Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Pup.Bitminer Quarantine

  • This topic is locked This topic is locked
2 replies to this topic

#1 Xiahoumatt


  • Members
  • 4 posts
  • Local time:09:25 AM

Posted 20 December 2011 - 01:34 AM


I have recently been infected with the win 7 security 2012. I did some rkill things, it went away. Deleted some trojans with malwarebytes and the win pop-ups never came back. There was one virus that kept showing up called pup.bitminer, it would be quarantined and deleted by malwarebytes, but when i restart it always comes back in the scan. I've done it in safe mode and the scan deletes it, and then it appears again next scan. I've done combofix, SUPERantispyware, spybot, combofix, and TDSS Killer (which never showed any threats) and after all that it detected no threats. I only think the reason it didn't detect the threats, was that after one of my scans the pup.bitminer remained in quarantine instead of being deleted. I also ran a windows 64-bit malware removal tool, (After running several malwarebytes and the above scans to make sure I was ok (no threats were shown but pup.bitminer was still in quarantine)) The tool said I had Trojan:win32:Alureon.tk, and that it was partially removed and to reboot. I rebooted but went to safemode, ran combofix and malware bytes, and now that malware removal tool shows nothing wrong. The pup.bitminer was redirecting me like crazy and opening up ads in internet explorer, so I disabled internet explorer (at the moment I have no main browser, I just use mozilla)Mozilla was even being redirected but as long as the pup is in quarantine nothing is wrong and no redirection is occur. I have no idea if i'm safe, and im worried that if i enter any passwords (which i haven't yet) they will be stolen. I am trying to get this fixed before christmas, please help me. (Other things you may want to know, my malwarebytes is PRO, ERROR IP protection failed: FwpmEngineOpen0 failed with error code 1753 comes up in the logs between something like "Database updated successfully" and/or "Protection started successfully" Also the problem is in C:/Windows/assembly/temp/kwrd.dll and one more thing that might be useful, I could not find Windows firewall in SERVICES on my pc.) I really hope you can help me.

Thank you!

BC AdBot (Login to Remove)


#2 Xiahoumatt

  • Topic Starter

  • Members
  • 4 posts
  • Local time:09:25 AM

Posted 20 December 2011 - 01:40 AM

I reposted this in security, I think that is where it really belongs. Sorry i'm a bit of a noob to BC

#3 Queen-Evie


    Official Bleepin' G.R.I.T.S. (and proud of it)

  • Staff Emeritus
  • 16,485 posts
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:25 AM

Posted 20 December 2011 - 08:44 AM

Now that you have posted your log HERE

Please refrain from asking for further help from other members or staff until the Malware Removal Team has checked your posted log. The Malware Removal Team work very hard to investigate a unique solution to your problem and you will receive individual expert assistance. This takes time and effort so we ask you to please be patient while waiting for assistance and NOT to make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member. Any modifications you make on your own can result in system changes which may not show it the log you already posted. Further, following advice outside of that post may cause confusion for the team member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

The Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean. If you followed any other advice already, please ensure you inform the Malware Removal Team Team Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

This topic is now closed.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users