Jump to content

xmr.2miner.com keeps pinging in svchost.exe and is blocked by malwarebytes


Recommended Posts

I recently installed malwarebytes for free trial to check what was using my CPU during idle and this, xmr.2miner.com, keeps pinging via svchost.exe outbound and inbound. This might be from my cryptomining days and I have already quitted and uninstalled all necessary software for it. Please help.

Link to post
Share on other sites

Hello :welcome: 

I will guide you along on looking for remaining malware. Lets keep these principles as we go along.

  • Removing malware can be unpredictable
  • Please don't run any other scans, download, install or uninstall any programs while I'm working with you.
  • Only run the tools I guide you to.
  • Do not run online games while case is on-going. Do not do any free-wheeling web-surfing.
  • The removal of malware isn't instantaneous, please be patient.
  • Cracked or or hacked or pirated programs are not only illegal, but also will make a computer a malware victim. Having such programs installed, is the easiest way to get infected. It is the leading cause of ransomware encryptions. It is at times also big source of current trojan infections. Please uninstall them now, if any are here, before we start the cleaning procedure.
  • Please stick with me until I give you the "all clear".
  • If your system is running Discord, please be sure to Exit out of it while this case is on-going.

If possibly you have a browser issue, can you try using a different web browser?
But in any event, always SAVE the downloads I guide you to. Then after download is complete, you go to the file using File Explorer.
and only then, launch it from there.

Let's do one special run  with Malwarebytes Adwcleaner. 
 
It will not take much time, Read over all lines before starting so that you have a good understanding of the whole method. Take your time and go careful. I ant to make sure you select all of what I list below - before- pressing the "scan" button.
 
First download & save it
 
Then go to where the EXE file is saved. Start Adwcleaner.  Do not rush. There are a few first choices to set as I have listed below.
 
Reply YES at the Windows prompt to allow the program to proceed and make changes. That is the usual Windows security prompt.
 
When AdwCleaner starts, on the left side of the window, click on “Settings” and then enable these repair actions on that tab-window
by clicking their button to the far-right for ON status
Delete IFEO keys
Delete tracing keys
Delete Prefetch files
Reset Proxy
Reset IE Policies
Reset Chrome policies
Reset Winsock
Reset HOSTS file
 
ADW-s-1.png.c32838f45f840beb2b835ad51f0a1b7c.png
 
 
ONLY after you have set the selections above ....only after that .....
Now On the left side of the AdwCleaner window, click on “Dashboard” and then click “Scan” to perform a computer scan.
 
 
This can take several minutes.
When the AdwCleaner scan is completed it will display all of the items it has found. Click on the “Quarantine” button To remove what it found.
 
AdwCleaner will now prompt you to save any open files or data as the program will need to close any open programs before it starts to clean.
Click on the “Continue” button to finish the removal process.
 
 
 
Attach the clean log from Adwcleaner when all completed. For example AdwCleaner[C00],txt
There is much more to do even after this.
Link to post
Share on other sites

# ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 04-03-2023 # Duration: 00:00:06 # OS: Windows 11 (Build 22621.1265) # Scanned: 32099 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1420 octets] - [03/04/2023 19:07:21] AdwCleaner[C00].txt - [1748 octets] - [03/04/2023 19:07:42] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

AdwCleaner[S01].txt

Link to post
Share on other sites

I woule appreciate that you always just "attach" report-files as we go along. Please do not paste their content on the main body of the reply.
Here is what I would like you to do next. And keep in mind, in a situation like this, it will take several rounds. There is not a single-quick solution to this.

  1. Take these actions so that Windows 11 is set to show all hidden files and folders.
  2. Open File Explorer from the taskbar.
  3. Select View > Show > Hidden items.
  4. Select ViewShowFile name extensions

I would like a report set for review. This is a report only.

Please download MALWAREBYTES MBST Support Tool

  • Once you start it click Advanced >>> then Gather Logs
  • Have patience till the run has finished.
  • Attach the mbst-grab-results.zip from the Desktop to your reply..
Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Tips to help protect from infection

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.