Jump to content

Recommended Posts

After running Malwarebytes and Zemana programs I still have file identified as 'Trojan.BitCoinMiner' being quarantined on each successive scan after restarting the computer

The file is identified as "mx_oc.dll" and is identified to be located  at c\Program Files\Utilities\mx_oc.dll. Except is does not show up in Windows explored even when show  "Hidden" is selected.

How can this file be removed?

Thanks

Farbar scan results Attached

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If you are Syncing Firefox it with other Devices remove it.
https://support.mozilla.org/en-US/kb/how-do-i-set-sync-my-computer

When all is well you can re-sync your devices. NOT NOW.

Restart the computer normally after the fix.

Let me know if the problem persists.
<<<>>>

fixlist.txt

Link to post
Share on other sites

Thanks Nasdaq for a response and your assitance.

I have complete the recommended program above

Attached is the Fixlot.txt file-  and a screen shot following the restart after running the "Fix" option.

As you will see Malwarebytes has informing me the file is still sitting in the same folder. It has (again) been quarantined.

Tried using Microsoft's Windows Malicious Software Removal Tool program but after 8 hours it has scanned 12% of my file - so I gave up.

I DO really appreciate you efforts. Should I consider a complete reformat of the hard drive?

Thanks

 

Trojan 21-10-18.png

Fixlog.txt

Link to post
Share on other sites

Thanks Nasdaq BUT....

The first scan by Malwarebytes picked up more malweare items than just BitCoinMiner. After deleting these files, (sent to 'quarantine'), none of then were shown in subsequent scans to be existing - EXCEPT BitCoinMiner. AND if BitCoinMiner files have been removed from the computer, how does Malwarebytes know what to display the message? - AND...

The display message states "Malware blocked.....", not Malware residues left over from previous action, if as i think you are advising to just ignore the message by turning it off?

How can I be confident that the file identified is no longer present on the computer?

From what I have read about BitCoinMiner is consumes a lot of processing power in it's operation thus slowing down processing capacity. This was a feature that was present before the malware was discovered but still endures now (sometime reaching100% with no apparent and obvious reason [i.e. software demand]) despite having (apparently) removed that threat completely.

I really appreciate the effort of Malwarebytes has made develop this software ans to help me to resolve my problem but I think 'turning off' notification is always a high risk action. 

Regards

Warren  

Link to post
Share on other sites

Hi,

Try this.
Open Malwarebytes Anti-Malware.

On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:
Scan for Rootkits
Scan within Archives

Scroll further to Potential Threat Protection make sure the following are set as follows:

Potentially Unwanted Programs (PUP`s)        set as :- Always detect PUP`s (recommended)
Potentially Unwanted Modifications (PUM`s)  set as :- Always detect PUM`s (recommended)

Click on the Scan make sure Threat Scan is selected,

A Threat Scan will begin.

When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

If asked to restart your computer to complete the removal, please do so

When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

Click on the Reports tab > from main interface.
Double click on the Scan log which shows the Date and time of the scan just performed.
Click Export > From export you have two options: > From export you have two options:
  Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

 

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.