Jump to content

RiskWare.BitCoinMiner.COMSPECRST


Recommended Posts

Hey so MalwareBytes finds the PUP as listed in the subject line, but if I try to quarantine it, my computer shows a black screen after log-in with no taskbar/icons/desktop and only cmd prompt is visible. I tried removing it about three times and each time this happened and I had to perform a system restore. I've attached my logs any advice would be appreciated.

mbst-grab-results.zip

Link to post
Share on other sites

Hi,  BruceJ      :welcome:

My name is Maurice. I will be helping and guiding you, going forward on this case.

Let us begin ( as a first step) to get your pf to have the very latest version 3.8.3 for Malwarebytes for Windows.   The version it has now is a Old version 3.5.1

 

Please try uninstalling and reinstalling Malwarebytes for Windows using the Malwarebytes Support tool.

Uninstall and reinstall using the Malwarebytes Support Tool
https://support.malwarebytes.com/docs/DOC-2674

 

[ 2 ]

Lets do a cleanup of 2 not-needed auto-started settings on this machine.  One of them is about the "RiskWare.BitCoinMiner.COMSPECRST"

 

This custom script is for BruceJohnson   only.

 

Please Close and save any open work files before you start this next step.  It will involve a Windows Restart at the end of it.

I am sending a   custom Fix script which is going to be used by the FRSTENGLISH tool. They will both work together as a pair.

Please RIGHT-click the (attached file named) FIXLIST and select SAVE AS and save it directly ( as is) to the Downloads  folder

The tool named FRSTENGLISH.exe   tool    is already on the Downloads folder.

Start the Windows Explorer and then, open the Downloads folder.


Double click FRSTENGLISH

  to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.

 

FRST_Fixl.png.c4c1c0dddcc49b11fa400590f070bd5e.png

 

PLEASE have lots and lots of patience when this starts. You will see a green progress bar start. Lots of patience. Some machines take longer than others.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after restart.
When finished, the tool will make a log ( Fixlog.txt) in the same location from where it was run.

Please attach the FIXLOG.txt with your next reply

 

Let me know how things are after this.

 

Let me know after this has been done.   We can then proceed with other steps.

Fixlist.txt

Link to post
Share on other sites

That run was good.   Thanks for the log report.  I am glad to know things are normal.

Best wishes to you.

.

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

 

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.
 

 

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

 

Sincerely,

Maurice

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.