xinfectedx Posted December 30, 2011 ID:511408 Share Posted December 30, 2011 I looked into this a bit already and it seems like a common problem but all solutions have been different in each situation specific for each person while having the same problems. MWB detects a PUP.BITMINER and tries to remove it, restarts and it is still there. My browser keeps redirecting me (mostly google) and it seems to be getting more severe. I have the log of my most current search which was a few minutes ago.Malwarebytes Anti-Malware (Trial) 1.60.0.1800www.malwarebytes.orgDatabase version: v2011.12.24.05Windows 7 x64 NTFSInternet Explorer 8.0.7600.16385Dick :: DICK-PC [administrator]Protection: Enabled12/30/2011 1:02:02 PMmbam-log-2011-12-30 (15-12-52).txtScan type: Full scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 341797Time elapsed: 1 hour(s), 8 minute(s), 57 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> No action taken.(end)Thank you so much for your helpi didn't know if i should include anything else beside the log. Link to post Share on other sites More sharing options...
LDTate Posted January 1, 2012 ID:512098 Share Posted January 1, 2012 Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.Consider what other private information could possibly have been taken from your computer and take appropriate stepsRemoving this infection can also disable the ability to connect to the internet.This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.Please post back to let me know how you wish to proceed. Link to post Share on other sites More sharing options...
xinfectedx Posted January 1, 2012 Author ID:512129 Share Posted January 1, 2012 Whether you wish to continue with cleaning or not, you should be aware that you may have been infected by a backdoor trojan. This type of program has the ability to steal passwords and other information from your system. If you are using your computer for sensitive purposes such as internet banking then I recommend you take the following steps immediately:Use another, uninfected computer to change all your internet passwords, especially ones with financial implications such as banks, paypal, ebay, etc. You should also change the passwords for any other site you use.Call your bank(s), credit card company or any other institution which may be affected and advise them that your login/password or credit card information may have been stolen and ask what steps to take with regard to your account.Consider what other private information could possibly have been taken from your computer and take appropriate stepsRemoving this infection can also disable the ability to connect to the internet.This infection can almost certainly be cleaned, but as the malware could be configured to run any program a remote attacker requires, it will be impossible to be 100% sure that the machine is clean, if this is unacceptable to you then you should consider reformatting the system partition and reinstalling Windows as this is the only 100% sure answer.Please post back to let me know how you wish to proceed.I want to proceed immediately anyway I can. Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2012 ID:512318 Share Posted January 2, 2012 Next:Download TDSSKiller from here and save it to your Desktop.Note: if the Cure option is not there, please select 'Skip'. Please read carefully and follow these steps. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.Click the Start Scan button.If a suspicious object is detected, the default action will be Skip, click on Continue.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply. Link to post Share on other sites More sharing options...
LDTate Posted January 5, 2012 ID:513855 Share Posted January 5, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts