Jump to content

Recommended Posts

Please Execute Malwarebytes again.

If the BitconMiner items are still reported or not found it's probably S Sync issue with your brower and the other devices.

Your Default browser:  is Edge

Edge Syncing.
If the problem persists and you are Syncing Edge with other devices reset it.

How to:
https://www.tenforums.com/tutorials/36286-turn-off-sync-favorites-reading-list-microsoft-edge.html
===

Refer to this link and download the .reg file as suggested in section 3.


3. To Turn Off Sync Settings in Microsoft Edge

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Turn_Off_Sync_Favorites_and_Reading_List_in_Microsoft_Edge.reg

 Download


4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. If you like, you can delete the downloaded .reg file if you like.

When completed restart the computer normally.

Run Malwarebytes and if the problem persists please post the log created by MBAM.

If all is well you can reset the Sync if you want.


 

Link to post
Share on other sites


I did the procedure and uninstalled Edge for Chromium. I have just left Internet Explorer. 
But as soon as I rebooted windows, ESET detected this:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
15-09-20 12:33:52 PM;Real-time file system protection;file;C:\Windows\TEMP\Tmp6B5C.tmp;a variant of MSIL/CoinMiner.BFE trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred on a file modified by the application: C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (3FDA32D19C8A28483F662C7400B8B347B408D500).;3818A0E5EDAAC3B13FC9350E5AB5C16D764D561D;14-09-20 4:45:56 AM
15-09-20 12:33:52 PM;Real-time file system protection;file;C:\Windows\TEMP\Tmp6C67.tmp;a variant of MSIL/CoinMiner.BFE trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred on a file modified by the application: C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (3FDA32D19C8A28483F662C7400B8B347B408D500).;3818A0E5EDAAC3B13FC9350E5AB5C16D764D561D;14-09-20 4:45:56 AM

Could not be Sqlserver.exe the problem?

And Malwarebytes (Free Version, but i also have the paid version):
 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/15/20
Scan Time: 12:38 PM
Log File: 8e1b960e-f769-11ea-ac67-00ff3c9cab1e.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.29877
License: Free

-System Information-
OS: Windows Server 2012 R2
CPU: x64
File System: NTFS
User: \

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 347763
Threats Detected: 3
Threats Quarantined: 0
Time Elapsed: 2 min, 27 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 3
Hijack.BitCoinMiner.WMI, \\WIN-JMBU5F8K0NS\ROOT\subscription:__FilterToConsumerBinding.Consumer="\\\\.\\root\\subscription:ActiveScriptEventConsumer.Name=\"*****youmm_consumer\"",Filter="\\\\.\\root\\subscription:__EventFilter.Name=\"*****youmm_filter\"", No Action By User, 15180, 621747, , , , , , 
Hijack.BitCoinMiner.WMI, \\WIN-JMBU5F8K0NS\ROOT\subscription:__EventFilter.Name="*****youmm_filter", No Action By User, 15180, 621747, , , , , , 
Hijack.BitCoinMiner.WMI, \\WIN-JMBU5F8K0NS\ROOT\subscription:ActiveScriptEventConsumer.Name="*****youmm_consumer", No Action By User, 15180, 621747, 1.0.29877, , ame, , , 


(end)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.