Jump to content

Coin-hive


starsKT
 Share

Recommended Posts

Hello starsKT and :welcome:

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please read the instructions carefully and follow the directions in the order listed.

Please DO NOT run any tools on your own otherwise you can worsen the situation rather than solve it.

Make sure to run all tools from the computer's Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.

Once started the malware removal process has to be completed in order to ensure the success of the clean-up. Even if your computer appears to be running better after performing a first set of instructions, it may still be infected as some infections are difficult to remove and can leave remnants on the System. Please consider it clean and safe only when I declare it free of malware.


With that being said let's start.


Your System Restore is disabled. System Restore is an essencial protection feature to your system in case you need to recover the system to a prior date. Please read the instructions on this link How to Enable System Restore in Windows 7 and enable it.


Your Windows Firewall is disabled. The Windows Firewall is designed to keep your computer safe from outsiders by preventing any program from entering or exiting your computer via the Internet. Please read the instructions on this link How to Enable the Windows 7 Firewall and enable it.


I noticed that you have Torrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.


It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Torrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

 

Next,
Open the Chrome browser;
Type chrome://extensions in the address bar and press Enter;
Click the trash can icon by the extensions below to completely remove them;
BetterTTV
Speed Dial 2 Новая вкладка

A confirmation dialog appears, click Remove.


Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file!
  • Right-click on the FRST executable and select Run as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the Fixlog.txt in your next reply;


Next,

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Run as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.


After performing all the steps above please attach the following logs in your reply:
Fixlog.txt
Malwarebytes log.
AdwCleaner clean log.

How is the computer running at this point? Are you still having signs of CoinHive?

Thank you.
Rui

fixlist.txt

Link to post
Share on other sites

Hello starsKT.

Good to know that we made progress. :)

Please run one last scan to search for leftovers on your machine with ESET Online Scanner and then I will check your computer's friend.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers and disconnect any USB flash drives from the computer.
    3. Please disable your antivirus/antimalware programs to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Re-enable your antivirus/antimalware programs.

Please post the ESET log (if it produced one) and let me know how is the system running. Any issues or concerns?

Rui

Link to post
Share on other sites

Hello starsKT.

I apologize for the delay. ESET removed some leftovers of infection from your system.

Can you tell me how is you computer running at this point? Any issues or concerns?

Thank you.

Rui

Link to post
Share on other sites

Excellent! :)

Now you can download and run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.

For much more useful and complete information, please read the following links to fully understand PC Security and Best Practices:
So how did I get infected in the first place
Answers to common security questions - Best Practices

 

Are you still want to check your computer's friend?

Link to post
Share on other sites

Okay, let's start with your computer's friend.

Follow the steps below to run a new scan with Malwarebytes and DO NOT remove anything it finds.

  • Open Malwarebytes and check for updates;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on and leave all other settings to default.
  • On the left pane click on the Scan tab and select 'Threat Scan' and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your computer Desktop or other location you can find, and attach that log on your next reply.

Note: If Malwarebytes won't run for some reason, please let me know.

Next,

  • Download AdwCleaner and move it to your computer Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply.

Next,

  • Delete the current FRST.txt and Addition.txt files;
  • Right-click FRST.exe and select Run as administrator to run the tool;
  • Click Yes to accept the User Account Control that may appear;
  • When the tool opens click Yes to disclaimer;
  • Ensure the box for Addition.txt is check-marked;
  • Press the Scan button;
  • It will create two logs (FRST.txt and Addition.txt) in the same directory the tool is run;
  • Please attach the two logs in your next reply.

 

To summarize please attach:
Malwarebytes scan log.
AdwCleaner clean log.
FRST.txt and Addition.txt logs.

Thank you.

Rui

Link to post
Share on other sites

  • 1 month later...
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.