> VilmaTech Blog > [Removal] Exploit:JS/Neclu.M Disables Anti-virus Program and Steals Information

[Removal] Exploit:JS/Neclu.M Disables Anti-virus Program and Steals Information

Symptoms of Exploit:JS/Neclu.M Affection

Any infiltration would incur some weird scenarios on a target machine since only vicious modification can guarantee that a virus would not be removed by build-in security utilities and services and that a continuous theft. However, some of the scenarios can be covert without arousing victims’ attention. Below is the list of the symptoms of Exploit:JS/Neclu.M affection, which would help you detect Exploit:JS/Neclu.M and take actions against the Trojan horse before more troubles are incurred thereby under the circumstance that it disables anti-virus programs:

  • Some unknown background processes emerge to occupy some parts of the internal storage or more multiple running processes are working to consume CPU (this can only be detected by the ones who take daily attention to and know well about running processes).
  • Some ads would start popping up a lot and redirect people to sites with lengthy and redundant URLs (this could be Exploit:JS/Neclu.M questing for commands or uploading collected information).
  • Browser crash could happen when the computer deals with access to some spam sites without meeting surfing standards.
  • Computer performance becomes much more sluggish.
  • Error messages could happen when Exploit:JS/Neclu.M keeps infiltrating deep in a target system to give rise to malfunction/dysfunction.
  • More temp files and other unknown items are settling down on the computer in folders named after a string of unreasonably combined numbers or letters.

To get to know the way that the Trojan horse land on a system and the dangers to be held hostage by it, it is advisable to keep reading. Should you have any question or emergency that you can’t deal with, you are welcome to contact VilmaTech Online Support and get specialized technical help.

live chat


How Exploit:JS/Neclu.M Enters Computers?

As its name suggests, Exploit:JS/Neclu.M exploits the vulnerability existing within Java or Adobe Reader (the two indispensable components to offer a colorful vision of the Internet). Java is a network oriented programming language. It is now widely used to create applications that can be downloaded from the World Wide Web; while Adobe is utilized to display online images. All in all, the two components are all about the Internet and the Internet is the place where Exploit:JS/Neclu.M embeds awaiting any detected vulnerability.

Vulnerable Java and Adobe emerge when:

  • No update is made to Java and Adobe.
  • Download and install the so-called new version from bogus pop-up message from nowhere.
  • No update to operating system.
  • Redundant Java cache is accumulating in a target system.
  • No update to other installed programs/software.
  • Being attacked by other Trojan horse or types of virus.


How Dangerous Is Exploit:JS/Neclu.M?

As stated above that Exploit:JS/Neclu.M owns a way to affect computer easily and widely; yet people should also be clear that the Trojan is a strong one, it does more than arousing mass on a target machine. JS (JavaScript) technology, the one that has been long employed by programmers to help alleviate the log-in process by remembering account and password, has been found to be adopted by the Trojan horse. With such technology, Exploit:JS/Neclu.M is capable of track down online whereabouts and thus record log-in credentials. People who did online shopping should change password after a complete removal as what VilmaTech Online Support advises.

Being a Trojan horse, Exploit:JS/Neclu.M possesses backdoor program. Such program will take advantage of the seldom used ports to connect its remote C&C server, questing new commands for improvements to deter some conventional removal and allowing unsolicited access from its cyber criminal to collected information. With the backdoor program wide open, additional infections can be anticipated.

What’s worse, the JS technology Exploit:JS/Neclu.M applies enables the Trojan to call background processes and thus modifies and overwrites drivers concerning security utilities and services, leaving malfunctioning computer protectors. In such case, manual removal is highly recommended.

Below is the instruction that could help with Exploit:JS/Neclu.M removal. Follow the instruction strictly to guarantee that no further problems would be incurred. Should you run into some difficulties in the middle of the removal due to deficient computer skills and virus knowledge, you are welcome to get exclusive assistance according to your concrete situation by starting a live chat window here.

live chat


Remove Exploit:JS/Neclu.M Disables Anti-virus Program and Steals Information

A – Enter into Safe Mode where some of the vicious parts will be disabled to run full scan for possible detection; if any, note down the detected directory.

Windows 7/Vista/XP

  1. Restart your system from Start menu.
    restart the computer to remove Exploit:JS/Neclu.M
  2. When the computer is booting up but before the appearance of Windows logo, keep tapping “F8 key”.
  3. It should bring up “Windows Advanced Options Menu”.
    select safe mode to remove Exploit:JS/Neclu.M
  4. Use up and down arrow keys to highlight ‘Safe Mode’ and press Enter key.
  5. When in, run your anti-virus program.


  1. Restart your system by hitting on the power icon on your Start Screen.
    restart Windows8 to remove Exploit:JS/Neclu.M
  2. When the computer is booting up but before the appearance of Windows logo, please hold down Shift key and repeatedly hit the F8 key (Shift+F8).
  3. It should then bring up “Recovery Mode”.
  4. Hit “See advanced repair options” button there.
  5. Choose an option Screen will be enabled, please then select Troubleshoot option.
  6. Next click on Advanced Options to bring up Windows Startup Settings window.
  7. Hit Restart to continue.
  8. A while later, Safe Mode option screen will pop up.
  9. Then press ENTER or Press a number to choose Safe Mode.

B – End the processes directing to Exploit:JS/Neclu.M’s directory.

  1. Use Ctrl,+Alt+Delete key combination (Windows 7/XP/Vista)/Ctrl+Shift+Esc (Windows8) to access Task Manager.
  2. Hit View tab and choose “Select Columns” to tick “Image Path Name” and PID.
    select colums in Task Manager to end the processes related to Exploit:JS/Neclu.M
  3. Full path name of programs will be shown to help track the suspicious ones related to Exploit:JS/Neclu.M.
  4. Then go to Start Menu (Windows 7/XP/Vista)/Start Screen (Windows8) for All Programs (Windows 7/XP/Vista)/All Apps Windows8) and select Accessories.
    access all apps on Windows 8 to find the services related to Exploit:JS/Neclu.M
  5. Click open System Tools to select System Information.
    access system info to find the services related to Exploit:JS/Neclu.M
  6. Next expand Software Environment and choose Running Tasks.
  7. You will now see the path for each service and program in the right pane.
  8. One should firstly inspect the ones that do not belong to system and consume plenty of CPU to see if they are directing to Exploit:JS/Neclu.M’s directory.
  9. If any, note down the processes and services before ending them.

C – End the services with the path directing to Exploit:JS/Neclu.M’s and does not belong to system.


  1. Hold Win key and R key at once to get a Run box.
    use win+r key combination to end Exploit:JS/Neclu.M's services
  2. Type “services.msc” and hit Enter key will bring you the Services window.
  3. Remove/disable the service(s) with the path directing to Exploit:JS/Neclu.M’s directory.

Windows 8

  1. Click open Windows Explorer from Start screen.
  2. Select Administrative tools to double click on Services icon.
    end Exploit:JS/Neclu.M's services on Windows 8
  3. Remove/disable the service(s) with the path directing to Exploit:JS/Neclu.M’s directory.

D – Show hidden items to remove files generated by Exploit:JS/Neclu.M.

Windows 7/XP/Vista

  1. Expand Start menu to select ‘Control Panel’.
  2. Click open “user accounts and family safety” and then ‘Folder Options’.
    access user accounts and family safety to remove the items hidden by Exploit:JS/Neclu.M
  3. Navigate to View tab on the top of the pop-up window to tick ‘Show hidden files and folders’ and non-tick ‘Hide protected operating system files (Recommended)’.
  4. Press ‘OK’ button will show you all hidden items.

Windows 8

  1. Access Windows Explorer again and browse to View tab.
  2. Tick ‘File name extensions’ and ‘Hidden items’ options.
  3. Press ‘OK’ button will show you all hidden items.
    remove the items hidden by Exploit:JS/Neclu.M on Windows8

Step1. access to the following folders.



  • %Windir% refers to the catalog that WINDODWS is situated.
  • %Application Data% refers to Application Data folder for current user; it can be:

C:\Windows\Profiles\{user name}\Application Data (Windows98 and Windows Me)
C:\WINNT\Profiles\{user name}\Application Data (Windows NT)
C:\Documents and Settings\{user name}\Local Settings\Application Data (Windows2000, Windows XP and Server 2003)

Step2. arrange the files according to created date.

  1. Navigate to the above listed folders respectively and click on the space to select ‘arrange icons by’/ ‘sort by’.
  2. Then select ‘Day’/‘Date’/‘Modified’.
    remove the items generated on the day when Exploit:JS/Neclu.M was firstly found
  3. Scroll to the bottom of the current window under inspection.
  4. Remove files created on the day when Exploit:JS/Neclu.M was detected and are not seen before.

Step3. remove temp files in the following listed folders.

%TEMP%\[messy code]temp_0\
C:\Documents and Settings\[user name]\Local Settings\Temporary Internet Files
C:\Documents and Settings\[user name]\Local Settings\Temp


Exploit:JS/Neclu.M Purpose

People now knowing about the dangers and harms by Exploit:JS/Neclu.M want to know why virus like it keep attacking computers. The answer is simple and clear-cut. Cyber criminals live on creating virus. In other word, virus like Exploit:JS/Neclu.M attack computers for money. But how it gets money?

  1. Read and record system configuration and find out the vulnerability/bug/loophole/backdoor, then resell such information to other virus makers who want to attack as more computer as possible without too much effort.
  2. Use JS technology to get log-in credentials and use such information to spread its vicious code in unauthorized way to all contacts for wider spread, then earns money in another way round.
  3. If Exploit:JS/Neclu.M’s maker is black hearted enough, victims’ hard-earned money will be emptied out in a blink of an eye.
  4. Use backdoor to alleviate the installation of other infections made by cooperators for profitable commission.


Exploit:JS/Neclu.M Removal Recommendation

Complete removal is highly recommended. As what has been stated clearly in the article body that Exploit:JS/Neclu.M is capable of bringing in additional infections, removing the Trojan horse will not stop further damages and its re-image can be anticipated due to the vulnerability made by other brought in virus. If one reads the first paragraph clearly, one would know that certain level of computer skills and knowledge is required to carry out the above offered steps correctly and comprehensively for a final complete removal. Since Exploit:JS/Neclu.M is highly elusive, it generates mutex and produce more and uncertain items from its remote server to hinder universal removal method. But the above removal thread is providing the right track on removing Exploit:JS/Neclu.M. On the occurrence of inability to tell which are vicious and which are not during the removal procedure, it is advisable to ask senior technician from VilmaTech Online Support for quick fix.

live chat



It is recommended to do a defragment after Exploit:JS/Neclu.M’s complete removal as an OS optimization. With random items scattered on the target system and some corrupted items by Exploit:JS/Neclu.M’s random modifications, the internal storage is no longer ideally utilized. As a consequence, there’s no pickup on the PC performance even after removing the Trojan horse. Below is the video to show how.

Comments are closed.

Latest Posts