T410
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by T410
-
-
Hi Ron,
I have just uploaded the whole folder and also attached the Fixlog.txt (I tweaked the fixlist.txt you uploaded to zip the folder)
Folder link: https://drive.google.com/file/d/1SM469icxbr7AOKLsOsqr7aGbQ7jSX4WT/view?usp=sharingMalwarebytes found the threats and quarantined them. Thanks Ron
One last question: Can I go and shift + delete the files or are there any better/safe ways to do it?
-
Hi Ron,
The zip file exceeds the file uploading limit. It's 142 MB. I am uploading it to Google Drive. If it doesn't OK for you just let me know where should I upload it.
And also other than dlls and guard.exe file there is a mint.exe file which starts by guard.exe . I think the "mining" operation is being done by that mint.exe because "guard.exe" is always running at the background when I check it in the Task Manager. But "mint.exe" starts when I completely leave my pc idle for a few minutes. (I left task manager open and left the pc for a few minutes.)
Should I completely zip the folder that I thought infected? Or just "Guard.exe" is fine?
The zip file link: https://drive.google.com/file/d/10EKa1wDeOsg92c7bEQH3L8yl9_zaCkDg/view?usp=sharing
-
I have followed the steps. The attachments are included. But Adwcleaner can't see the malicious file. In FRST.txt malicious file "guard.exe" can be seen though.
-
Hello,
My laptop has been using it's fan quite vigorously when it's idle but I didn't take it seriously. Today I realized it is really bugging me out. When no input is given to the pc it began to spin its fans really fast. But when I move the mouse it almost suddenly stops. Then I ran Tas Manager on the screen and I waited. When the fans began to spin again I realized a process is using almost 60% of my CPU. Name of the process is "mint.exe". No luck finding any information though. Ran a malwarebytes scan and it found 1 software. "Guard.lnk" which lead me to "Guard.exe" in "C:\Users\user\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings". BTW "Internet Settings" folder is hidden. Showing hidden items didn't help. But going directly to the address let me in. Content of the folder is attached. There is a "config.txt" file in the folder which led me thinking it is a stealth miner malware. You will get when you see the config file which is attached also.
If any of you guys want me to share the files for analyzing purposes I will gladly share them with you.
But I want them to be gone of course.
malwarebytes report, FRST.txt, Addition.txt files are attached.
TL;DR:
Cryptocurrency miner malware infected. Need to remove. Please help. Required files are attached. Thank you
Infected by Zombie Cryptocurrency Miner Malware
in Resolved Malware Removal Logs
Posted
Thank you so much Ron