Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Miner.Bitcoinminer Activity [Solved]


  • Please log in to reply

#16
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

Hello.
 
Let's move on.

1. AdwCleaner (Clean mode)

  • Double click AdwCleaner.exe on your Desktop, to run it as you did before.
  • Click Scan Now.
  • When the scan has finished a Scan Results window will open.
  • Please check all the boxes and then click Quarantine.
  • Click Next.
    • If any pre-installed software was found on your machine, a prompt window will open. Click OK to close it.
    • Check any pre-installed software items you want to remove.
    • Click Quarantine.
  • A prompt to save your work will appear.
    • Click Continue when you're ready to proceed.
  • A prompt to restart your computer will appear.
    • Click Restart Now.
  • Once your computer has restarted:
    • If it doesn't open automatically, please start AdwCleaner.
    • Click the Log Files tab.
    • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the removal.
    • Please post the contents of the file in your next reply.

 

2. Eset Online Scanner

To ensure that everything is clean...

 

Download ESET Online Scanner and save it to your desktop.

  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

 

In your next reply please post:

  1. The AdwCleaner[C0*].txt
  2. The eset.txt
  3. How is the computer running now? Any errors/warnings/issues?

  • 0

Advertisements


#17
weisation

weisation

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

My laptop is performing fine and the errors from Norton have stopped, thanks!

Though the AdwCleaner did not tell me to restart my computer, it simply gave me the logs.

 

Another thing is that the ESET scan is taking a very long time and it has already been 3 hours and I will have to leave my laptop overnight. It has detected 1 threat though.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    01-11-2022
# Duration: 00:00:01
# OS:       Windows 10 Education
# Cleaned:  2
# Failed:   0
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
No malicious Chromium URLs cleaned.
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
***** [ Hosts File Entries ] *****
 
No malicious hosts file entries cleaned.
 
***** [ Preinstalled Software ] *****
 
No Preinstalled Software cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1525 octets] - [10/01/2022 17:16:54]
AdwCleaner[S01].txt - [1586 octets] - [11/01/2022 00:12:30]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

  • 0

#18
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

Thanks. The log is good. I will be waiting for the Eset's result. It will take some time.  :thumbsup:


  • 0

#19
weisation

weisation

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

The results. Thanks so much for the help thus far by the way!

Attached Files

  • Attached File  eset.txt   1.43KB   150 downloads

Edited by weisation, 10 January 2022 - 01:03 PM.

  • 0

#20
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

Did you see the results?

 

It seems that your Street Fighter Game is cracked. Not sure if you can use it now, but remember, you said that you wanted to continue by uninstalling all the programs with not a genuine license. Now it's time to do that, in case you left some things behind.

 

Also, did you see the following line regarding Norton?

 

C:\Program Files\Norton Security\Engine\22.21.11.46\NCrypt.exe a variant of Win64/CoinMiner.RH potentially unwanted application error while cleaning (Access denied)

 

Since it is a part of your antivirus, it is not deleted. But it is a bit ... scaring your antivirus to come with a CoinMiner! I would not keep it in my computer, anyway!

 

If you decide to uninstall Norton: https://support.nort...tions/v15972972

 

Next, I would like to see fresh FRST logs, Addition and FRST.


  • 0

#21
weisation

weisation

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here are the fresh logs. I have decided not to uninstall norton antivirus. At least until the subscription I paid for is over.

Attached Files


Edited by weisation, 11 January 2022 - 07:32 AM.

  • 0

#22
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

Hi, weisation.
 
Your logs are clean. You may want to delete qbittorrent_4.3.9_x64_setup.exe in your Downloads folder, since you removed that program. 
 
The only remaining thing is your computer's upgrade. You are now running with version 20H2, two major upgrades behind. It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.
 
If you want to upgrade now:

  • Go to this Microsoft page and under the title Create Windows 10 installation media press on Download tool now.
  • Save the tool on your Desktop and double click to run it.
  • On the License terms page, if you accept the license terms, select Accept.
  • On the What do you want to do page, select Upgrade this PC now, and then select Next.
  • Follow the instructions and select Keep personal files and apps, when you are asked to.
  • It might take a couple of hours, depending on your wifi speed connection, to install Windows 10. Your PC will restart a few times. Make sure you don’t turn off your PC.
  • After downloading and installing, the tool will walk you through how to set up Windows 10 on your PC.

 

Let me know if you are going to upgrade now. Otherwise, I will give you instructions to remove the tools we use and create a restore point.


  • 0

#23
weisation

weisation

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

For now I don't want to upgrade my computer yet. I will return tomorrow since its late for me.


Edited by weisation, 11 January 2022 - 11:05 AM.

  • 0

#24
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

We are in different time zones. Here it is 19:10. :)

The following tool will remove the tools we used as well as reset system restore points:

Download KpRm by kernel-panik and save it to your desktop.

  • Right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log will open in Notepad titled kprm-(date).txt.
  • Please copy and paste its contents in your next reply.

  • 0

#25
weisation

weisation

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay, done!
 
# Run at 1/12/2022 11:18:37 AM
# KpRm (Kernel-panik) version 2.9.3
# Run by seezo from C:\Users\seezo\Desktop
# Computer Name: DESKTOP-F0CH9P5
# OS: Windows 10 X64 (19042) 
# Number of passes: 1
 
- Checked options -
 
    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines
 
- Create Registry Backup -
 
   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\seezo\NTUSER.dat backed up
 
     [OK] Registry Backup: C:\KPRM\backup\2022-01-12-11-18-37
 
- Delete Tools -
 
 
  ## AdwCleaner
     [OK] C:\Users\seezo\Desktop\AdwCleaner.exe deleted
     [OK] C:\AdwCleaner deleted
 
  ## ESET Online Scanner
     [OK] C:\Users\seezo\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\seezo\Downloads\esetonlinescanner.exe deleted
 
  ## FRST
     [OK] C:\Users\seezo\Desktop\Addition.txt deleted
     [OK] C:\Users\seezo\Desktop\Fixlog.txt deleted
     [OK] C:\Users\seezo\Desktop\FRST-OlderVersion deleted
     [OK] C:\Users\seezo\Desktop\FRST.txt deleted
     [OK] C:\Users\seezo\Desktop\FRST64.exe deleted
     [OK] C:\FRST deleted
 
- Restore System Settings -
 
     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files
 
- Restore UAC -
 
     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value
 
- Clear Restore Points -
 
   ~ [OK] RP named Scheduled Checkpoint created at 01/07/2022 06:26:37 deleted
   ~ [OK] RP named Removed Java SE Development Kit 8 Update 261 (64-bit) created at 01/09/2022 13:10:03 deleted
     [OK] All system restore points have been successfully deleted
 
- Create Restore Point -
 
     [OK] System Restore Point created
 
- Display System Restore Point -
 
   ~ [I] RP named KpRm created at 01/12/2022 03:18:56
 
-- KPRM finished in 46.26s --

  • 0

Advertisements


#26
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

Hi, weisation.

 

Everything ran fine. 

Let's finish it!

Now your computer is clean, here are some final tips about your computer's security from now on:

Some of the following, are from Klein's (2005) article, So how did I get infected in the first place. Since then, the article has been reproduced or linked to in dozens of locations. As a result, many malware experts have continued updating it, to include current operating systems and software program information. My source is Security Garden, and I marked for you the following:

1. Keep your Windows updated!
It is important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.

2. Update 3rd Party Software Programs
Third Party software programs have long been targets for malware creators. It has been stated that "Adobe’s Reader and Flash and all versions of Java are together responsible for a total of 66 percent of the vulnerabilities in Windows systems exploited by malware.'' It's important to keep everything updated.

3. Update the browsers you use
Many malware infections install themselves by exploiting security holes in the Internet browser that you use. So... Keep them updated.

4. Be careful about what you download and what you open!

  • Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself. Watch for pre-checked options such as toolbars that are not essential to the operation of the installed software.
  • Peer-to-peer (P2P) programs like Kazaa, BearShare, Imesh, Warez P2P, and others, allow the creation of a network enabling people to connect with other users and upload or download material in a fast efficient manner. BUT even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected.
  • Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Have this in mind.
  • Do not open any files without being certain of what they are!

5. Avoid questionable web sites!
Visit web sites that are trustworthy and reputable. Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders. Also, never give out personal information of any sort online or click "OK" to a pop-up unless it is signed by a reputable company and you know what it is.

6. Registry cleaners/driver boosters/system optimizers
I do not recommend registry cleaners, system optimizers, driver boosters and the like. It is your computer and certainly your choice. However, please consider that modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. With registry cleaner and system optimization software programs, the potential is ever present to cause more problems than they claim to fix. Do note, however, that Microsoft does not support the use of registry cleaners. See Microsoft support policy for the use of registry cleaning utilities.

7. PC means personal computer!
Don't give access to your computer to friends or family who appear to be clueless about what they are doing.

8. Back-up your work!
Make back-ups of your personal files frequently. You never know when you'll have to reformat and start from scratch. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.

9. Must-Have Software
An anti-virus and an anti-spyware program is a necessity for the security of your computer. Be sure that you keep them updated, and that real time protection is enabled. You have now Norton (which I do not recommend). Together with Malwarebytes, if you run it occasionally, depending on how often you use your computer, can keep you safe.

Happy safe computing. ZZZQehw.gif


I'm glad I was able to help you.


  • 1

#27
weisation

weisation

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you so much for the help!


  • 0

#28
DR M

DR M

    The Grecian Geek

  • Malware Removal
  • 4,241 posts

You are very welcome! :)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP