well as adobe. Thats where they get thru
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › joc.exe Virus/Something