Rjd2

Members

View Profile See their activity

Posts
4
Joined
June 1, 2018
Last visited
June 25, 2018

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Rjd2

Deleted RiskWare.BitCoinMiner comes back after every restart

Rjd2 replied to Rjd2's topic in Resolved Malware Removal Logs

Not yet. But I think it might come back. I ran FRST before I posted here also and still after the restart I got the security warning of malwarebytes. Maybe the 2nd time running FRST helped. If not I will reply to this thread, okay? Thank you for your support!
Deleted RiskWare.BitCoinMiner comes back after every restart

Rjd2 replied to Rjd2's topic in Resolved Malware Removal Logs

Here it is Quarantine.zip
Deleted RiskWare.BitCoinMiner comes back after every restart

Rjd2 replied to Rjd2's topic in Resolved Malware Removal Logs

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01 durchgeführt von grziw (01-06-2018 19:14:57) Run:2 Gestartet von G:\Downloads Geladene Profile: grziw & (Verfügbare Profile: grziw) Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: CreateRestorePoint: HKLM\...\Run: [diskdriver] => C:\WINDOWS\system32\diskdriver.exe [2069504 2018-06-01] (Microsoft Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG S2 WinDefendSecurity; C:\WINDOWS\system32\windfn.exe [2218496 2018-05-28] (Microsoft Corporation) [Datei ist nicht signiert] S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X] Task: {687B0E30-1A96-4A3D-ABB9-BB0878CB1BA5} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG AlternateDataStreams: C:\Users\Public\AppData:CSM [472] HKU\S-1-5-21-1589878200-2074267544-266894676-1001\Software\Classes\regfile: regedit.exe "%1" <==== ACHTUNG HKLM\...\StartupApproved\Run: => "diskdriver" C:\WINDOWS\system32\diskdriver.exe C:\WINDOWS\system32\windfn.exe C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B C:\WINDOWS\system32\setup4.2.6.tmp C:\WINDOWS\system32\Drivers\6873241A.sys C:\WINDOWS\system32\Drivers\33241540.sys EmptyTemp: ***************** Prozesse erfolgreich geschlossen. Fehler: (0) Erstellen eines Wiederherstellungspunktes gescheitert. "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\diskdriver" => nicht gefunden "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => erfolgreich entfernt "HKLM\System\CurrentControlSet\Services\WinDefendSecurity" => erfolgreich entfernt WinDefendSecurity => Dienst erfolgreich entfernt "HKLM\System\CurrentControlSet\Services\cpuz145" => erfolgreich entfernt cpuz145 => Dienst erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{687B0E30-1A96-4A3D-ABB9-BB0878CB1BA5}" => erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{687B0E30-1A96-4A3D-ABB9-BB0878CB1BA5}" => erfolgreich entfernt HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => nicht gefunden C:\Users\Public\AppData => ":CSM" ADS erfolgreich entfernt "HKU\S-1-5-21-1589878200-2074267544-266894676-1001\Software\Classes\regfile" => erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\diskdriver" => erfolgreich entfernt "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\diskdriver" => nicht gefunden "C:\WINDOWS\system32\diskdriver.exe" => nicht gefunden C:\WINDOWS\system32\windfn.exe => erfolgreich verschoben C:\WINDOWS\system32\7B296FC0-376B-497d-B013-58F4D9633A22-5P-1.B5841A4C-A289-439d-8115-50AB69CD450B => erfolgreich verschoben C:\WINDOWS\system32\setup4.2.6.tmp => erfolgreich verschoben C:\WINDOWS\system32\Drivers\6873241A.sys => erfolgreich verschoben C:\WINDOWS\system32\Drivers\33241540.sys => erfolgreich verschoben =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11643892 B Java, Flash, Steam htmlcache => 6574451 B Windows/system/drivers => 0 B Edge => 0 B Chrome => 92369745 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 0 B grziw => 1199556 B RecycleBin => 0 B EmptyTemp: => 116.6 MB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 19:15:01 ==== Hi Aura, thank you very much! Somehow no editor opened after scanning. I copied the logfile from the same directory as FRST.
Deleted RiskWare.BitCoinMiner comes back after every restart

Rjd2 posted a topic in Resolved Malware Removal Logs

Hello, some days ago I noticed some performance issues on my PC. Somehow I got a miner using my GPU in the background. Eventually I bought Malware Bytes Premium to get rid of it permanently. Unfortunately after every restart I get a threat detection even though I deleted them after sending them to quarantine. After trying it alone for some evenings I'm seeking some help here. Please let me know if I need to provide further information. Best regards! mb_log.txt Addition.txt FRST.txt

Sign In

Rjd2

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Rjd2

Deleted RiskWare.BitCoinMiner comes back after every restart

Deleted RiskWare.BitCoinMiner comes back after every restart

Deleted RiskWare.BitCoinMiner comes back after every restart

Deleted RiskWare.BitCoinMiner comes back after every restart

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information