Jump to content

Norton activity message: Miner.Bitcoinminer Activity [X]


Go to solution Solved by Maurice Naggar,

Recommended Posts

Thanks for the Fixlog. That is a good run. Let us not do any other steps at this point. Just wait to see ( for the rest of today & maybe tomorrow) to see if Norton make a new claim of "coinminer pest".

What you can do, is this scan with Adwcleaner.

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

  • Thanks 1
Link to post
Share on other sites

One must ask, Do you have some log from the Norton program that has details ?  If so, I suggest that you attach that log if possible so that I can see it. Secondly, have you contacted Norton support to ask about this ? I honestly suggest you do do that.

Meanwhile, since this pc has Malwarebytes, you should be able to run this on-demand scan. 

Do a new scan with Malwarebytes for Windows.

Do a Check for Update using the Malwarebytes Settings >> General tab.

See this Support Guide https://support.malwarebytes.com/hc/en-us/articles/360042187934-Check-for-updates-in-Malwarebytes-for-Windows

When it shows a new version available, Accept it and let it proceed forward.  Be sure it succeeds.

If prompted to do a Restart, just please follow all directions.

Let me know how that goes.    Next, the Malwarebytes sca

Next, click the small x on the Settings line to go to the main Malwarebytes Window.   Next click the blue button marked Scan.

 

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

>>>>>>      👉      You can actually click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).         <<<<     💢

 

MB4_scan_tick_ALL.jpg.d5c4071c62ed66534301fbb217b93bc0.jpg

Please double verify you have that TOP  check-box tick marked.   and that then, all lines have a tick-mark

 

Then click on Quarantine  button.

MB4_scan_all_Quarantine2.jpg.6c45445994d4125c0b617ac7c5551e03.jpg

 


Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

Link to post
Share on other sites

While it is true it says no further action required, I saw indications out there that maybe some further action *was* required. I don't have them handy, but there were people who got the messages to stop. You yourself felt there were a couple of rogue processes, and I've seen an explorer.exe process with a weird command line that looks like a long string of random letters. I've dug into the Norton setting and I'm pretty sure I can disable the Deep protect function that may have interfered with the last FRST run. I guess I haven't tried resetting my browsers, but the message has appeared even after a reboot where no browser has been opened.

mb scan report.txt norton Recent History.txt

Link to post
Share on other sites

Before you go to the trouble of setting up another Fixlist, let me try running Zemana Antimalware (suggested via a Norton forum post). It's already claiming to have found some things, and I'll try to reset my browsers and we'll see what happens. That will probably take another hour.

Link to post
Share on other sites

  • Root Admin

Would like to also see the following @Jammerjim

 

SecurityCheck by glax24              

I would like you to run a tool named SecurityCheck to inquire about the current security update status of some applications.

  • Download SecurityCheck by glax24: https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe
  • If Microsoft SmartScreen blocks the download, click through to save the file
  • This tool is safe.   Smartscreen is overly sensitive.
  • If SmartScreen blocks the file from running click on More info and Run anyway
  • Right-click  with your mouse on the Securitycheck.exe  and select "Run as administrator"  and reply YES to allow to run & go forward
  • Wait for the scan to finish. It will open a text file named SecurityCheck.txt Close the file.  Attach it with your next reply.
  • You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

 

image.png

image.png

image.png

 

Thank you

 

 

Link to post
Share on other sites

Have run Zeman and Security Check. Report attached. Note that the Zeman is actually three reports. Could not find it log file did a copy paste from the application display. Reset the browsers. Still getting the messages.

Did look over on the Norton forums and while I have not exhausted the search there or posted yet, I haven't seen much different in terms of apps. Some people suggest coming here.

SecurityCheck.txt Zeman Reports.txt

Link to post
Share on other sites

Norton Security version 22.23.3.8 / Norton360 is the resident antivirus & firewall on this box.
I am listing here the highlighted apps from the SecurityCheck report that need your follow-up & attention. Along with 2 apps to uninstall.
Microsoft Office Home and Student 2019 - en-us v.16.0.16227.20280  Warning! Download Update
How Install Office updates?

Python 3.10.6 (64-bit) v.3.10.6150.0  Warning! Download Update

7-Zip 21.07 (x64) v.21.07  Warning! Download Update
Uninstall old version and install new one.

Audacity 3.3.0 v.3.3.0  Warning! Download Update

Bonjour v.3.1.0.1  Warning! Your pc does not need it. Uninstall.

FreeFixer v.1.19  Warning! Suspected demo version of anti-spyware, driver updater or optimizer.  Computer experts no longer recommend this program.

Link to post
Share on other sites

  • Solution

I am going to list a number of suggestions here. Plus remmber that the Norton is super fussy with its protections. So that IF it interferes with a process or task or report, remember the steps that were needed to get it temporarily turn off.

A. This article is a guide https://www.lifewire.com/disable-norton-antivirus-4589389

we will want to pick the option to turn off ""Until system restart""

plus, step B. Turn off Dataprotect in Norton.

Here is what I would suggest you do.

This is a good point to emphasize not playing online games or games in general, while the case is on-going.
I would also emphasize to reduce the auto-started applications that start with Windows down to the absolute minimum. Which would basically be just security applications.
Apply these principles now from the following How-to
How to perform a clean boot in Windows
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows

( 2 )

After the Windows restart, 

Create an Autoruns Log:

  • Please download Sysinternals Autoruns from here:   https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns
  • Save Autoruns.zip to your computer. Then locate it and extract it to a new folder where you can find and run it.
  • Once it starts you may not be able to easily stop the scan but you can try to press the Escape key on your keyboard.
  • Once scanning is stopped, click on the Options menu at the top of the program and select Scan Options... 
  • Then place a check mark on the following items Verify Code Signatures, Check VirusTotal.com, and Submit Unknown Images
  • Then click the Rescan button. Agree to the VirusTotal EULA
  • Once the new scan has been completed, please click on the File button at the top of the program and select Save, or use the Save icon, and save the Autoruns.arn file to your desktop and close Autoruns.
  • Right-click on the Autoruns.arn file (it will typically be the name of your computer) on your desktop or where you save it, and hover your mouse over Send To and select Compressed (zipped) Folder
  • Attach the Autoruns.zip folder (your computer name.zip) you just created to your next reply.

 

 

image.png

 ( 3 )

You have FRST64.exe on Desktop

RIGHT-click on FRST64.exe and select 

Run as Administrator

and tap ENTER. And reply YES to allow to proceed.  

  •  When the tool opens click Yes to the disclaimer.  And be very sure to TICK the box for Addition.txt

Look close on the "Whitelist section" and UN-Tick the box "Services"

services_whitelist_disable.jpg.641b60ab47a95e7562d37334b6a0bd9d.jpg

  • Press the Scan button.

 

  • It will make a log (FRST.txt & Addition.txt) in the same directory the tool is run
  • Have patience since the run may take something like 10 or so minutes  (less depending on your hardware speed)
  • Close Notepad IF those show up on Notepad.
  • Just please Attach the 2 files FRST.txt +Addition.txt  with your next reply.
Link to post
Share on other sites

I will say things have been relatively quiet this morning. Last warning message was at ~10:18AM, and nothing like that in my Norton history. Zemana Antimalware found some stuff buried in Mozilla and removed it, before I uninstalled Zemana to simplify things. But it did that more than once over the past few days and I still had the message, so I'm not assuming things are clear. I'm thinking I should go into my router/firewall and hard block that IP, just to be sure.
 

Link to post
Share on other sites

A. This article is a guide https://www.lifewire.com/disable-norton-antivirus-4589389

we will want to pick the option to turn off ""Until system restart""

plus, step B. Turn off Dataprotect in Norton.

C.  Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRSTENGLISH.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt <-- - - - -

NOTE. It's important that both files, FRSTENGLISH, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRSTENGLISH and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with your next reply.

Link to post
Share on other sites

This run invoked the Windows System File Checker & it made some corrections. Windows Resource Protection found corrupt files and successfully repaired them.
And the last traces of rogue task "ConfigSecurityPolicy" is all gone.
Please do this special  search.

There is the FRST64.exe  tool on the Downloads folder. We will use that to do a search.

Find & then start FRST64

Type the following ( better yet, use COPY then Paste) into the search box exactly as shown  then press the Search Files button

SearchAll: WindowsMalwareProtection

Please wait while the program searches for all entries relating to this , when done a search.txt log will be saved to the desktop. Please attach this log to your next reply.

Link to post
Share on other sites

One new run.

A. This article is a guide https://www.lifewire.com/disable-norton-antivirus-4589389

we will want to pick the option to turn off ""Until system restart""

plus, step B. Turn off Dataprotect in Norton.

C.  Please run the following custom script. Read all of this before you start. Please Close all open work.

Farbar program :  is FRST64.exe is already on this machine

Please download the attached fixlist.txt file and save it to Downloads folder

Fixlist.txt <-- - - - -

NOTE. It's important that both files, FRST64, and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone.

Use File Explorer to go to the Downloads folder

RIGHT-Click on   FRST64 and select

RUN as Administrator

and reply YES to allow it to go forward to start.

That is important so that this run has Elevated Administrator rights !!

NEXT press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Downloads folder (Fixlog.txt) . Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

The system will be rebooted after the fix has run. Attach FIXLOG.txt with your next reply.

Edited by Maurice Naggar
Link to post
Share on other sites

Cool. mission accomplished. 👍

At this time, I would like to see this Windows get the latest build 22H2 for this Windows operating system. I would highly suggest to insure that this pc is all up-to-date with security updates & cumulative updates on Windows. select the Windows Start  button, and then go to Settings  > Update & Security  > Windows Update . and click Check for Updates.
Have much patience.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.