Jump to content

YourTV.chrprst Bitcoin Miner and Browser Hijacker


Recommended Posts

  • Staff

Hello ndimoro and welcome to the Malwarebytes Forum

Please uninstall the following program as it is considered  adware:

Popcorn Time Community 0.3.8-6

(type add or Remove programs into the search box > locate Popcorn Time > hit remove)

NEXT

Download attached fixlist.txt file and save it to the Downloads folder where FRST64.exe is saved.

Fixlist.txt

 

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

NEXT

Download AdwCleaner from  here and save it to your desktop.

  • Run AdwCleaner

  • Click the "Options" menu heading on the menu bar and uncheck "Reset Winsock Settings"

  • Now select Scan

  • If items are found, please select the Cleaning button

  • Once done it will ask to reboot, allow the reboot

  • On reboot a log will be produced, please attach the content of the log to your next reply

Link to post
Share on other sites

Hi there! Thanks for the help.

I did everything you requested here are the files.

I (believe) I am still seeing the bitmining process (or so I think) "ar.exe" active on my computer, and it appears to be attempting to connect to a webserver that is being blocked by MWB.  I can close the process manually of course but it reinitiates on each restart. So I believe I am still infected. I generated new FRST/Addition logs just in case.

Thank you!

AdwCleaner[C1].txt

Fixlog.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

  • Staff

Download attached fixlist.txt file and save it to the Downloads folder where FRST64.exe is saved.

Fixlist.txt

 

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Link to post
Share on other sites

  • Staff

That's good news.

Please download DelFix from the following link and save the file to your Desktop.

https://toolslib.net/downloads/finish/2/

 

(it takes a good 10 seconds for the download to start)

 

Double-click DelFix.exe to run the program.

Place a checkmark next to the following items:

Activate UAC

Remove disinfection tools

Create registry backup

Reset System Settings

Click the Run button.

 

This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.