Jump to content

Infected with miner & Agent

Recommended Posts

I've scanned my system 2 times with MBAM, followed by adw cleaner, followed by Rogue killer and finally Sophus Virus Removal Tool.

One of the scans of MBAM was a threat scan - the other was a full scan of both disks.

I'll be initiating a scan with ESET32 in the meantime.

There are still some files uncleaned from the bitcoin miner, like the mint.exe.

The folder with the .exe in question and various dll files is the following: C:\Users\Betrayed\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings

I believe everything in there is considered malicious.








Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.


Link to post
Share on other sites

I've uploaded the fixlog and the NOD32 online scanner log. The mint.exe in the Download folder was me copying it from the original folder destination ( C:\Users\Betrayed\AppData\Roaming\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings ) for easier time uploading it to virustotal.

Should I delete what's left of that destination/folder? I'm not sure if I'm clean so I'd love you to help me confirm that. Should I continue with scan logs of Rkill64, ComboFix and Spybot S&D?




Link to post
Share on other sites


Should I delete what's left of that destination/folder?

Yes you can delete it.

Your logs are clean.

For your peace of mind run this scan.

Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
Please post the contents of the log in your next reply and note any errors encountered.

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.