Possible crypto-miner on my PC.

[rxsetse]

Recently i've noticed my PC preform slow, so i decided to scan my PC with McAfee and Malwarebytes, McAfee detected a trojan in my microsoft edge cache files ,and after that I did a MB scan and It detected a PUP called "InstantAdware", I thought the virus was gone, and didnt worry much about it until 3 days ago when a third party app called "PDF Manager" was installed, I ran a scan with McAfee, MalwareBytes, and Hitman Sophos and all detected nothing. Today, I booted into safe mode and ran a scan with MalwareBytes (I wiped temp files, and disconnected from my internet), and it detected nothing (I did forget to enable rootkit scanning so could be the problem), I'm just paranoid that my PC will get shitted by all the crypto mining thats being done.

[Maurice Naggar]

Hello 

My name is Maurice. I will guide you,  Please always attach files / reports as we go along.

I need a fuller set of reports for review so that I can review & guide you.

Please download  Malwarebytes' MBST Support Tool

 

Once you start it click Advanced > Gather Logs

 

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply , like displayed here.
• To send  ( upload)   attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

 

You describe having run 4 different security scanners.  Does any 1 currently report a infection ?

[rxsetse]

No security scanners have scanned any viruses.

[rxsetse]

Plus what does the log do, just to be safe?

 

[Maurice Naggar]

The tool is just a report tool.  It does not make changes.  The report will help me to help you. It's what I need to look for potential infections.

[Maurice Naggar]

Further to my asking for report in first post of mine.   Do this too.

Let me suggest you do one scan with Adwcleaner to check for adwares.

It will not take much time,

First download & save it 

https://support.malwarebytes.com/hc/en-us/articles/360038520054-Download-and-install-Malwarebytes-AdwCleaner

 

Then do a scan with Adwcleaner 

 

https://support.malwarebytes.com/hc/en-us/articles/360038520114-Malwarebytes-AdwCleaner-scan-and-clean

Attach the clean log.  

Edited July 7, 2021 by Maurice Naggar

[rxsetse]

Hi, I will use AdwCleaner and also give you my logs, but I may have found the virus (maybe could be a false positive), A month back I found a random folder in my appdata roaming called "HolocusTropicalSoft", and that day a month back I looked it up online and that HolocusTropicalSoft was a trojan that fit all my PCs symptoms, It was preforming slowly which the virus is known to make happen, the virus was also known to mine bitcoin, and etc. The articles author says using SpyHunter should be able to catch the virus, so I downloaded it and tried a scan and It detected adware with a 20% risk, and a Trojan called "Trojan.FakeMS" with a 80% risk, but the thing is the Trojan has put itself into a system file called "C:/ProgramData/WindowsPreformanceRecorder", and "C:/ProgramData/WindowsPreformanceRecorder/NGenPbds_Cache", so Im wondering if this is just a false positive or a legit virus that had actually got into my system files. And SpyHunter seems to want to delete the system files, and SpyHunter also wants to delete some file called [F] Preferences, and the program wants me to wait 48 hours to execute all this.

[rxsetse]

[rxsetse]

Hello Maurice, Ive used the support tool but it hasn't implemented the zip into my downloads, should I try it again as I closed the program as soon as I got the notification when it got installed?

[Maurice Naggar]

Close "spyhunter".   Dont need it.

If Adwcleaner is still open, then click on Cancel button  & Exit.  Seems all it found are HP manufacturer provided 'applets'.

You say that the support tool did not make a zip file.   So do what follows & get that report attached in a new reply, when done.

FRST Farbar is a report tool.   Widely used.  It is safe to run.   Need this information report very much !

 

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button.

• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually
• Please attach both logs to your reply .
•  
• To attch  ( upload )  attachments please click the link as shown below. Then browse to where your file is located and select it and click the Open button.

 

Do not go about self medicating with any other tools on youw own.  If you have questions, please Stop  and ask first.

[Maurice Naggar]

** After you have relayed the FRST reports ..... here is the next steps.  This will be a scan for viruses & trojans & it will remove what it detects.  It is free.  It is trusted. **

The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

From the Scan options, select "FULL" scan. Patience since this can take hours.

Let me know the result of this.

The log is named MSERT.log  

the log will be at  

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

[rxsetse]

Nevermind I found the zip in another folder, but the results have some personal data such as my desktop name (my real name), so can I like remove them, and I have closed spyhunter, and adwcleaner.

 

[Maurice Naggar]

You can send me the ZIP file by personal message.   and thenm just go ahead with the MS Safety Scanner

( by the way, other people cannot access the zip file ).

[rxsetse]

Okay I will make sure to do that. But the logs have a lot of data which is personal, and I don't wish to share online.

 

[Maurice Naggar]

Access to files is very restricted on this sub-forum  !!!   you are not like putting stuff out to public, especially zip files.   Others are not able to get to them.  Please proceed forward

[rxsetse]

It has my real name, Im pretty sure ip adress, etc.

[Maurice Naggar]

Send to me by P M

The sooner I get them, sooner we can proceed.

[rxsetse]

Alright give me a little to think about it, I understand that you are trying to help me, I apoligize.

[rxsetse]

Safety Scanner detected fourteen files so far, I will get you the report as soon as the scan is over, and also possibly the log.

[Maurice Naggar]

NOTE  I gotta have logs in order to properly help you get all malware removed.  Reports are a must.  and screen shots will not do.

[Maurice Naggar]

Thank you.  I will look at this and later, get back to you.  Thanks very much.  What I will do so you feel better is to hide that post.

[rxsetse]

Okay thank you.

 

[rxsetse]

Since the virus might be in a system file, will the virus scanner delete a system file in a scan? I read a little online and it seems someone had their system files deleted, and it their pc doesnt work?

[Maurice Naggar]

NO.  Not with the Microsoft tool.  Nor with Malwabytes.

You said the Safety scanner was started.  So just let it do what it needs to do.  A full scan will take several hours.

Take a break.  Go away from pc.  Do something for yourself.

[rxsetse]

Okay, I got a fairly decent PC, its been 30 minutes and its scanned halfway.