Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal


  • Please log in to reply
3 replies to this topic

#1 ToekneeR

ToekneeR

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 26 December 2011 - 02:38 PM

Hello,
I have had this malware that i've not been able to remove. I've used malwarebytes and successfully removed everything but cannot seem to remove one file even after malwarebytes restarts. I've read on this forum about combofix, is that something i should try?

Thanks,
TowkneeR

Edit: Moved topic from Vista to the more appropriate forum. Please do not use ComboFix unless directed to do so by a Malware Removal team member and when your topic is in the proper forum for those sorts of logs. ~ Animal

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 26 December 2011 - 03:20 PM

Hello, not yet and not on your own.

What is the malware? Post the MBAM log please.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ToekneeR

ToekneeR
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 26 December 2011 - 06:29 PM

Hello,
Below is the MBAM log. I can't seem to get rid of the "Pup.bitminer"
I will download the tools and send those as well.
Any help will be appreciated!
Thanks!



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122603

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

12/26/2011 5:26:31 PM
mbam-log-2011-12-26 (17-25-44).txt

Scan type: Full scan (C:\|)
Objects scanned: 504750
Time elapsed: 1 hour(s), 35 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> No action taken.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:18 PM

Posted 26 December 2011 - 07:37 PM

Ok perhaps it more than te PUP.

PUP means Potentially Unwanted Program. Items categorized this way are generally not necessarily malicious, but can do things that may be undesirable. I would personally recommend checking the box next to it and removing it, as that particular item (BitMiner) has been bundled with infections lately, and that's likely how it got on your computer

. ~~ Exile

Post the Minitoolbox and this one please.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users