Forgot your password?
amhaiche97, July 8, 2019 in Resolved Malware Removal Logs
That log is from Windows in Normal mode... I wanted a scan completing from recovery environment.. Can you read reply #25 again please..
take it bro.
did you find something ??
Aologies have been stuck at airport, went to pick daughter up and flight was delayed. Am looking over log now..
Unfortunately there is still nothing obvious showing in that log... What is the following software used for:
SMADAV version 12.4.1
it's a usb scanner ! but the last fixlist didn't fix nothing ! it gives error !
From what I undestand the problem inhand is related to and instigated by a Browser extension. Malwarebytes removes the following entries:
RiskWare.BitCoinMiner, C:\Users\Binfo\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe, En quarantaine, , ,1.0.11522
RiskWare.BitCoinMiner, C:\Users\Binfo\AppData\Roaming\EpicNet Inc\CloudNet, En quarantaine, , ,1.0.11522
RiskWare.BitCoinMiner, C:\USERS\BINFO\APPDATA\ROAMING\EPICNET INC, En quarantaine, , ,1.0.11522
RiskWare.BitCoinMiner, C:\Users\Binfo\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe\Protection Dir, En quarantaine, , ,1.0.11522
RiskWare.BitCoinMiner, C:\Users\Binfo\AppData\Local\EpicNet Inc\CloudNet\cloudnet.exe, En quarantaine, , ,1.0.11522
RiskWare.BitCoinMiner, C:\Users\Binfo\AppData\Local\EpicNet Inc\CloudNet, En quarantaine, , ,1.0.11522
RiskWare.BitCoinMiner, C:\USERS\BINFO\APPDATA\LOCAL\EPICNET INC, En quarantaine, , ,1.0.11522
Unfortunately after a system restart those entries return, if as reported on several reputable sites they are related to malicious extension we need to sort that out first... Chrome is your default browser so lets temporarily turn off all extensions:
Run Malwarebytes threat scan and remove all found entries. Run Hitman Pro and remove all found entries. reboot after each scan if required.
Does the issue return..?
yes it returns 😔 ,
Buggerrrrrrrrrrrr. run this please...
Does a threat scan with Malwarebytes pick the issue up still..?
yes ,it returns after each robot !
as u see , i ve posted two scans , with MBAR , it detect the same issues , and also malwarebites , what can i do now bro ?
We are not finding the loader, from google investigations the root cause is usually identified as a browser extension. MB removes the infection, but that returns on reboot, to me that seems to be another type of loader is doing the infection reload...
To remove browser extension issues Avast have a deicated tool, download to your Desktop and give that a try. Let me know if it finds anything. Make sure browsers are closed when you run the tool..
The download is under the main GUI example...
If that finds nothing try TDSSKiller, see if that identifies any possibilities...
it always return , but i think that i found smtg , by TDSS Killer , and it also return in the two last rebot .
Thanks for those logs, are you saying that the infection still returns after TDSSKiller has deleted found entries...?
Let me see more logs please..
Again no conclusive information from those logs.. I ask you earlier about this software: SMADAV version 12.4.1 I assume from your reply that you know of that software and trust it...?
I see from FRST logs that SMADAV starts at boot...
HKLM-x32\...\Run: [SMΔRT-Protection] => C:\Program Files (x86)\Smadav\SMΔRTP.exe [1973328 2019-06-12] (Smadsoft) [Fichier non signé]
I also see from Addition.txt log that Windows Defender has flagged that software as malicious
ok , i will unstall it , and we will see if it returns.
brother , you are genius , Thank you so much 👌 , best expert.
Do you recall where you d/l that software from..?
If you have no remaining issues or concerns continue to clean up;
Glad we could help.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.
No registered users viewing this page.