Jump to content

my laptop is overinfected,overheating multiplesvchost,probably bitcoin miner and more


Recommended Posts

hi,my other laptop (this one too maybe but who cares) is infected by what i think every bad stuff u could get from internet,every component is overheating at 70° idle,multiple host,i tough was a bitcoin miner so i found around in this forum others with that problem,i tried roguekiller,mbam,combofix adwcleaner,still high temperature withing 1 minute from opening,most sad thing is after i uninstalled combofix,i cant connect to internet from that machine (i can with this one) mbam first scan found like 300+ bad things,i had removed them rebooted,(did this 2 or 3 times)roguekiller deleted a couple of regitry stuff,rebooted, problem still here,combofix,did....something and internet was cool,i uninstalled it ,and internet cant indentificate my connection anymore,i mean is connected but no internet acces,Yuo guys are my last resort,if this will not worki have to completely backup the system to his factory ,and his pretty sad because i have the hard disk kinda full.


 


pls Help


 

Link to post
Share on other sites

If your operationg system is either Vista W7 or W8 do the following. If XP let me know..

 

Please download Farbar Recovery Scan Tool from here:                                                                   
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt Here: http://www.bleepingcomputer.com/tutorials/windows-8-recovery-environment-command-prompt/ to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.



On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

Also this scan. you can also d/l and save to USB stick and transfer to sick PC desktop....

 

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:

 


Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender

 


Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

 

Let me see those logs..

 

Kevin

 


 

Link to post
Share on other sites

hi Kevin and thank you for the reply,and sorry for the late.before doing as you said i would like to ask i managed to make internet get connected again on the laptop in question,said so i'm gonna do this and in the while i'll give you the speedfan stuff,do you think this overheating can be caused by dust? because i have a quite good cooling pad,my room is cold(i mean it is really cold) and if i touch the laptop is not warm at all,just a bit more of when it is not running(really a little difference) and never had a shut down

 

:hd0:32

 temp1 64c

gpu 64

gpu64

core0 62

core1 58

at idle

 

now i do as you suggested thanks for your time

Link to post
Share on other sites

FRST is not infected, either turn off AVG or accept the alert... If you have a connection no need to run from USB stick just d/l and run.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


 

Link to post
Share on other sites

Run the following:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.



Next.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced logs...

 

Let me know if your system responds any better...

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

ok i'm scanning with malwarebytes but it will take 1 more hour,

actually temperature of the system are the same idle at 70-80 

after rebooting the system with adwcleaner i cant see drivers and gpu nor audio

but i guess it will be fixed with next reboot  it happend something like this yesterday so i guess it will be fix after when i reboot with mbam.

i really don't know what is causing this overheating

actually is 

hd0:52c

Temp1:1

Core 0:85c

core 1 :83c

 

is not showing the gpus for the reason above.

at this point i really hope is just dust or dirt under in the laptop

but is real strange i know there is something wrong,it struggles in game but the real stuff is that after having bought the cooling pad it is not barely warm at the touch.so i really cant figure this out.

 

btw really thanks for your help it actually responds faster thanks for real!

Link to post
Share on other sites

on the grills at the bottom there was some dust i cleaned it but i dont think it help,i guess into the case and between components there is more,i was used too clean my old desktop,but i'm not able with laptop,

tomorrow or in this days i'll bring it to clean it and i will let you know how it goes,

mbam have only 20k objects to go and until now 0 detection, That is Guud!

Link to post
Share on other sites

oh frst or aswcleaner switch off the test mode,i need it because gpus driver from hp package are stuck at 2010\11 so signing in test mode should fix the problem with that...

Sir you gave me a real Big help my notebook smell of fresh now

i'll let you know if i get by that overheat problem 

Thank You

Link to post
Share on other sites

I`m not sure what you mean by your last reply, what has been turned off? you state "test mode" I do not understand what you mean.....

 

One point that is absolutely certain we need to run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    Click Start
  • When asked, allow the add/on to be installed
    Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
  • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish



When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found


If threats were found

  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish



close program

copy and paste the report in next reply

 

Let me see that log, also tell me if any issues or concerns remain....

 

Is 1 am local time for me, off to bed very shortly..... sleepy time me thinks...
 

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.