Jump to content

RiskWare.BitCoinMiner cant be deleted


Go to solution Solved by AdvancedSetup,

Recommended Posts

Hi

 

I have a usb corrupted with the above mentioned virus. It turned the usb to Read-Only mode and i cant get to remove it. I have tried many ways including CMD  and even tried gparted on linux with no luck. The anti-virus detects the virus disguised as mymusic.exe but cannot remove it. Below is the log file.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/14/21
Scan Time: 4:06 AM
Log File: fa0cca2a-9cc5-11eb-a6b7-001fe26969d5.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.519
Update Package Version: 1.0.8702
License: Premium

-System Information-
OS: Windows 10 (Build 19041.928)
CPU: x64
File System: NTFS
User: DESKTOP-T5G519C\Bradley

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 120012
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 0 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.BitCoinMiner, F:\MY MUSIC.EXE, Delete-on-Reboot, [715], [354575],1.0.8702

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Hello @Bradl3y

Please do the following.

Please click on Start menu and type in CMD.EXE and when it shows on the menu right-click and select "Run as administrator"

Then, with the USB thumb drive still connected as the F: drive issue the following command.

CHKDSK F: /F

After that then run the following command for me.

DIR /A /S F:\

Post back the results of both of those commands please.

Thanks

 

Link to post
Share on other sites

On the first command it says "Windows cannot run disk checking on this volume because it is write protected." I have run attributes disk clear readonly, it says success but still readonly when trying to use the USB. I created a policy in regedit and set the value to 0 for readonly state but also no luck. 

Link to post
Share on other sites

  • Root Admin

Could just be faulty hardware.

Sorry, wish I could be of more help but if you can't remove it from a Linux booted Live CD then something else is going on as no malware would be able to run to protect or cause an issue.

Why I suggested a disk check in the first place because sometimes the volume bitmap or MFT is corrupted and a disk check will fix that and then you can delete a file.

 

Link to post
Share on other sites

  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.