Jump to content
mrmrt

remove trojan xmr.omine.org

Recommended Posts

Hello. I clicked on a dodgy link and have been plagued with a Bitcoin miner. It disabled my security updates, my Windows updates, and my Antivirus software. I did a reset but kept my personal files as I had some projects I could not lose. I removed the BitCoinMiner.Trojan before resetting. I Have run scans with Avast, AVG, Malwarebytes, tdskiller, and gmer.exe. I have a popup that comes up every time I open chrome saying blocked trojan xmr.omine.org. Just want to get rid of this. I'd appreciate any info on how the analysis into the problem is conducted using these files so if this happens again I can try and do some analysis myself. I am interested in Security and malware analysis. Just was pretty stupid clicking something I knew was dodgy AF.

Addition.txt

FRST.txt

Malwarescan.txt

Share this post


Link to post
Share on other sites

Hello mrmrt and
:welcome:

The issues appear to be only happening with Chrome.
We will need to create new profile.

If you have Chrome Bookmarks that you want to save, you want to do that first.
Export / Import Bookmarks.

https://support.google.com/chrome/answer/96816?hl=en

Open your Chrome on all devices using Chrome as we need to make sure Chrome sync doesn't allow it back in.

• Go to Settings > People > Sync (or alternatively, enter the following in the address bar: chrome://settings/syncSetup)

• On the page, you'll see what synced data is enabled. Move all sliders to the left in order to disable all the syncing.

Please make sure Chrome is closed before running the fix

Keep in mind the fix requires a restart of the computer

 

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

fixlist.txt

Share this post


Link to post
Share on other sites

Hello I restarted my machine and the message is still popping up. Also my machine seems to be running slower than usual

Share this post


Link to post
Share on other sites

Sorry just to double check. How do I create a new profile? Will I never be able to sync again with my current gmail account?
 

Share this post


Link to post
Share on other sites


Download and run Chrome Cleaner
https://chrome.google.com/webstore/detail/chrome-cleaner/lbpddeimojmbpkbfckjpnbpehgnbpnnl?hl=en

If that didn't work:

1.On your computer, open Chrome.
2.At the top-right, click More.
3.Click More tools and then Clear browsing data.
4.At the top, choose a time range. To delete everything, select All time.
5.Next to 'Cookies and other site data' and 'Cached images and files', tick the boxes.
6.Click Clear data.

Open your Chrome on all devices using Chrome

• Go to Settings > People > Sync  disable all the syncing.

Close the Chrome browser

Run new Malwarebytes scan, quarantine whats found, restart the computer and run a new scan to make sure they're gone.

Share this post


Link to post
Share on other sites

So after running Maylwarebytes it did not find anything. Im still getting the popup saying its blocking xmr.omine.org.

Share this post


Link to post
Share on other sites

 

 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

Download Malwarebytes Support Tool
https://downloads.malwarebytes.com/file/mbst?src=Forums-Reply

    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

Share this post


Link to post
Share on other sites

The issues appear to be only happening with Chrome.
We will need to create new profile.

If you have Chrome Bookmarks that you want to save, you want to do that first.
Export / Import Bookmarks.

https://support.google.com/chrome/answer/96816?hl=en

Open your Chrome on all devices using Chrome as we need to make sure Chrome sync doesn't allow it back in.

• Go to Settings > People > Sync (or alternatively, enter the following in the address bar: chrome://settings/syncSetup)

• On the page, you'll see what synced data is enabled. Move all sliders to the left in order to disable all the syncing.

Please make sure Chrome is closed before running the fix

Keep in mind the fix requires a restart of the computer

 

I have attached A file I need you to download and save it to the same place that you saved the FRST program

Download attached **fixlist.txt** and save it to same location where the FRST tool is located.

NOTE: Both FRST.exe and the fixlist.txt must be in the same location or the fix will not work.
Close all browsers before running.

Double click FRST to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
 •Click the **Fix Button**.
 
•If you receive a message that a reboot is required, please make sure you allow it to restart normally.

•The tool will complete its run after restart.

When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please attach the Fixlog.txt in your reply.

Restart the pc and let me know how it's running now.

 

fixlist.txt

Share this post


Link to post
Share on other sites

Okay cool. Can I renable sync or not? it seems okay so far :) 

Share this post


Link to post
Share on other sites

Yes you can enable sync.

 

I'm happy to have helped and glad this is resolved. As there are no other issues which need addressing we can now close this ticket.
 

Help Secure your browsers

Please install uBlock Origin for your browsers to better protect your system

FireFox, Chrome, and Safari 
Opera
Microsoft Edge

AdBlock for Internet Explorer

Follow-up Reading

Cryptolocker Ransomware: What You Need To Know
Scams: Tech Support Scams 
PC Safety: Seven tips to keep your PC safe

 

Thank you for choosing Malwarebytes
Peace Be With You

Share this post


Link to post
Share on other sites

It has not been removed. Avast and Malwarebytes have blocked it again. I followed your above instructions and still have not enabled sync.

Share this post


Link to post
Share on other sites

Open Malwarebytes > History > Application Logs
Double Click the **Protection log** to open it
On the lower left select **Export** > Export to Text

Save as mbamscan and Save it to your desktop
Attach the mbamscan text file in your next reply.

Share this post


Link to post
Share on other sites

I'll need to post this next month as I am a student only starting work in feb and do not have premium just yet.

Share this post


Link to post
Share on other sites

I'll need new logs

Double-click mb-support-X.X.X.XXXX.exe to run the program
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Click the Advanced tab

Click the Gather Logs button

A progress bar will appear and the program will proceed with getting logs from your computer

Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK

Please attach the file in your next reply.

Share this post


Link to post
Share on other sites

MBAM is doing it's job by blocking.

Not sure what website you're visiting to cause that block.

Can you install Ublock for Chrome?

 

Please install uBlock Origin for your browsers.

uBlock Origin For Fire Fox, Chrome and Safari

https://www.ublock.org/

 

Share this post


Link to post
Share on other sites

Okay cool thanks. It happens when I try and go onto any website. Here is an example. Im trying to buy an ebook off Cengagebrain.co.uk

 

cengage.PNG

Capture.PNG

Share this post


Link to post
Share on other sites

Try another browser like FireFox and see if you see that same blocks.

If so, it's the sites you're going to.

Share this post


Link to post
Share on other sites

Using Firefox I dont get any issues. Using different internet access Chrome is not giving me an issue anymore. Is it possible that the virus is affecting the router?

Share this post


Link to post
Share on other sites

yes that is always possible.

Let’s try to reset the router to its default configuration.

This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.

Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

You also need to reconfigure any security settings you had in place prior to the reset.

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

Next:

You might need elevated privileges

Open the Start Menu, (Windows Globe) click on All Programs > Accessories >, right click on Command Prompt, and click on Run as administrator.

In the command prompt window that opens, copy / paste or type the following commands:

Note the spaces between G / it needs to be there.

Click the Microsoft Start logo in the bottom left corner of the screen Type CMD and click Ok.

The MSDOS Window will be displayed. At the command prompt, copy / paste or type the following and press Enter after each line:

IPCONFIG /release

IPCONFIG /flushdns

IPCONFIG /renew

IPCONFIG /registerdns

netsh winsock reset

netsh int ip reset

regsvr32 netshell.dll

regsvr32 netcfgx.dll

regsvr32 netman.dll

Type in Exit


Restart the computer.

 

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.