Jump to content

Riskware.Bitcoin_miner always show plus some auto keys press


Recommended Posts

I infected with Riskware.Bitcoin_miner they successfull detected and quarantine with Malwarbytes but keep come back after my PC startup, detect and success quarantine but keep appears again. And plus on some Key such F7/F3 aor TAB key keep auto press that I don't know What program or malware is working on. That special keys press when using terminal console or using Microsoft Word 2013.

Please help me to resolve this.Regars

Here is my addtion.txt  and FRST.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Let me know what problem persists.

fixlist.txt

Link to post
Share on other sites

I had follow your instruction. But keep exist file / folder that had been detect as Riskware.Bitcoin_miner as I  upload below, also send fixlog.txt file that you want.

The weird is my keyboard after scan with Malwarebytes at few minutes keep press TAB key or when I'm using console terminal press Key Function 7 (F7). If auto Tab running. Keyboard key Tab is lock by that trojan/riskware. This when I post the replay key Tab, Ctrl + Back Arrow (<--), Shift + Back Arrow (<--),  still not active.  I made screen recording when I write this replay

Fix is still not working

 

 

 

Fixlog.txt

after-restart still exist.PNG

virus-riskware_bitcoin.PNG

RecordingScreen-activity-WeirdKeyboard.zip

on-AppDataLocal.PNG

Link to post
Share on other sites

Hi,

This could be a Syncing issue if you are Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

Is MBAM reporting these again?

Link to post
Share on other sites

Yes, MBAM still reporting these again after I follow that link to off synchronize but still detect Riskware other tool I using Microsoft Essential Tool detect it's trojan  as picture I send

I send folder that MBAM report for analize forward. also screenshoot that weird keyboard is running on consoleI 

I realy need help MBAM to solve this and give update some update virus/malware definition to solve this.

 

Regards

aneh keyboard.PNG

EpicNet Inc.zip

EpicNet Inc-AppDataRoamin.zip

trojan.PNG

Link to post
Share on other sites

Hi,

Try this.

This could be a Syncing issue if you are Syncing Chrome with other devices?
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>

How is it now?

Link to post
Share on other sites
  • 4 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.