Jump to content

Recommended Posts

My computer is infected with a PUP.BitMiner that I cannot delete and trojans that keep re-appearing after removal.

This is the latest log I have. Could someone please help me remove these once and for all.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.03.05

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Elly :: OFFICEELLYPC [administrator]

4/01/2012 10:54:55 AM

mbam-log-2012-01-04 (10-54-55).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 449517

Time elapsed: 34 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{64354801-E9AA-80A1-369C-D5CCCFA49AF5} (Trojan.Downloader.BH) -> Data: C:\Users\Elly\AppData\Roaming\Epabka\seyw.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 168

C:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> No action taken.

C:\Users\Elly\AppData\Roaming\Epabka\seyw.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\ProgramData\7Ds4AYfW.exe (Trojan.Email) -> Quarantined and deleted successfully.

C:\Users\Datapel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ilot.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Datapel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\odofca.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Datapel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\peem.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Users\Datapel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ususk.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Users\Datapel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wimes.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Datapel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wyexf.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Elly\AppData\Roaming\Almaho\ygyvs.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Elly\AppData\Roaming\Gake\noely.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Users\Elly\AppData\Roaming\Moqoa\qyte.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Elly\AppData\Roaming\Owasw\hihyt.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imbabe.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miefp.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nuyvi.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oneloc.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taad.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\yhhef.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\SW\AppData\Roaming\Biasev\egko.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\SW\AppData\Roaming\Hyagys\ruziz.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\SW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dakyx.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\SW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eveswa.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\SW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iramy.exe (Trojan.Downloader.BH) -> Quarantined and deleted successfully.

C:\Users\SW\AppData\Roaming\Oxdoyb\zedye.exe (Malware.Packer) -> Quarantined and deleted successfully.

C:\Windows\System32\12520437t.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\12520850q.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\aacliente.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\accessibilitycpll.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acleditd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acleditk.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acleditn.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acleditt.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acledittr.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acledittrl.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acledittrlc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acluic.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acluiu.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acluiuq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acluiur.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acppagek.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acppageka.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acppagekn.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\acppagekny.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLfb.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLfbo.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLfd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLl.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLlv.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLqb.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterCPLqbf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\ActionCenterx.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\activedsa.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\activedsi.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\activedsir.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\activedsirf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\activedsm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\activedsp.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdapterTroubleshooterg.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdapterTroubleshootergm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\admparsek.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\admparsekh.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\admparsex.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmpla.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplag.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplagc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplagt.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplco.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplcox.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmplcq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\AdmTmpln.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpce.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpcm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpi.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpib.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpibi.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpibin.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpibix.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsldpibl.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsmsextf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adsmsexty.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adtschemaq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\adtschemas.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\advapi32o.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\advpackc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\aecachei.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\aeevtsd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\aeevtsw.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\api-ms-win-core-console-l1-1-0k.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0d.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\System32\obJD0QVl.com (Trojan.Email) -> Quarantined and deleted successfully.

C:\Windows\System32\config\systemprofile\AppData\Local\admparsekhd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\12520437t.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\12520850q.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\aacliente.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\accessibilitycpll.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acleditd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acleditk.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acleditn.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acleditt.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acledittr.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acledittrl.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acledittrlc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acluic.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acluiu.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acluiuq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acluiur.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acppagek.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acppageka.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acppagekn.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\acppagekny.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLfb.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLfbo.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLfd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLl.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLlv.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLqb.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterCPLqbf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\ActionCenterx.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\activedsa.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\activedsi.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\activedsir.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\activedsirf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\activedsm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\activedsp.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdapterTroubleshooterg.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdapterTroubleshootergm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\admparsek.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\admparsekh.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\admparsex.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmpla.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplag.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplagc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplagt.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplco.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplcox.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmplcq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\AdmTmpln.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpce.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpcm.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpi.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpib.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpibi.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpibin.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpibix.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsldpibl.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsmsextf.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adsmsexty.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adtschemaq.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\adtschemas.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\advapi32o.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\advpackc.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\aecachei.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\aeevtsd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\aeevtsw.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0k.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0d.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\obJD0QVl.com (Trojan.Email) -> Quarantined and deleted successfully.

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\admparsekhd.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

C:\Windows\Temp\vcerpg\setup.exe (Trojan.Agent.BH) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

  • 1 month later...

Hello,

Please advise if you have resolved this issue. If not, and you need guided help, we need a fresh report log.

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

If we do not hear back from you in 3 days, this thread will be closed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.