Jump to content
Velja89

BitCoinMiner malware wont go away after being manually deleted

Recommended Posts

Hi, recently i have been annoyed by this pop up(picture below) a lot, i tried deleting it in Windows Safe mode but it keep coming back in different folder. Now strange thing is malwarebytes keep detecting it and quarantine it but every time i turn my pc on, he is back. I do get performance issues, but strangely  others malware products such as "zemana" and "Hitmanpro" never detects it. Another things that i dont understand is both of those two detect "syswow64" but malwayrebytes dont (syswow64 keeps getting delete every time and every time i turn my pc on he is back, same as bitcoinminer thing). I dont want to do fresh windows reinstall. Please help. 

Bitocin.JPG

Share this post


Link to post
Share on other sites
Hello Velja89 and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

Hi, yes i do use Malwarebytes as my main protection but i installed those two just to see if they cant detect something more or less.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/24/18
Scan Time: 9:40 PM
Log File: 49cf1d6f-47f7-11e8-9d99-fcaa142d1d00.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4862
License: Trial

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: DESKTOP-B53ND1E\Velja

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329574
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 2 min, 25 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.BitCoinMiner, C:\USERS\VELJA\APPDATA\LOCAL\EXPLORER DATA\000001N.ZIP, Quarantined, [912], [467508],1.0.4862

Physical Sector: 0
(No malicious items detected)


(end)

 

---------------------------------------------------------------------------------------------------------------------------------------------------

 

Can you tell me why Malwarebytes cant detect SysWOW64 but HitmanPro can ? (as seen on picture below)hitmanpro.JPG.5f9784ffc3a6ae4af00edf8f156f65a1.JPGHitmanpro1.JPG.0221b5b1d249cc473e935655b84d46cd.JPG

 

Addition.txt

Share this post


Link to post
Share on other sites

SysWOW64 is a Windows system folder... Can you post the primary log from FRST, "FRST.txt" logs are saved here: C:\FRST\Logs

Share this post


Link to post
Share on other sites

HunterPro and zemana. Like i said Malwarebytes is my main product that i use. Any way, do you think i  can delete bitcoinminer for ever or it will keep coming back? :(

Edited by Velja89

Share this post


Link to post
Share on other sites

Thanks for the update, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.

If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete.....

Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....
The Virus Removal Tool scans the following areas of your computer:
  • Memory, including system memory on 32-bit (x86) versions of Windows
  • The Windows registry
  • All local hard drives, fixed and removable
  • Mapped network drives are not scanned.



Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin..

fixlist.txt

Share this post


Link to post
Share on other sites

Malwarebytes will run OK with BitDefender as far as i`m aware... i do not use it myself, my own set up follows:

Windows own Firewall - http://www.thewindowsclub.com/how-to-configure-windows-7-firewall (is marked as 7 but refers to 10 also)

Windows Defender - https://www.howtogeek.com/220232/how-to-use-the-built-in-windows-defender-antivirus-on-windows-10/

Malwarebytes Premium - https://www.malwarebytes.com/premium/ Works very well with Defender.. Obviously the paid for version is required for realtime protection.

UnChecky - https://unchecky.com/ helps to stop unwanted extras when installing certain free software..

Panda USB Vaccine - https://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/ Protectes your system when USB devices are plugged in...

uBlock Origin for my Browsers: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en

All the above are free except for Malwarebytes Premium.....

Share this post


Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 7.1.0.0
# -------------------------------
# Build:    04-12-2018
# Database: 2018-04-24.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-24-2018
# Duration: 00:00:07
# OS:       Windows 10 Pro
# Scanned:  40722
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S08].txt ##########
 

 

 

 

 

 

 

 

 

 

THe Sophos is ongoing and it will take few hours, when its done i am going to post it

Fixlog.txt

Edited by Velja89

Share this post


Link to post
Share on other sites

Thanks for the logs and update. Yes Sophos is very thorough so can take awhile to complete... Post the log whenever ready, also let me know if there are any remaining issues or concerns...

Share this post


Link to post
Share on other sites

and its finished, this is the result

--------------------------------------------------------------------------------------------------

 

2018-04-24 21:54:37.364    Sophos Virus Removal Tool version 2.6.1
2018-04-24 21:54:37.364    Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2018-04-24 21:54:37.364    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2018-04-24 21:54:37.364    Windows version 6.2 SP 0.0  build 9200 SM=0x100 PT=0x1 WOW64
2018-04-24 21:54:37.364    Checking for updates...
2018-04-24 21:54:37.379    Update progress: proxy server not available
2018-04-24 21:54:44.767    Option all = no
2018-04-24 21:54:44.767    Option recurse = yes
2018-04-24 21:54:44.767    Option archive = no
2018-04-24 21:54:44.767    Option service = yes
2018-04-24 21:54:44.767    Option confirm = yes
2018-04-24 21:54:44.767    Option sxl = yes
2018-04-24 21:54:44.770    Option max-data-age = 35
2018-04-24 21:54:44.770    Option vdl-logging = yes
2018-04-24 21:54:44.777    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2018-04-24 21:54:44.777    Machine ID:    80417943a926460f9c7e36320dcdbdc6
2018-04-24 21:54:44.778    Component SVRTcli.exe version 2.6.1
2018-04-24 21:54:44.778    Component control.dll version 2.6.1
2018-04-24 21:54:44.778    Component SVRTservice.exe version 2.6.1
2018-04-24 21:54:44.778    Component engine\osdp.dll version 1.44.1.2286
2018-04-24 21:54:44.778    Component engine\veex.dll version 3.68.6.2286
2018-04-24 21:54:44.778    Component engine\savi.dll version 9.0.7.2286
2018-04-24 21:54:44.778    Component rkdisk.dll version 1.5.31.1
2018-04-24 21:54:44.778    Version info:    Product version    2.6.1
2018-04-24 21:54:44.780    Version info:    Detection engine    3.68.6
2018-04-24 21:54:44.780    Version info:    Detection data    5.46
2018-04-24 21:54:44.780    Version info:    Build date    11/28/2017
2018-04-24 21:54:44.780    Version info:    Data files added    746
2018-04-24 21:54:44.780    Version info:    Last successful update    (not yet updated)
2018-04-24 21:54:55.283    Downloading updates...
2018-04-24 21:54:55.284    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.data0910.xml: found supplement IDE547 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE547 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE547 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.data0910.xml: found supplement IDE548 LATEST path= baseVersion= [included from product IDE547 LATEST path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE548 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE548 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.data0910.xml: found supplement IDE549 LATEST path= baseVersion= [included from product IDE548 LATEST path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE549 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE549 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.data0910.xml: found supplement IDE550 LATEST path= baseVersion= [included from product IDE549 LATEST path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE550 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE550 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.data0910.xml: found supplement IDE551 LATEST path= baseVersion= [included from product IDE550 LATEST path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE551 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE551 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I49502] sdds.data0910.xml: found supplement IDE552 LATEST path= baseVersion= [included from product IDE551 LATEST path=]
2018-04-24 21:54:55.284    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE552 LATEST path=
2018-04-24 21:54:55.284    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE552 LATEST path=
2018-04-24 21:54:55.285    Update progress: [I49502] sdds.data0910.xml: found supplement IDE553 LATEST path= baseVersion= [included from product IDE552 LATEST path=]
2018-04-24 21:54:55.285    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE553 LATEST path=
2018-04-24 21:54:55.285    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE553 LATEST path=
2018-04-24 21:54:55.285    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2018-04-24 21:54:56.228    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2018-04-24 21:54:56.228    Update progress: [I19463] Product download size 178991033 bytes
2018-04-24 21:54:59.117    Update progress: [I19463] Syncing product IDE547 LATEST path=
2018-04-24 21:54:59.117    Update progress: [I19463] Product download size 4521286 bytes
2018-04-24 21:54:59.792    Update progress: [I19463] Syncing product IDE548 LATEST path=
2018-04-24 21:54:59.792    Update progress: [I19463] Product download size 3541768 bytes
2018-04-24 21:55:00.401    Update progress: [I19463] Syncing product IDE549 LATEST path=
2018-04-24 21:55:00.401    Update progress: [I19463] Product download size 4830037 bytes
2018-04-24 21:55:01.020    Update progress: [I19463] Syncing product IDE550 LATEST path=
2018-04-24 21:55:01.020    Update progress: [I19463] Product download size 2760469 bytes
2018-04-24 21:55:01.255    Update progress: [I19463] Syncing product IDE551 LATEST path=
2018-04-24 21:55:01.255    Update progress: [I19463] Product download size 2676611 bytes
2018-04-24 21:55:04.246    Update progress: [I19463] Syncing product IDE552 LATEST path=
2018-04-24 21:55:04.246    Update progress: [I19463] Product download size 506870 bytes
2018-04-24 21:55:05.979    Update progress: [I19463] Syncing product IDE553 LATEST path=
2018-04-24 21:55:06.012    Installing updates...
2018-04-24 21:55:06.614    Error level 1
2018-04-24 21:55:10.610    Update successful
2018-04-24 21:55:19.292    Option all = no
2018-04-24 21:55:19.292    Option recurse = yes
2018-04-24 21:55:19.292    Option archive = no
2018-04-24 21:55:19.292    Option service = yes
2018-04-24 21:55:19.292    Option confirm = yes
2018-04-24 21:55:19.292    Option sxl = yes
2018-04-24 21:55:19.295    Option max-data-age = 35
2018-04-24 21:55:19.295    Option vdl-logging = yes
2018-04-24 21:55:19.303    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2018-04-24 21:55:19.303    Machine ID:    80417943a926460f9c7e36320dcdbdc6
2018-04-24 21:55:19.303    Component SVRTcli.exe version 2.6.1
2018-04-24 21:55:19.303    Component control.dll version 2.6.1
2018-04-24 21:55:19.303    Component SVRTservice.exe version 2.6.1
2018-04-24 21:55:19.303    Component engine\osdp.dll version 1.44.1.2286
2018-04-24 21:55:19.304    Component engine\veex.dll version 3.68.6.2286
2018-04-24 21:55:19.304    Component engine\savi.dll version 9.0.7.2286
2018-04-24 21:55:19.304    Component rkdisk.dll version 1.5.31.1
2018-04-24 21:55:19.304    Version info:    Product version    2.6.1
2018-04-24 21:55:19.305    Version info:    Detection engine    3.68.6
2018-04-24 21:55:19.305    Version info:    Detection data    5.46
2018-04-24 21:55:19.305    Version info:    Build date    11/28/2017
2018-04-24 21:55:19.305    Version info:    Data files added    830
2018-04-24 21:55:19.305    Version info:    Last successful update    4/24/2018 11:55:10 PM

2018-04-24 22:31:07.849    Could not open C:\hiberfil.sys
2018-04-24 22:37:01.699    Could not open C:\swapfile.sys
2018-04-24 22:37:17.841    Could not open C:\Users\Velja\AppData\Local\Google\Chrome\User Data\Default\Current Session
2018-04-24 22:37:17.841    Could not open C:\Users\Velja\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2018-04-24 22:41:51.638    Could not open C:\Windows\System32\config\BBI
2018-04-24 22:41:51.651    Could not open C:\Windows\System32\config\DRIVERS
2018-04-24 22:41:51.657    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2018-04-24 22:41:51.658    Could not open C:\Windows\System32\config\RegBack\SAM
2018-04-24 22:41:51.658    Could not open C:\Windows\System32\config\RegBack\SECURITY
2018-04-24 22:41:51.659    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2018-04-24 22:41:51.660    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2018-04-24 22:57:05.988    >>> Virus 'Mal/Generic-S' found in file F:\Download Igre\3DMGAME-Dishonored.2-3DM\Dishonored2\stp-dh2.exe
2018-04-24 22:57:05.989    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2018-04-24 22:57:05.989    >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2018-04-24 23:06:59.904    Could not open LOGICAL:0006:00000000
2018-04-24 23:06:59.907    Could not open G:\
2018-04-24 23:07:00.274    The following items will be cleaned up:
2018-04-24 23:07:00.274    Mal/Generic-S
 

Share this post


Link to post
Share on other sites

What exactly do you get, is there a log or screen shot to show what is happening..

Share this post


Link to post
Share on other sites

What is blocking Advanced System Care, is it Malwarebytes...?

What do you see to show bitcoin..?

Share this post


Link to post
Share on other sites

yes malwarebytes is blocking advance system care ( i cant install it) and for the bitcoin this, this moring was here and now when i scan its not, so i am hella confused

Edited by Velja89

Share this post


Link to post
Share on other sites

A few years back Malwarebytes was supposedly exploited by I0bit, Advanced System Care developers. As the developers where based in China it was difficult to get any responses back from them...

As far as i`m aware I0Bit software is now trusted and used by many, i`m not sure why that software is still targeted MB. If you know and trust such software I suppose you will need to add it as an exclusion into MB..

If you still believe your system is exploited run the following:

Download RogueKiller and save it on your desktop, ensure to download correct version..

RogueKiller (X86)

RogueKiller (x64)
 
  • Exit all running applications.
  • Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue.
  • If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon.
  • Click "Start Scan" to begin the analysis. This may take some time.
  • Once the scan is complete, click the "Open TXT" button to display the scan report.
  • Copy/Paste it's content in your next reply.

Do not use the Remove Selected option until i`ve had a look at the log..

Thank you,

Kevin

Share this post


Link to post
Share on other sites

RogueKiller V12.12.14.0 (x64) [Apr 23 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Velja [Administrator]
Started from : C:\Users\Velja\Downloads\RogueKiller_portable64.exe
Mode : Scan -- Date : 04/25/2018 19:27:16 (Duration : 00:26:23)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2324433294-2544714325-2939538662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2324433294-2544714325-2939538662-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP.Gen0][File] C:\Windows\SECOH-QAD.exe -> Found
[PUP.uTorrentAds][File] C:\Users\Velja\AppData\Roaming\uTorrent\updates\3.5.0_44050\utorrentie.exe -> Found
[PUP.HackTool][Folder] C:\Program Files\KMSpico -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1ER164 +++++
--- User ---
[MBR] 292dd6a4346cdff1c1d46536da51a4b7
[BSP] e03b81dd31a8cda194b5cded272bc6c3 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1249282048 | Size: 1297727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: CT250BX100SSD1 +++++
--- User ---
[MBR] cf427fbfa987ca038dda3a4a5e5ae52b
[BSP] 63786a92ea3ee08448f4a2cd989c933a : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 236619 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 484804608 | Size: 863 MB
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 486574080 | Size: 888 MB
User = LL1 ... OK
User = LL2 ... OK

Share this post


Link to post
Share on other sites

That log is clean, the registry entries are inert, the files 1 and 3 are for KMSpico, you`ll know about those and file 2 is torrent software...

Do you still believe your system still has bitcoin problems...?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.