Jump to content

Trojan.BitCoinMiner keeps coming back, and i cant delete it.


Recommended Posts

Hello everyone, 
So i've installed a download manager to help me with my downloads, etc, and i got a file named backdoor.orcus, which has been deleted and quarantined, but theres this CoinMiner.qz and things like that, that my other antivirus (ESET) keeps saying i have which discord is trying to access, malware bytes keeps saying i have Trojan.BitCoinMiner please help removing it, im scared of losing my pc due to it.
 image.png.04ce714ef63d8037e7e3720ecacdb77c.pngimage.png.a61d06a4f56d7e769039e04510af8d71.png

image.png

Link to post
Share on other sites

Hello @Heihachi and :welcome::

While you are waiting for the next qualified/approved malware removal expert helper to weigh in on your topic, and even though you may have run one or more of its following procedural steps, please carefully follow the instructions within the following:

I'm infected - What do I do now?

Remember, please be certain to attach (not Copy and Paste) the three (3) resulting report files in your next reply to this topic.

Thank you.

Link to post
Share on other sites

Just now, Heihachi said:

Update: There is a new file called Trojan.BitCoinStealer.Generic 

image.png

It comes from discord C:\USERS\ÁDÁM\APPDATA\LOCAL\DISCORD\APP-1.0.9005\MODULES\DISCORD_MODULES-1\DISCORD_MODULES\INDEX.JS
the other files come from C:\USERS\litkei_hezm888\APPDATA\LOCAL\TEMP and C:\USERS\litkei_hezm888\APPDATA\LOCAL\MICROSOFT

 

 

Link to post
Share on other sites

Hello @Heihachi and  :welcome:

 

My name is MKDB and I will assist you.

 

Let's keep these principles as we proceed. Make sure to read the entire post below first.

  • Please follow the steps in the given order and post back the log files.
  • Please attach all log files into your post.
  • Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
  • Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
  • Searching, detecting and removing malware isn't instantaneous and there is no guarantee to repair every system. Before we start, please make sure that you have an external backup, not connected to this system, of all private data.
  • Please be patient and stick with me until I give you the "all clear".
  • Only run the tools I guide you to. Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Cracked or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • As English is not my native language, please do not use slang or idoms. It may be hard for me to understand.
  • If you do not respond within 4 days, your topic will be closed. If you are away for a longer time, please let me know.

 

 

 

Step 1

  • Please download the Malwarebytes Support Tool (MBST).
  • Run MBST and accept license agreement.
  • In the left navigation pane of MBST, click Advanced.
  • In the Advanced Options, click Gather Logs. A status diagram displays the tool is Getting logs from your machine.
  • A zip file named mbst-grab-results.zip will be saved to your desktop, please upload that file on your next reply.

 

Link to post
Share on other sites

Please run the following FRST-fix to remove some elements of the malware and check windows system files.

This fix may take some time (>15 min). Please temporary disable ESET during the fix, it may interfere with the cleanup process.

After that, we do a fresh FRST scan to check the results.

Thank you @Heihachi

 

 

Step 1

  • Please download the attached fixlist.txt file and save it to your download folder, which is C:\users\litke_hezm888\Downloads\ in your case.
  • You will find the file FRSTEnglish.exe (FRST) as well in this folder.

Note: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

  • Close all open programs and save your work.
  • Run FRST again.
  • Press the Fix button only once and wait. Please be patient and do not interfere, even if FRST does not respond for some time. That's nothing to worry about.
  • Please note: This Fix will remove all temporary files and empty recycle bin.
  • If the tool needs a restart, please make sure you let the system restart normally and let the tool complete its run after restart.
  • FRST will create one log now (Fixlog.txt) in the same directory the tool is run.
  • Please attach this logfile to your next reply.

 

 

Step 2

  • Run FRST again.
  • Do not change any settings.
  • Press the Scan button.
  • FRST will create two logs now (FRST.txt + Addition.txt) in the same directory the tool is run.
  • Please attach these logfiles to your next reply.

 

 

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback, I do not follow this topic any longer.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection.

Thank you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.