How do I remove pool.hashvault.pro

[Mohammed15232]

 

It says the site cant be reached. My DNS is 1.1.1.1 (cloudflare) and I am on windows 11.

 

[Porthos]

@Mohammed15232

Please download Farbar Recovery Scan Tool and save it to your desktop.

Please rename FRST.EXE or FRST64.EXE to FRSTEnglish.exe

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press the Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your next reply.
• The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Thank you

[Mohammed15232]

FRST.txt Addition.txt

[AdvancedSetup]

Hello @Mohammed15232

Please run the following

 

AV Block Remover:

• Download the utility archive from one of these links: AV block remover or from a mirror
• Extract the archive to any folder on your computer (the executable file should be in a subfolder with a random name, not on the desktop or in the Downloads folder)
• Rename the file AVBR.exe (for example: AV_b_r.exe), or use a version with a random filename
• Right-click the renamed AVBR.exe file and run as an administrator
• Wait for the utility to finish; the computer will be automatically be restarted.
• If this method doesn't work, run this tool from another folder, NOT from your Desktop or Downloads folder (use any other folder
• If the malware still blocks the utility, then try to run it in Safe Mode with Networking
• In the utility folder, a file named AV_block_remove_date-time.log will be created
• Attach that file in your next reply

 

 

[AdvancedSetup]

Are you still with us @Mohammed15232

[Mohammed15232]

Yes, sorry for the late reply @AdvancedSetup

[Mohammed15232]

Here!

AV_block_remove_2024.06.25-16.55.log

[Mohammed15232]

Wait, I can now access the websites.

[AdvancedSetup]

Great, please run the following @Mohammed15232

 

 

Let's get the info to get the process started. Be aware it will take many steps and scans to fully remove malware.

Please respond to all future instructions from your helper in a timely manner.

 

Let's go ahead and run a couple of scans and get some updated logs from your system. Please read the entire post below before starting so that you're more familiar with the process

Then follow each step in the order provided. Unless otherwise asked, please attach all logs

 

Please make the following system changes:  Please pay close attention the the instructions in all of the following links.

• If you have not done so already - Enable System Protection and create a NEW System Restore Point
• Temporarily disable your antivirus real-time protection or other security software first only if it blocks or interferes with the scans or downloads.. Make sure to turn it back on once the scans are completed
• Temporarily disable Microsoft SmartScreen to download software below only if needed. Make sure to turn it back on once the downloads are completed
• Disable-Fast-Startup
• Show-Hidden-Folders-Files-Extensions

Please run the following scans:  Please pay close attention the the instructions in all of the following links.

1. Click the following link and run a  Scan with AdwCleaner
2. Click the following link and run a  Scan with Malwarebytes 
      RESTART the computer
3. Click the following link and run a  Scan with Farbar Recovery Scan Tool 
    

Example image of where to click to attach files when posting your reply

 

Thank you

 

[Mohammed15232]

AdwCleaner[S00].txtAdwCleaner[C01].txtAdwCleaner[S01].txt

[Mohammed15232]

Domain: pool.hashvault.pro
IP Address: 45.76.89.70
Port: 80
Type: Outbound
File: C:\Windows\System32\cmd.exe

I think this is a stealthy bitcoin miner, Im struggling to remove it. Every time I start up my computer MB starts to pop up with it..

Ive put in the Farbar Recovery Scan Tool Addition file so as the MB Adware Cleaner files, (I have 3 of them and dont know which one to send)

Addition.txt AdwCleaner[C01].txt AdwCleaner[S00].txt AdwCleaner[S01].txt

[AdvancedSetup]

Good day @Mohammed15232

Please post back the other logs

• Malwarebytes scan log
• FRST.TXT
• ADDITION.TXT

 

Thank you

 

[Mohammed15232]

Addition.txt FRST.txt

[Mohammed15232]

Malwarebytes Scan Report 2024-06-27 162018.txt

[Mohammed15232]

@AdvancedSetup

[AdvancedSetup]

Yes, looking at your logs now. Please give me a few minutes

 

[AdvancedSetup]

[ 1 ]

Did you download and set this to run on purpose?

 

Task: {176A8B2B-66F2-4B13-9E67-6F3357DF300E} - System32\Tasks\TaskbarX THEFAMILYPCshahi => "C:\Users\shahi\Downloads\TaskbarX_1.7.8.0_x64\TaskbarX.exe"

 

[ 2 ]

Are you sure you want this enabled or allowed? Push Notifications on your browser appear to be enabled.

CHR Notifications: Profile 2 -> hxxps://forum.bloxflip.com; hxxps://traderie.com; hxxps://www.duolingo.com; hxxps://www.reddit.com; hxxps://www.youtube.com

https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Turn notifications on or off - Google Chrome

Web Push notifications in Firefox

 

[ 3 ]

Please run the following fix

 

NOTE: Please read all of the information below before running this fix.

• NOTICE: This script was written specifically for this user, for use on this particular machine.
• Running this on another machine may cause damage to your operating system that cannot be undone.

Once the fix has been completed, please attach the file FIXLOG.TXT to your next reply

Farbar program:   FRSTEnglish.exe

Save the attached file:  FIXLIST.TXT to this folder C:\Users\shahi\Downloads\

NOTE. It's important that both files, FRSTEnglish.exe, and fixlist.txt are in the same location or the fix will not work.

Please make sure you disable any real-time antivirus or security software before running this script. Once completed, make sure you re-enable it.

 

 

Run the Farbar program with Admin rights and press the Fix button just once and wait.

The fix may possibly take up to 60 minutes to complete

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log named Fixlog.txt in the same folder you ran the Farbar program from. Please attach that log on your next reply.

 

1. NOTE:  This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity.
2. NOTE: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications may be automatically closed.
               Also, make sure you know the passwords for all websites as cookies may possibly be removed in some cases, but not all cases.
3. NOTE: As part of this fix, it will also reset the network to default settings including the firewall. If you have custom firewall rules you need to save please export or save them first before running this fix.

The following directories are emptied:

• Windows Temp
• Users Temp folders
• Edge, IE, FF, Chrome, and Opera caches, HTML5 storages, Cookies and History
• Recently opened files cache
• Discord cache
• Java cache
• Steam HTML cache
• Explorer thumbnail and icon cache
• BITS transfer queue (qmgr*.dat files)
• Recycle Bin

Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix.

The system will be rebooted after the fix has run.

fixlist.txt

Thanks

 

[Mohammed15232]

Fixlog.txt

[Mohammed15232]

@AdvancedSetup

 

[AdvancedSetup]

Thank you for the log. Overall it ran well.  It also found and fixed some other Windows issues

 

Windows Resource Protection found corrupt files and successfully repaired them.

 

Please answer the STEP 1 and 2 above

 

 

[Mohammed15232]

Yes and Yes,

[AdvancedSetup]

Okay, great.

Let me have you run the following please.

 

Sophos Scan & Clean

Download Sophos Free Virus Removal Tool (x64)  and save it to your desktop or downloads folder.

• If your security alerts to this scan either accept the alert or turn off your security real-time protection temporarily to allow Sophos to run and complete.....
• Please close all other open applications and Do Not use your PC whilst the scan is in progress... This scan typically runs pretty quick on most systems.
• Locate the downloaded program then Double-click on the program and select Run and approve the User Account Control prompt to allow it to run with Admin rights.
• Click Next then clicking NEXT again will automatically accept the terms in this license agreement and start the scanning process
• Click Next and exit the program when done
• By default Sophos logs are found under this sub-folder: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs 
• You may need to enable Show-Hidden-Folders-Files-Extensions to see the C:\ProgramData folder to access the log

Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan.

Please attach that log on your next reply

Thank you

 

[AdvancedSetup]

After you run the Sophos scan above, please run this updated FIXLIST.TXT file as before.

Save it to the same location as the Farbar program. Then run the Farbar program with Admin rights and click the FIX button.

fixlist.txt

This will create a ZIP file on your Desktop of the current C:\FRST\Quarantine folder with today's Date and Time as the name of the zip file.

I want to review what it found and removed

Please attach that zip file to your next reply

 

 

 

[Mohammed15232]

27.06.2024_17.53.38.zip

[Mohammed15232]

@AdvancedSetup