Please Help! I Can T Delete A Bitcoinminer Trojan

PLEASE HELP!
I CANT DELETE A BITCOINMINER TROJAN
http://forum.avast.com/index.php?PHPSESSID=rhgrp0bsj5le6e386lmvmi...
return to avast! pages
visit our support
read blog
join us on facebook
forum.avast.com
Welcome, Guest. Please login or register. Did you miss your activation email?
Forever Login
Search
News: avast! Server Edition - protect your server!!
Login with username, password and session length
HOME
HELP
SEARCH
MY MESSAGES
LOGIN
REGISTER
avast!WEBforum viruses and worms viruses and worms (Moderators: Pavel, Maxx_original, misak) PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN
previous topic next topic Pages: 1 [2] Go Down

PRINT
Author Zam1990
Newbie
Topic: PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN (Read

Re: PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN
Reply #15 on: May 24, 2013, 05:32:21 AM
Posts: 11
Here is the final log from zoek.exe My computer looks good, no virus or malware alert for the moment I think it is clean, Thank you so much for the help
Logged
magna86
Anti Malware Fighter avast! Evangelist Super Poster

Reply #16 on: May 24, 2013, 06:09:32 AM
@ Zam1990 I don't see attachments. You forgot to attach.

Logged
Posts: 1832 Gender: MyCity Forum-ASAP
Don't hate us because we're good. Hate us because we know it...
Zam1990
Newbie

Reply #17 on: May 24, 2013, 07:01:24 AM
1 of 7
30-Jul-13 8:06 AM
PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN
Posts: 11
ups!! here it goes

Logged
magna86

Reply #18 on: May 24, 2013, 08:04:18 AM
Ok, you are clean. Just to kill some remains and we are done. Run zoek one last time with this script:
Code: [Select] C:\Windows\Prefetch\DWM.EXE-A2101CC8.pf;f C:\Windows\Prefetch\DWM.EXE-6FFD3DA8.pf;f emptytemp;
I don't need zoek reports.

***************
Please download DelFix by "Xplode" to your Desktop. Run the tool and check the following boxes below; Remove disinfection tools Create registry backup Purge System Restore
Now click on "Run " button. Wait for the programme completes his work. All the tools we used should be gone. Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
> I don't need DelFix log report.
************************
I recommended to keep Malwarebytes and to use MCShield if you will. You may download MCShield from one of the following links:
MyCity - Official download link Softpedija - Mirror download link
It will prevent infection by computer via USB flash drive, mobile phone or any other memory card. And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.
Logged
2 of 7
30-Jul-13 8:06 AM
Zam1990
Newbie

Reply #19 on: May 24, 2013, 02:36:31 PM
Posts: 11
Finally it's over Thank you very much for helping me, for your time and effort, I'm glad there are people like you. keep it up guys greetings and best wishes
Logged
iv01
Newbie

Reply #20 on: May 25, 2013, 03:24:50 AM
Posts: 2
Same problem faced and same solution followed. Neither iswizard.rar nor wuaudit.exe are generated in my Temp directory now. Thank you for effective guidance!
Logged
ujec
Newbie

Reply #21 on: May 25, 2013, 08:16:25 AM
Posts: 1
also my problem. but in first step- scanning with malwarebytes anti-rootkit- maybe in mid of the process my system restarted. no window to continue scanning or report, nothing. what could it be ? im not expert so maybe the solution is easy, i dont know. thank you
Logged
magna86

Reply #22 on: May 25, 2013, 04:44:09 PM
@Zam1990 I'm glad I could help.
@ iv01 ; @ujec Basically you follow the instructions that were written and made for the user who opened this topic. Following such instructions can even damage your system because of Zoek and MBAR ...well, they are not toys. You need to open a new topic following this guide: http://forum.avast.com/index.php?topic=53253.0 One of us will assist you with removing malware.
Logged
3 of 7
30-Jul-13 8:06 AM
figlioecantero
Newbie

Reply #23 on: May 27, 2013, 12:39:41 PM
Posts: 3
Hi, i have executed the first step of this guide, i attach my zoek reports. Are neeed other step? BR
Logged
magna86

Reply #24 on: May 27, 2013, 01:10:11 PM
Hi and welcome to avast.

Quote from: figlioecantero on May 27, 2013, 12:39:41 PM Hi, i have executed the first step of this guide, i attach my zoek reports. Are neeed other step? BR
That zoek log isn't written for your machine.

Quote from: magna86 on May 25, 2013, 04:44:09 PM Basically you follow the instructions that were written and made for the user who opened this topic. Following such instructions can even damage your system because of Zoek and MBAR ...well, they are not toys. You need to open a new topic following this guide: http://forum.avast.com/index.php?topic=53253.0 One of us will assist you with removing malware.
One more time: This is the topic of this user. You all feel free to open a new topic if you are looking assistance, set&attach the logs for review: Follow guide from here: http://forum.avast.com/index.php?topic=53253.0 AdwCleaner <-- cleening adware & junkware ... Malwarebytes <-- preventive & first step for malware removal OTL and aswMBR <-- primary system and antirootkit tool diagnostics.
Logged
figlioecantero Re: PLEASE HELP! I CANT DELETE A
4 of 7
30-Jul-13 8:06 AM
Newbie
Posts: 3
BITCOINMINER TROJAN i have problem aswMBR, it will crashPM during scanning the directory c:\Windows Reply #25with on: June 01, 2013, 02:09:26 \asswmbly\GAC_MSIL. I tried to move the file tath cause the crash but without success because they are plentiful. the file are System.Security System.Security.resources system.servicemodel.install system.servicemodel.install.resources system.servicemodel.resources System.ServiceModel.WasHosting System.ServiceModel.Web System.ServiceModel.Web.resources System.ServiceProcess System.ServiceProcess.resources System.Speech System.Speech.resources System.Transactions.resources System.Web.Abstractions System.Web.Abstractions.resources System.Web.DynamicData System.Web.DynamicData.Design System.Web.DynamicData.Design.resources System.Web.DynamicData.resources System.Web.Entity System.Web.Entity.Design System.Web.Entity.Design.resources System.Web.Entity.resources System.Web.Extensions System.Web.Extensions.Design System.Web.Extensions.Design.resources System.Web.Extensions.resources System.Web.Mobile System.Web.Mobile.resources System.Web.RegularExpressions System.Web.resources System.Web.Routing System.Web.Routing.resources System.Web.Services System.Web.Services.resources System.Windows.Forms System.Windows.Forms.DataVisualization System.Windows.Forms.DataVisualization.Design System.Windows.Forms.DataVisualization.resources System.Windows.Forms.resources System.Windows.Presentation System.Windows.Presentation.resources System.Workflow.Activities system.workflow.activities.resources System.Workflow.ComponentModel system.workflow.componentmodel.resources System.Workflow.Runtime system.workflow.runtime.resources System.WorkflowServices System.WorkflowServices.resources System.Xml System.Xml.Linq System.XML.resources TaskScheduler TaskScheduler.Resources
5 of 7
30-Jul-13 8:06 AM
UIAutomationClient UIAutomationClient.resources UIAutomationClientsideProviders UIAutomationClientsideProviders.resources UIAutomationProvider UIAutomationProvider.resources UiAutomationTypes UiAutomationTypes.resources VSTADTEProvider.Interop WindowsBase WindowsBase.resources WindowsFormsIntegration WindowsFormsIntegration.resources WsatConfig There is an alternative to the log of aswMbr? Many thanks
Logged
figlioecantero
Newbie

Reply #26 on: June 02, 2013, 02:15:54 PM
Posts: 3
I have try to explain this guide( http://forum.avast.com/index.php?topic=53253.0) but aswmbr crash. Have any solutions? Br
Logged
magna86

Reply #27 on: June 02, 2013, 06:11:03 PM
Quote from: figlioecantero on June 02, 2013, 02:15:54 PM I have try to explain this guide( http://forum.avast.com/index.php?topic=53253.0) but aswmbr crash. Have any solutions? Br
Quote from: magna86 on May 25, 2013, 04:44:09 PM

You need to open a new topic following this guide: http://forum.avast.com/index.php?topic=53253.0 One of us will assist you with removing malware.
If aswMBR can't run just wrate that into your topic.

Logged
6 of 7
30-Jul-13 8:06 AM
Pages: 1 [2]
Go Up
PRINT
previous topic next topic

avast!WEBforum viruses and worms viruses and worms (Moderators: Pavel, Maxx_original, misak) PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN
Jump to: => viruses and worms
go
avast! on Twitter |
avast! on Facebook
SMF | SMF 2012, Simple Machines XHTML RSS WAP2 Page created in 0.038 seconds with 14 queries.
7 of 7
30-Jul-13 8:06 AM

Please Help! I Can T Delete A Bitcoinminer Trojan

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Please Help! I Can T Delete A Bitcoinminer Trojan

Uploaded by

Copyright:

Available Formats

PLEASE HELP!

I CANT DELETE A BITCOINMINER TROJAN

return to avast! pages

visit our support

News: avast! Server Edition - protect your server!!

Login with username, password and session length

previous topic next topic Pages: 1 [2] Go Down

Topic: PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN (Read

Re: PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN

@ Zam1990 I don't see attachments. You forgot to attach.

Posts: 1832 Gender: MyCity Forum-ASAP

Don't hate us because we're good. Hate us because we know it...

Re: PLEASE HELP! I CANT DELETE A BITCOINMINER TROJAN