Jump to content

Trojan.bitcoinminer


Recommended Posts

Hi. I am not very good with computers. I have had this computer for 3 years. Around June of last year i got infected somehow and since then i have stayed infected but i guess i didnt know how to deal with it. Today i got malware bytes and it confirmed the infections 

https://i.imgur.com/9xLS5fl.png

there is a screenshot of my infections currently on my pc. I have quarantined them 4 times now, and each time i restart my computer they return somehow. I do not understand why or how. I dont know much about computers I just like social media and videogames. Youtube and discord mostly and videogames from xbox gamepass and steam and epic store. I think i know wher the viruses came from but i dont know for sure sinc ei am not 100% sure when they got here. I think they are somehow installed within something outside of windows itself and they reinstall themselve every time i restart my computer. I can get malwarebytes to say they are removed completely and then when i restart they are back again. Im not sure how this could be possible but it is what it looks like to me. Just before the scan i showed the screnshot above of, i had scanned and quaratnined the threats twice in a row, and then the second scan showed 0 threats, then i restarted to make sure and lo and behold, they are surely back!

 

please help and please understand i dont really know what all im doing here but im doing my best ...  im including my malwarebytes log thats the only log i know how to include so far... its the log from the same scan up above in the screenshot. 

malwarebyteslog.txt

Link to post
Share on other sites

Hello     :welcome:

 

I would like you to do a new scan with Malwarebytes for Windows.  One of the major goals here is to have it remove all that it detects.  If it finds anything that is.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
 

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".
You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.
Next click the blue button marked Scan.
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
You can actua;ly click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

Then click on Quarantine selected.
Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

Link to post
Share on other sites

OK those settings are already on but i did a scan again, and this time it restarted when i quarantined but froze during the restart so i dont know if it did it right or not!

https://i.imgur.com/CapXuB3.png 

here is the report from that scan. I am going to do another scan to see if they still show up after the 'reboot' (even though it froze and i had to hard reboot my pc... :( )

2malwarebytesreportAFTERREBOOT.txt

Link to post
Share on other sites

Thanks very much for the new Scan report from Malwarebytes for Windows.   You did fine.   This time all items were removed to Quarantine.

The issue is gone.

The internet message 404 is most likely very local to one of your web browsers.  It can be temporary.  No, it is not some indicator of other infection.

.

There is another tool I would suggest that you run just one time.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.
Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.
Adwcleaner  detects factory Preinstalled applications too! 

Please download  Malwarebytes AdwCleaner https://downloads.malwarebytes.com/file/adwcleaner


 
Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.
At the prompt for license agreement, review and then click on I agree.

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).
Then click on Dashboard button.
Click the blue button "Scan Now".

allow it a few minutes to finish the Scan.   Let it remove what it finds.
NOTE:  When it comes to the section "
Pre-installed applications

You can skip that.
Please find and send the Adwcleaner "C" clean report.
In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".
Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs
Thanks.  Keep me advised.
 

Link to post
Share on other sites

Hi. Sorry about the delay life had me busy.. 

SO it was totally cleaned out and then i restarted to make sure..

 

and when i start the computer this command prompt exe pops up. i am not sure on the name but its like win/system32/schtasks i think ? pops up and it stays up for a long time without showing anything its doing and i think

that its downloading the malware again and starting it up!!! every time i restart...

through windows task scheduling? 

 

which i cant figure out how to access to look at... 

its really slippery crap this nonsense... i really dont want to fresh install windows 10 :( so so many games would have to be redownloaded..

plus all my pictures :(

here included is the log from the latest scan where 4 threats (the same 4) were found active after a restart. 

 

 

NOW WAIT A MINUTE

WAIT A GOSH DARN MINUTE LOL

ok usin ccleaner tools startup section

i found ""soundbassinit" in the tasks section

GxZrpag.png 

oh my gosh i disabled them both and i am now looking through here to see which other ones seem super fishy. can you recognize anything as fake/fishy in this list? Please let me know if you can, but the malware is found on "soundbassinit" in the malwarebytes scan!!! i think i figrued out the taks that keeps redownloading the malware! hahahahaahahaha :D

 

im still ofc going ot restart after the quarantine to test it :D but hey, i think that ws the problem!!! 

 

malwarebyteslog attatched

 

3malwarebytesreport.txt

Link to post
Share on other sites

Good morning.    Lets please be careful  & do things with lot more attention.   This last scan shows items were NOT dealt with.

I need you to do a new scan with Malwarebytes for Windows.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

 

[     2     ]      NEXT I also need for you to provide a report for analysis & review.

In this here, it is important that you saved FRST64   to the Downloads folder.

I would like to have you run a report tool known as FRST. This has no personal information. It is a well-known & widely used &safe.
FRST will help provide me with a list of installed programs and other information about your computer that will help me see if there are any other problems that are not being detected. Please follow the steps below to run FRST64.


1: Please download FRST64 from the link below and save it to your desktop:

"Download link for 64-Bit Version Windows"

Please wait and look toward the top or bottom of your browser for the option to Run or Save.
Click Save to save the file 

Run report with FRST64

Right-click on FRST icon and select Run as Administrator to start the tool , and reply YES to allow it to proceed and run.


_Windows 8 or 10 users will be prompted about Windows *SmartScreen protection* - click line More info information on that screen and click button Run anyway on next screen._
Click YES when prompted by Windows U A C prompt to allow it to run.
Note: If you are prompted by Windows SmartScreen, click More info & followup & choose Run anyway.


Approve the Windows UAC prompt on Windows Vista and newer operating systems by clicking on Continue or Yes. 

Click Yes when the* disclaimer* appears in FRST.
The tool may want to update itself - in that case you'll be prompted when the update is completed and ready to use.

Make sure that Addition options is checked    -    also check the box for Shortcut    listed under Optional scan on the FRST screen
and click the box "90 day files "
Press Scan button and wait.


The tool will produce three logfiles on your desktop: _FRST.txt_ , _Addition.txt_  Shortcut.txt
Click OK button when it shows up. Close the Notepad windows when they show on screen. The tool saves the files.

Please attach these 3 files to your next reply.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.