Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


PUP.BitMIner infection! Still having issues after "removal".

  • Please log in to reply
No replies to this topic

#1 Cocytus127


  • Members
  • 1 posts
  • Local time:02:44 AM

Posted 13 December 2011 - 11:01 AM


I got on my computer this morning to my typical Malwarebytes scan log and it says that I only had one infection.

From the log:

Files Infected:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

As it states, the object was "removed" but I'm still having redirect issues in Firefox. Sometimes the window will redirect completely, other times it opens a new tab to some random website.

I have the Pro version of Malwarebytes and I'm wondering why this infection was able to get through. Also, I cannot make any changes to my windows firewall at all. Attempting to do so always results in the same error:

Windows Firewall can't change some of your settings Error Code 0x80070424
I don't even know if it is on or if I can turn it on.

I ran both Rkill and TDSSKiller and neither detected anything on my system.

I also went ahead and downloaded SecuniaPSI and it detected that I had a few outdated programs so I updated those, now showing a score of 100%. After running Rkill, it also always reports that 5 programs were changed or removed, so that's a little ominous.

OS is Windows 7.
Any help would be greatly appreciated! Thanks!

Edited by Cocytus127, 13 December 2011 - 11:21 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users