Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CLARITY Is Needed For Writing Script to Add to Farbar's Fixlog.txt

Bitcoin Miner Trojan Virus Removal Farbar Directive Script Help

  • Please log in to reply

#1
tedrico

tedrico

    New Member

  • Member
  • Pip
  • 3 posts

Was alerted by Malwarebytes Anti-Root Kit of existence of Bitcoin Miner Trojan in my Dell Inspiron N5050 win10 64bit Home v1909 OS Laptop. Disconnected Dell from other 5 Computers,2 Phones and PS3, as well as, WD Cloud. so as not to be on the network. USB Ports blew 3 years ago. SD Card Reader blew last year. So I still ran Farbar that I downloaded from Cloud before breaking shared access with cloud. Can't figure out whether to search and destroy most of Farbar's Output in FIRST.txt within REGEDIT or try to use directives to form script to populate  Fixlog.txt with. Am in need of help.

Attached Files


  • 0

Advertisements


#2
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,245 posts

Hi, tedrico.

 

Welcome to Geeks to Go Forums. :)

 

I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

 

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

 

========================================================

 

I am currently reviewing your logs and will be back to you as soon as I can.


  • 0

#3
tedrico

tedrico

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hi, tedrico.

 

Welcome to Geeks to Go Forums. :)

 

I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

 

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

 

========================================================

 

I am currently reviewing your logs and will be back to you as soon as I can.

 

==================================================================================================================================

 

 

 

 

Thank you sir! :) I will let you instruct Wise Sensai and learn how to use this tool.


  • 0

#4
tedrico

tedrico

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Ooops you can tell I am rusty using Forum Chat platforms LOL! Thank you sir! xsmile.png.pagespeed.ic.i4t6CebReV.webp I will let you instruct Wise Sensai and learn how to use this tool.


  • 0

#5
DR M

DR M

    GeekU Senior

  • GeekU Senior
  • 2,245 posts

Hi, tedrico.

I don't see any malware sign in the existing logs.

Was the warning from Malwarebytes you have already installed in your computer? If yes, can you please find the report and post it in your next reply?

To do so, open Malwarebytes, click on Scanner and then on the Report tab. Find the report with the trojan warning, double click on it and then click on Export. Choose Copy to clipboard. Finally, prepare your next reply, right click on an empty space and choose paste. The content of the report will be pasted there.


1. FRST fix

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

Start::
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\EsgInstallerResumeAction_7e211bafacdb964f2938233e4756906d.exe
ExportKey: HKLM\SOFTWARE\Policies\Microsoft\MRT
Exportkey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
Exportkey: HKLM\SOFTWARE\Policies\Mozilla\Firefox
Exportkey: HKLM\SOFTWARE\Policies\Google
CMD: type C:\Windows\system32\GroupPolicy\Machine\registry.pol
EmptyTemp:
End::
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines. Right-click and select "Copy ". No need to paste anything to anywhere.
  • Right-click on FRST64 on your Desktop, to run it as administrator. When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt on your Desktop.
  • Post the log in your next reply.

 

2. Run Malwarebytes (Scan mode)

  • Open Malwarebytes you have already installed on your computer.
  • Click the little gear on the top right (Settings) and when it opens, click the Security tab and make sure about the following:
    Under the title Scan Options, all the options are checked.
    Under the title Windows Security Center (Premium only) is unchecked.
    Under the title Potentially unwanted items are set to Always.
  • Click on the little gear to return to the main menu and select Scan. The program will start scanning your computer. This may take about 10 minutes, but in some cases it may be take longer.
  • When finished, you will see the Thread Scan Summary window open.
  • If threads are not found, click View Report and proceed to the two last steps below.
  • If threats are found, make sure that all threats are not selected, close the program and proceed to the next steps below.
  • Open Malwarebytes again, click on the Scanner, and then on the Reports tab.
  • Find the report with the most recent date and double click on it.
  • Click on Export and then Copy to Clipboard.
  • Paste its content here, in your next reply.

 

3. Run AdwCleaner

Download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now.
    • When the scan has finished, a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab.
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number. The latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

 

In your next reply, please make sure to post:

  • The Fixlog.txt content
  • The MBAM report
  • AdwCleaner[S0*].txt

  • 0






Similar Topics


Also tagged with one or more of these keywords: Bitcoin Miner Trojan, Virus Removal, Farbar Directive Script Help

2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP