Fenix_Marcus

Haven't had any warnings since i restarted after the fix Thanks so much for your help!

I've attached the logs. I ran norton, hitman and malwarebytes scans as well and they all came up clear, so hopefully its all clean now FRST.txt Addition.txt

Actually, after a restart I haven't received any alerts so far. Should I run another frst scan to make sure?

Light at the end of the tunnel hopefully, ran the fix and attached. Edit: Still got another alert after the fix Fixlog.txt

There were a couple of autoruns applications so i ran the "Autoruns64" one, let me know if i need to run all of them. zip is attached. Autorunscan.zip

I saw a notification from Albert in my emails but its not in the thread, but yeah what he said seems to be what is also happening here as notron threw up another notification when i started up today, with the file in a different location to last time. I haven't done anything to remove the file this time, just reran the frst scan in RE and attached the log, along with the norton screenshot and log. Ironically norton now thinks that frst is a bigger threat than the maleware FRST.txt NPE 20.08.18.txt

Would that be due to hitman removing said file a couple of times after a few restarts? Incidentally, norton hasn't thrown me an alert during the last few startups i did while trying to get onto the boot startup, not sure if that actually means the bitcoin miner is there or not though. FRST.txt

This took a little longer then necessary because the UEFI Bios was giving me grief. Anyways I ran the tool in the recovery environment and attached the log. Fixlog.txt

No worries. I've got a few i can spare. The Riched32.dll does seem to be causing the alerts, I managed to remove it yesterday with Hitman antimalware and didn't have any problems for the rest of the day, but the file restored itself this morning and threw up alerts until i removed it again.

It seems that repeated virus scans have brute forced their way into clearing the malware, is there anything you need to check that its definitely gone?

I re-ran the power eraser scan today but it didn't flag up the Riched32.dll file this time. I've attached what i'm pretty sure are the previous couple days logs in case they help. I've also re run the frst64 scan and attached the logs. I'll attach another log if it flags up the riched32 file again. NPE 13.8.18.txt NPE 12.8.18.txt FRST.txt Addition.txt Edit: And there it is NPE 14.8.18 Riched32.dll file.txt

Norton gave another alert for the same problem along with an outbound traffic alert. Both are the same as what I originally attached. I'm guessing that Riched32.dll file shouldn't be there?

Thanks for the help. I've run the fix and it completed successfully, I've attached the fixlog. Do I need to do anything else or just wait and see if Norton throws up another alert? Fixlog.txt

Hi, Norton 360 has started notifying me of blocked intrusion attempts on a very regular basis from bitcoinminer activity 7, but doesn't recommend any action to be taken and the power eraser scan only turns up one file that it isn't certain is a risk or not. I've attached screenshots from norton and the text files from FRST. Some help in clearing the infection would be much appreciated Addition.txt FRST.txt