Jump to content

Bitcoin.Trojan.Miner.DDS + Trojan.Agent.E ( rogue microsoftaudio)


Go to solution Solved by Maurice Naggar,

Recommended Posts

That is great. Reason Cybersecurity is the installed antivirus. Right ?  Can you do a scan with Reason Cybersecurity and see what the result is.

ALSO 

I would recommend getting a readout report as to update the status of some key apps.

 

  • and save the tool on the desktop.
  • If Windows's  SmartScreen block that with a message-window, then
  • Click on the MORE INFO spot and over-ride that and allow it to proceed.

                               This tool is safe.   Smartscreen is overly sensitive.

Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"   and reply YES to allow to run & go forward
Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file.  Attach it with your next reply.
You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Thank you. The Microsoft Safety Scanner is a free Microsoft stand-alone virus scanner that can be used to scan for & remove malware or potentially unwanted software from a system. 

The download links & the how-to-run-the tool are at this link at Microsoft 

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Look on Scan Options & select  CUSTOM scan  & then select the C drive to be scanned.

Then start the scan. Have lots of patience. Once you start the scan & you see it started, then leave it be.  

  • Once you see it has started, take a long long break;  walk away.  Do not pay credence if you see some intermediate early flash messages on screen display.  The only things that count are the End result at the end of the run.
  • Again, any on-screen display about repeat 'infection' is not to be relied on.  Ignore those.
  • We only rely on the end result that is on the log-report-file.

 

This is likely to run for many hours   ( depending on number of files on your machine & the speed of hardware.)

The log is named MSERT.log  

the log will be at  

Windows\debug\msert.log

Please attach that log with your reply.

Link to post
Share on other sites

Very good. No actual malware was found by the MS Safety Scanner, 

Please download KpRm by kernel-panik and save it to your desktop.

  • right-click kprm_(version).exe and select Run as Administrator.
  • Read and accept the disclaimer.
  • When the tool opens, ensure all boxes under Actions are checked.
  • Under Delete Quarantines select Delete Now, then click Run.
  • Once complete, click OK.
  • A log may open in Notepad titled kprm-(date).txt.  I do not need it. Just close Notepad if it shows up.

Consider using PatchMyPC, keep all your software up-to-date - https://patchmypc.com/home-updater#download

I will have more to remark about the report from SecurityCheck on a later reply. ^_^

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/27/22
Scan Time: 2:37 AM
Log File: dab07bb8-c5b9-11ec-bf09-040e3c2e5058.json

-Software Information-
Version: 4.5.8.191
Components Version: 1.0.1666
Update Package Version: 1.0.54235
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1645)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 366814
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 12 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Bitcoin.Trojan.Miner.DDS, C:\USERS\INBAR\APPDATA\LOCAL\TEMP\XR.ZIP, No Action By User, 1000002, 0, 1.0.54235, 096F3309F690CC764CC7E0D9, dds, 01745135, C2241658445AC74C76F4205F9372E739, A692099271AD92040D0D3ADA38F3BD5D0353DE420EF8DA9610F3ED54F7C23CB1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

If your machine has Discord, make sure to EXIT out of it and keep it off. On the next run, must insure 2 things: (a) select Rootkit scan ON (b) TICK all detected lines & quarantine all.

 Start Malwarebytes. Click Settings ( gear ) icon. 

  • Click the Security Tab
  • Scroll down and lets be sure the line in SCAN OPTIONs for
  • "Scan for rootkits" is ON 👈   Click it to get it ON if it does not show a blue-color .
  • Now click on the GENERAL tab
  • Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

  • Next, the Malwarebytes scan.
  • Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

MB4_scan_tick_ALL.jpg.954dd31097351eba2c305a1321a445d6.jpg

 

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.99b8d9b73d90d347577ae0826ac406b1.jpg

 

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/27/22
Scan Time: 10:56 PM
Log File: 24091ba8-c664-11ec-9dfe-040e3c2e5058.json

-Software Information-
Version: 4.5.8.191
Components Version: 1.0.1666
Update Package Version: 1.0.54273
License: Trial

-System Information-
OS: Windows 10 (Build 19044.1645)
CPU: x64
File System: NTFS
User: tigereyes\inbar

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 368371
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 7 min, 15 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Bitcoin.Trojan.Miner.DDS, C:\USERS\INBAR\APPDATA\LOCAL\TEMP\XR.ZIP, Quarantined, 1000002, 0, 1.0.54273, 096F3309F690CC764CC7E0D9, dds, 01746331, C2241658445AC74C76F4205F9372E739, A692099271AD92040D0D3ADA38F3BD5D0353DE420EF8DA9610F3ED54F7C23CB1

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

This pc has Discord. From here on out, for the duration of this case, do not use Discord. Exit out of it. We are aware of situations where discord has been hijacked, and thus can falicitate infection. Close it. Do not use it. Also, please do not play any games for duration of the case, until I give the all clear.

This will be a check with ESET Onlinescanner for viruses, other malware, adwares, & potentially unwanted applications.

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

 

It will start a download of "esetonlinescanner.exe"

  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started.

 

  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes
  • When prompted for scan type, Click on Full scan

Look at & tick ( select ) the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

  • Have patience. The entire process may take an hour or more. There is an initial update download.

There is a progress window display. You may step away from machine &. Let it be.  That is, once it is under way, you should leave it running.  It will run for several hours.

  • At screen "Detections occured and resolved" click on blue button "View detected results"
  • On next screen, at lower left, click on blue "Save scan log"
  • View where file is to be saved. Provide a meaningful name for the "File name:"
  • On last screen, set to Off (left) the option for Periodic scanning
  • Click "save and continue"
  • Please attach the report file so I can review
  • and Please only just "attach" reports that I request. Dont copy/paste in main body of forum reply.
Link to post
Share on other sites

Hello. Here is an additional procedure you can do. And certainly one you can start and let run over-night before retiring for the evening. You can do the starting steps and once it has started, you can leave it to run.
This is meant as a one-time scan with Comodo Antivirus. See the steps listed on the bottom part of this Comodo link https://file-intelligence.comodo.com/windows-process-virus-malware/exe/LiveUpdate

Link to post
Share on other sites

  • Solution

I know your pc does not have Comodo. My regret is that I thought that Comodo had a free scan tool. Let us forget that. 

One other scan here.

TrendMicro HouseCall scan

https://www.trendmicro.com/en_us/forHome/products/housecall.html

  • First, Download & Save to your Downloads folder the appropriate HouseCallLauncher
  • Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
  • The program will check with TrendMicro & do a update run.
  • Next it will show the Disclosure window.
  • Click Next to proceed.
  • The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.
  • IF you wish a Full scan or a Custom scan, first click on the Settings
  • then you can select which drives you want to include in the scan.
  • The default is a Quick scan.
  • Click Scan now when ready.
  • The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.
  • When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
  • If you see an item that you know is safe, you can click the Action  , and select Ignore.
  • When all done & ready, click the Fix now button.
Link to post
Share on other sites

Your machine already has the support tool here C:\Users\inbar\Downloads\mb-support-1.8.7.918.exe

  • Let us gather fresh reports with it. Launch mb-support-1.8.7.918.exe
  • Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

  • Upload zip archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 so that I can review the current situation. :D

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.