OzWaz Posted October 20, 2018 ID:1276599 Share Posted October 20, 2018 After running Malwarebytes and Zemana programs I still have file identified as 'Trojan.BitCoinMiner' being quarantined on each successive scan after restarting the computer The file is identified as "mx_oc.dll" and is identified to be located at c\Program Files\Utilities\mx_oc.dll. Except is does not show up in Windows explored even when show "Hidden" is selected. How can this file be removed? Thanks Farbar scan results Attached FRST.txt Addition.txt Link to post Share on other sites More sharing options...
nasdaq Posted October 20, 2018 ID:1276659 Share Posted October 20, 2018 Hello, Welcome to Malwarebytes. I'm nasdaq and will be helping you. If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed. === Please download the attached Fixlist.txt file to the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted. Run FRST and click Fix only once and wait. The tool will create a log (Fixlog.txt) please post it to your reply. === If you are Syncing Firefox it with other Devices remove it.https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer When all is well you can re-sync your devices. NOT NOW. Restart the computer normally after the fix. Let me know if the problem persists. <<<>>> fixlist.txt Link to post Share on other sites More sharing options...
OzWaz Posted October 21, 2018 Author ID:1276761 Share Posted October 21, 2018 Thanks Nasdaq for a response and your assitance. I have complete the recommended program above Attached is the Fixlot.txt file- and a screen shot following the restart after running the "Fix" option. As you will see Malwarebytes has informing me the file is still sitting in the same folder. It has (again) been quarantined. Tried using Microsoft's Windows Malicious Software Removal Tool program but after 8 hours it has scanned 12% of my file - so I gave up. I DO really appreciate you efforts. Should I consider a complete reformat of the hard drive? Thanks Fixlog.txt Link to post Share on other sites More sharing options...
nasdaq Posted October 21, 2018 ID:1276830 Share Posted October 21, 2018 These attacks are stopped by Malwarebytes and you are notified accordingly in your System Tray. Check the Notifications settings. Change the setting Show Malwarebytes Notifications to Off Link to post Share on other sites More sharing options...
OzWaz Posted October 21, 2018 Author ID:1276926 Share Posted October 21, 2018 Thanks Nasdaq BUT.... The first scan by Malwarebytes picked up more malweare items than just BitCoinMiner. After deleting these files, (sent to 'quarantine'), none of then were shown in subsequent scans to be existing - EXCEPT BitCoinMiner. AND if BitCoinMiner files have been removed from the computer, how does Malwarebytes know what to display the message? - AND... The display message states "Malware blocked.....", not Malware residues left over from previous action, if as i think you are advising to just ignore the message by turning it off? How can I be confident that the file identified is no longer present on the computer? From what I have read about BitCoinMiner is consumes a lot of processing power in it's operation thus slowing down processing capacity. This was a feature that was present before the malware was discovered but still endures now (sometime reaching100% with no apparent and obvious reason [i.e. software demand]) despite having (apparently) removed that threat completely. I really appreciate the effort of Malwarebytes has made develop this software ans to help me to resolve my problem but I think 'turning off' notification is always a high risk action. Regards Warren Link to post Share on other sites More sharing options...
nasdaq Posted October 22, 2018 ID:1277012 Share Posted October 22, 2018 Hi, Try this. Open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:Scan for Rootkits Scan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows: Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Always detect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed.Click Export > From export you have two options: > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 14, 2018 Root Admin ID:1280924 Share Posted November 14, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts