drog
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by drog
-
-
On the debug folder there is also a item.dat which is open in rundll32.exe and a sub folder called WIA with a text document called wiatrace inside.
**************** Started trace for Module: [sti_ci.dll] in Executable [devsetup.exe] ProcessID: [7028] at 2016/09/25 02:27:37:919 ****************
WIA: 7028.4852 0 0 0 [sti_ci.dll] ERROR: GetDwordFromRegistry, RegQueryValueEx() failed. Err=0x4.
WIA: 7028.4852 0 0 0 [sti_ci.dll] ERROR: GetDwordFromRegistry, RegQueryValueEx() failed. Err=0x4.
WIA: 7028.4852 0 0 0 [sti_ci.dll] ERROR: GetDwordFromRegistry, RegQueryValueEx() failed. Err=0x4.
this is what is in it
-
When I try to delete it it says the file is open in CNG Key Isolation, after I killed the LSA process I got a critical failure restart in 1 minute message but was able to delete it, but it's back again after reboot.
-
I did after closing the LSA proccess and got a reboot in 1 minute message brb
-
Also I was wondering if I should've ran the scan and the fix while the "mining" was going on, I always close it manually on startup by stopping a few network services and the conhost and svchost processes because if I don't do that it gets really slow
-
Sorry, forum was detecting me as spam haha
-
-
Hi Aura, thanks in advance for your help, also maybe it's worth noting that in the time between my first post and yours I removed CCcleaner and some conhost.exe files in my computer, now when I reboot conhost doesn't open anymore, but something else does as I get a 1,5 gb svchost if I don't stop a few network services, here are my updated logs if needed
-
So I've been having this problem for the last few days, my PC was pretty slow so I ran malwarebytes and it found a lot of stuff, then got rid of it but they came back with every reboot so I started looking into solutions online, I guess I've managed to get rid of a few of them by running a lot of different cleaning tools but "conhost.exe" always comes back after reboot. There was also some exes called lsmose and mysa1 mysa2 and mysa3 which I found out online that are bitcoin miners. I can stop the conhost manually by stopping some processes but it comes back after every reboot so I would really appreciate some help. I already ran FRST and attached the files, also not sure if this changes anything but these are the cleaning tools I used: malwarebytes, hitmanpro, roguekiller, mbamantirootkit and combofix
I can't get rid of a bitcoin miner
in Resolved Malware Removal Logs
Posted
FRST.txt
Addition.txt