Jump to content
Nandostar96

HELP WITH APPLICATION COINMINER.GE

Recommended Posts

Hello @Nandostar96

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Share this post


Link to post
Share on other sites

A few days ago, my bitdefender antivirus started detecting a threat named: application.coinminer.ge. The folder where the virus is located is C:\Users\USER\AppData\Local\Microsoft\Windows\INetCache\Low\IE. In this folder, the threat creates a folder with a file in it named stat[1].htm. - note the 1 is replaced by 2, then 3 and so on after each deletion by bitdefender. (I couldn't find out anything about this online.)

It keeps popping up about 5-10 times a day, at random times.

I tried deleting everything in the folder, which didn't help.

I am not sure if this is a false positive or a real miner, so i would like to receive some advice and help.

I do a scan report with    Malwarebytes Support Tool and i paste the zip file result

mbst-grab-results.zip

Edited by AdvancedSetup
corrected font issue

Share this post


Link to post
Share on other sites

Hello Nandostar96.

We have not heard back from you in several days.   If the pc has the same issue, do what follows.   It does not take a lot of time.


[ A  ]
Show all folders/files
What follows is a first step to have Windows 10 show all files and folder. Do not let this spook you out.
There is a how-to at Tenforums. Use either option one or two or three
https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

[  B  ]

Get to a Elevated Command-prompt window:
If your pc runs on Windows 7 or 8, see https://www.sevenforums.com/tutorials/783-elevated-command-prompt.html
Otherwise, for Windows 10
Select the Windows key and X key together, from the xmenu select Command Prompt (Admin)

[  C  ]
Then COPY the entire following line ( as is )  and then Paste it onto the Command prompt 

del /s /q C:\Users\%username%\AppData\Local\Microsoft\Windows\INetCache\low\IE\*.*

then tap the Enter-key.
This will delete all content of the INetCache\low\IE\  sub-folder

Know that the sub-folder Inetcache is just a temporary area for Internet Explorer browser

 

Please advise as to how things are at that point.

Cheers.

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.