Jump to content

RiskWare.BitCoinMiner cant be deleted


Go to solution Solved by AdvancedSetup,

Recommended Posts

Hi

 

I have a usb corrupted with the above mentioned virus. It turned the usb to Read-Only mode and i cant get to remove it. I have tried many ways including CMD  and even tried gparted on linux with no luck. The anti-virus detects the virus disguised as mymusic.exe but cannot remove it. Below is the log file.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/14/21
Scan Time: 4:06 AM
Log File: fa0cca2a-9cc5-11eb-a6b7-001fe26969d5.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.519
Update Package Version: 1.0.8702
License: Premium

-System Information-
OS: Windows 10 (Build 19041.928)
CPU: x64
File System: NTFS
User: DESKTOP-T5G519C\Bradley

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 120012
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 0 min, 51 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.BitCoinMiner, F:\MY MUSIC.EXE, Delete-on-Reboot, [715], [354575],1.0.8702

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
  • Root Admin

Hello @Bradl3y

Please do the following.

Please click on Start menu and type in CMD.EXE and when it shows on the menu right-click and select "Run as administrator"

Then, with the USB thumb drive still connected as the F: drive issue the following command.

CHKDSK F: /F

After that then run the following command for me.

DIR /A /S F:\

Post back the results of both of those commands please.

Thanks

 

Link to post
Share on other sites

On the first command it says "Windows cannot run disk checking on this volume because it is write protected." I have run attributes disk clear readonly, it says success but still readonly when trying to use the USB. I created a policy in regedit and set the value to 0 for readonly state but also no luck. 

Link to post
Share on other sites

Still no luck. I have attached the results. Current state is read-only but read-only states "No" 😐 is it possible to prevent the virus from running when the USB is mounted? I get a feeling it's the virus preventing all these things. 

Annotation 2021-04-14 211058.png

Link to post
Share on other sites
  • Root Admin

We can scan this computer to make sure it's not infected but if this keeps happening the question is does in only happen on this computer? Is the file listed always the same name?

Please run the following

 

Link to post
Share on other sites

It's always listed as mymusic.exe. My pc is not infected only the USB. The usb came from from a friend when I noticed this problem. I will try the root kit out and get back to you tomorrow. Thanks so much for the help so far👍

Link to post
Share on other sites
  • Root Admin

You said it happens on "other" USB disks too. It's not magic.

Hardware problem on your friends computer or infected. Nothing like this should be repeating unless there is a root cause on the other computer.

 

Link to post
Share on other sites
  • Root Admin

Could just be faulty hardware.

Sorry, wish I could be of more help but if you can't remove it from a Linux booted Live CD then something else is going on as no malware would be able to run to protect or cause an issue.

Why I suggested a disk check in the first place because sometimes the volume bitmap or MFT is corrupted and a disk check will fix that and then you can delete a file.

 

Link to post
Share on other sites
  • Root Admin

Well, another computer running Linux is the same thing as running a Live CD off of Windows in that it's a completely different OS not tied to Windows operations.

No harm in trying though

Good luck

 

Link to post
Share on other sites

When I try to check the disk with the tool it says error and when I try to format it with the tool it says "A volume label is required to format this disk" but when I try to add a label I get told the disk is write protected 😔

Link to post
Share on other sites
  • Root Admin

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.