xmr.2miner.com website blocked in explorer.exe

AdvancedSetup · May 13

Please try clearing Windows Defender History

Also, include removing files or folders in this directory from Safe Mode or Recovery Environment

C:\ProgramData\Microsoft\Windows Defender\Scans\BackupStore\

If you like we can try a new way by clearing all the history from Windows Defender manually.

Please do the following

Click on Start and type CMD.EXE and when it shows, right-click over it and select to "Run as administrator"

Then type the following and press the Enter key

MD  C:\ClearWD

Then open the File Explorer to that new folder and right click and select New -- >> Text Document

Then open it with Notepad. Then copy and paste the following into the blank document

@echo off
pushd "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory"
echo Current folder is: %CD%
rd /q /s "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory"
popd
pushd "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service"
echo Current folder is: %CD%
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\*.log"
popd
pushd "C:\ProgramData\Microsoft\Windows Defender\Scans"
echo Current folder is: %CD%
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache*"
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db"
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Scans\mpenginedb.db-wal"
popd
pushd "C:\ProgramData\Microsoft\Windows Defender\Support"
echo Current folder is: %CD%
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Support\*.log"
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing*"
popd
pushd "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store"
echo Current folder is: %CD%
del /s /f /q "C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\*"
popd
wevtutil cl "Microsoft-Windows-Windows Defender/Operational"
pause

Then save the document.

Then rename the extension from .TXT to .BAT

The file should now be called C:\ClearWD\ClearWDHistory.bat

Once that is set up restart the computer into the Recovery Environment

You can enter the Recovery Mode by copying and pasting the following into the command prompt

Make sure you save all open documents first and close all programs as the computer will restart.

shutdown /r /o

From the Recovery Mode select the COMMAND PROMPT

Normally it will open as X:

In most cases you simply need to type C: and press the Enter key to get to the C: drive.

Then you'd type CD ClearWD and press the Enter key

Then type ClearWDHistory.bat and press the Enter key

That should run and clear out your Windows Defender History

Then restart into Normal Mode and wait about 5 minutes and then recheck Windows Defender

Let me know if you have any questions

Sandwich · May 14

Sorry for the late reply bjt I will have to put this on hold because i need to enter my password when entering command prompt through recovery and it keeps telling me its invalid even when ive changed it so many times through microsoft and through the Sign-on options in settings. If I cant find a fix for that issue I would need to factory reset my pc with a thumb drive

AdvancedSetup · May 14

Perhaps backing your personal data to an external USB hard drive and doing a CLEAN install of Windows but then DO NOT use an Online Account with setting up your Windows profile. User a LOCAL account.

Clean Install Windows 10 & 11 (2023)
https://answers.microsoft.com/en-us/windows/forum/all/clean-install-windows-10-11-2023/1c426bdf-79b1-4d42-be93-17378d93e587

Also, please review the following topic

Bypass Microsoft Online Account Creation during installation of Windows 11
https://forums.malwarebytes.com/topic/296613-bypass-microsoft-online-account-creation-during-installation-of-windows-11/

Sandwich · May 15

Will do thank you, I will probably be able to do the clean install late at night on Thursday because that's the last day of school for this week until the following Monday. Also sorry for the delayed response !!!

AdvancedSetup · May 15

Sounds good. I'll keep the post open a few days. Let me know once you've done a CLEAN install and again, do not use the Online account creation that Microsoft will try to force you to do.

The instructions from the second link should help you to make just a LOCAL Account

Sandwich · May 18

I have finished clean installing windows 10, I have willingly done a full data wipe since I had planned to do so months prior but never had a chance till now.

AdvancedSetup · May 18

Thank you for the update. Please run the following and I'll review the logs if you like

Scan with FSS Farbar Service Scanner
https://forums.malwarebytes.com/topic/306736-scan-with-fss-farbar-service-scanner/

Scan with Farbar Recovery Scan Tool
https://forums.malwarebytes.com/topic/306601-scan-with-farbar-recovery-scan-tool/

Sandwich · May 18

Here are the 3 logs

FSS.txt Addition.txt FRST.txt

AdvancedSetup · May 18

Great, overall it looks good.

I would highly recommend that you consider a different Web browser than Opera - it used to be a great alternative browser back in the day but today it simply does not care about your privacy.

Firefox or Brave would be much better choices

Your DNS Servers: 192.168.12.1

Please consider changing your default DNS server settings. Please choose one provider only

DNS is what lets users connect to websites using domain names instead of IP addresses

Pick just one of these 5 providers. And be aware that you need to modify 1 time for IPv4 & a 2nd pass for IPv6

Quad 9 Public DNS IPv4 9.9.9.9 and 149.112.112.112 IPv6 2620:fe::fe and 2620:fe::9 (one of the best for most users)
Google Public DNS: IPv4 8.8.8.8 and 8.8.4.4 IPv6 2001:4860:4860::8888 and 2001:4860:4860::8844
Cloudflare: IPv4 1.1.1.1 and 1.0.0.1 IPv6 2606:4700:4700::1111 and 2606:4700:4700::1001
OpenDNS: IPv4 208.67.222.222 and 208.67.220.220 IPv6 2620:119:35::35 and 2620:119:53::53
DNSWATCH: IPv4 84.200.69.80 and 84.200.70.40 IPv6 2001:1608:10:25::1c04:b12f and 2001:1608:10:25::9249:d69b

The Ultimate Guide to Changing Your DNS Server
https://www.howtogeek.com/167533/the-ultimate-guide-to-changing-your-dns-server/

Here is a YouTube video on Changing DNS settings if needed

If you're possibly concerned about your Router security

How To Reset Your Router
https://forums.malwarebytes.com/topic/312185-how-to-reset-your-router/

Excellent, glad to hear all is well again. I'll go ahead and close your topic now and wish you well.

Please follow the directions below to remove the logs and tools we've used. If any are still left after that you can manually uninstall or delete them.

Take care and stay safe out there. Try to follow as much of the advise below as you can as well.

We're glad that we were able to assist you.

The following information will help you to keep your computer and data safer as well as improve your overall privacy

Recommend using a Password Manager for all websites, etc. that require a password. Never use the same password on more than one site.
https://www.howtogeek.com/780233/best-password-manager/
Make sure you're backing up your files https://forums.malwarebytes.com/topic/136226-backup-software/
Keep all software up to date - PatchMyPC - https://patchmypc.com/home-updater#download https://patchmypc.com/about-us
Keep your Operating System up to date and current at all times - https://support.microsoft.com/en-us/windows/windows-update-faq-8a903416-6f45-0718-f5c7-375e92dddeb2
Further tips to help protect your computer data and improve your privacy: https://forums.malwarebytes.com/topic/258363-tips-to-help-protect-from-infection/
Please consider installing the following Content Blockers for your Web browsers if you haven't done so already. This will help improve overall security

Malwarebytes Browser Guard

Google Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee
Microsoft Edge: https://support.malwarebytes.com/hc/en-us/articles/4413298736787-Install-Malwarebytes-Browser-Guard-on-Microsoft-Edge-browser
Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

uBlock Origin

Google Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm
Microsoft Edge: https://microsoftedge.microsoft.com/addons/detail/ublock-origin/odfafepnkmbhccpbejgmiehpchacaeak
Mozilla Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin

Cybersecurity basics & protection
Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity

Further reading if you'd like to keep up on the malware threat scene: Malwarebytes Blog https://blog.malwarebytes.com/

Hopefully, we've been able to assist you with correcting your system issues.

Thank you for using Malwarebytes. Please tell your friends and family if they too need assistance with malware removal

Sandwich · May 18

oop- Alright yeah ill look into firefox and brave and change to that browser within the end of today, thank you so much and ill change my dns server too. thank you for your help so far !! I also forgot to redownload malwarebytes !!!

AdvancedSetup · May 18

MB5 Offline Installer
https://downloads.malwarebytes.com/file/mb5_offline

Scan with Malwarebytes
https://forums.malwarebytes.com/topic/304827-scan-with-malwarebytes/

xmr.2miner.com website blocked in explorer.exe

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Important Information