Jump to content

Recommended Posts

Hi,

I am having a problem with what appears to be hash miners or what ever running in the background.
I can see from the Performance Monitor that the CPU goes to about 50% use constantly (when PC is in idle), this drop down to less than 5% as soon as I open Task Manager. After closing Task  Manager a few moment later it happens again.

 

Windows Defender scanned and removed a HashMiner, However Malwarebytes can't find anything.

 

Any advice please on how to clear my system? Many thanks.

Link to post
Share on other sites

Looks like I have sorted the problem myself (not my first time dealing with this stuff)
I ran Malwarebytes and Windows Defender obv, then Kasperky... they didnt find anything.

I then moved on to ESET Online Scanner which indeed found the culprit: Win64/CoinMiner.AAP trojan
To be sure I ran MSERT after, that didnt find anything.

Checking performance monitor now shows a nice and low cpu usage during idle as expected.

I am not sure if there is anything else that needs to be done, I will leave that to your expertise :)
Thanks in advance for any help.

Link to post
Share on other sites

  • Root Admin

Okay, well I recently found another user with this infection too and it looks like ESET may not have removed all of it.

If you can please run the FRST tool and post back the logs I can check and see if it was fully removed for you.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you @JDog77

 

 

Link to post
Share on other sites

  • Root Admin

Hi @JDog77

Please open Malwarebytes, go to Settings, General or About and check for updates.

image.png

Then go to Settings, Security and enable your scan settings as shown and run a new scan and post back that new scan log.

image.png

 

Then also go ahead after that and run FRST and post back both new FRST and Additions.txt logs and I'll check to make sure if the issue is still there and if it is then I'll write a script to remove it.

Thanks

 

 

Link to post
Share on other sites

Hi, very Strange. I am unable to update Malwarebytes to your version.

Mine shows 4.1.2.73
Capture.JPG.4c103b82158cd49aa33457411855adbc.JPG
When I press update it says that it is up to date. So I deinstalled it and reinstalled it your website and it still doesnt go to version 4.2
Maybe that is how it is supposed to be, but I can't for some  reason get your version.

Running the scan now anyway.

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from.
NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real time antivirus or security software before running this script. Once completed make sure you re-enable it.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

 

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

 

Thanks

 

Link to post
Share on other sites

  • Root Admin

Yep, all good. It's gone now.

I'm way late getting to bed, but go ahead and run this tool and you can check for program updates for software on your computer. Just get the "Home" version download.

Patch My PC Home Updater
https://patchmypc.com/home-updater

 

I'll check back on you again tomorrow

Thank you again and have a great day

 

Link to post
Share on other sites

  • Root Admin

Excellent, glad to help. The closing speech will give a link to information on helping to keep your computer safe and increase your privacy online.  No need to rush to read it all but perhaps bookmark it and read as you have time.

Take care and stay safe out there, don't forget data backups 🙂

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.