Jump to content

Rundll32.exe Cryptojacking


Recommended Posts

Hello @IntechgrateTech and :welcome:

 

My name is MKDB and I will assist you.

 

  • Please follow the steps in the given order and post back the logs as an attachment when ready. Thank you very much for your cooperation.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.

 

 

You're logfiles are empty. Please follow the following steps to help me to get an overview of your system.

 

 

Step 1

  • If you already have Malwarebytes installed, then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet, please download it from here and install it.
  • Once the MBAM dashboard opens, click on Settings (gear icon).
  • Click on Security tab and make sure that all four Scan options are enabled.
  • Close Settings and click on the Scan button on the dashboard.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.
  • If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run, then please skip to the next step and let me know in your next reply that the scanner would not run.

 

 

 

Step 2

Please download AdwCleaner and save it to your desktop.

  • Double-click to run it.
  • Accept the End User License Agreement.
  • Click Scan Now.
  • When finished, if items are found please click Next / Quarantine.
  • Maybe your PC will be rebooted, AdwCleaner will be opened automatically.
  • Click View Log File.
  • AdwCleaner will open one log (AdwCleaner[Cxx].txt).
  • Please attach the log to your next reply.

 

 

 

Step 3

Please download the suitable version of Farbar Recovery Scan Tool (FRST) and save it to your desktop: 32bit | 64bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Check the box in front of Shortcut.txt.
  • Press the Scan button.
  • FRST will create three logs (FRST.txt + Addition.txt + Shortcut.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

Link to post
Share on other sites

Hi,

 

according to the name of your topic "Rundll32.exe Cryptojacking", do you have only a suspicion or do you have any kind of proof (logfile from Bitdefender/MBAM is needed) for Cryptojacking?

How is your system running? Which kind of problems to you have? Why are you running "windows server 2012", which is very atypical for private use?

Please provide some information, in order to better assess the situation. Thank you.

 

 

We need some more information @IntechgrateTech, please run MBST.

 

Step 1

  • Please download the Malwarebytes Support Tool (MBST).
  • Run MBST.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.

 

 

 

Edited by MKDB
Link to post
Share on other sites

I am running Server 2012 This is for a private mail server.  The VM is running very high CPU and the program running is [C:\Windows\System32\rundll32.exe -o pool.supportxmr.com:443 -u 44EspGiviPdeZSZyX1r3R9RhpGCkxYACEKUwbA4Gp6cVCzyiNeB21STWYsJZYZeZt63JaUn8CVxDeWWGs3f6XNxGPtSuUEX -k --tls -p MOON] this is taking 75-85% CPU.  

Link to post
Share on other sites

Due to the lack of feedback, I do not follow this topic any longer.

 

If you need this topic again, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.