Jump to content

My Windows 2012 has possibly a Trojan

Recommended Posts

Hello, I have an issue to where a client has a server to which has a Trojan.bitminer caused by Star.exe which I looked in the C:\Windows\Temp\Star.exe and nothing was there. One of the workers has had a bitcoin mining problem which we finally caught. Malwarebytes keeps blocking websites from IP address at least 5 times. Any suggestions are helpful.

Link to post
Share on other sites

Hello  @Jawsh    :welcome:

My name is Maurice.  Let me know what name you prefer to go by.  I will guide you.

I need a report set for review.   This is a report only.

Please download MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs


Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.


  • Please attach  mbst-grab-results.zip    to your reply , like displayed here.
  • To send  ( upload)   attachments please click the "ADD Files"  link . Then browse to where your file is located and select it and click the Open button.




The set of data from the report will provide much needed information.

Please always attach reports as we go along.

NOTE:  The block notices from Malwarebytes do mean that the pc is being kept safe from any potential harm.   It is STOPPED from a outbound attempt to ai.backend-chat.com

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites


-Log Details-
Protection Event Date: 9/10/21
Protection Event Time: 9:50 PM
Log File: a6be120e-12a2-11ec-914f-9cb654b16555.json

-Software Information-
Components Version: 1.0.1430
Update Package Version: 1.0.44816
License: Premium

-System Information-
OS: Windows Server 2012 R2
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
Trojan.BitCoinMiner, C:\Windows\Temp\Star.exe, Quarantined, 596, 965972, 1.0.44816, , ame, , 241EA195774E19C5E9873A5B375617AE, AA00699728A2EE613DBE78792A6491C1B3B2F2562B3C4542B97D81B0C4CD4020


Link to post
Share on other sites

Thanks for the report.  The most recent block notices were about IP blocks  on IP ""

I notice this machine  is a  "Windows Server 2012 R2"

First action:

Please  set File Explorer to SHOW ALL folders, all files, including Hidden ones.  Use OPTION ONE or TWO of this article


Next action:

Use Windows Explorer.   Expand / navigate the left hand tree view of the C drive & drill down to C:\Windows

Use the mouse and ( on the Left-hand tree) RIGHT click on Windows folder and select "Scan with Malwarebytes"  and let Malwarebytes do that scan.

Edited by Maurice Naggar
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection



Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.