Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with Pup.Bitminer, ad.yieldmanager and other malware


  • Please log in to reply
4 replies to this topic

#1 Smurf-Slayer

Smurf-Slayer

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 07 January 2012 - 05:54 PM

Hi!

I've been trying to clean up a friends computers for about two weeks. They were both pretty infected. Both of the machines have CCleaner, SpyBot, Trendmico Titanium and Malwarebytes Pro on them. One is a desktop. One is a laptop. I'd like to start with the laptop first in this thread.

The laptop is a Windows 7 machine that was upgraded from Windows Vista. The startmenu is still not right even after running the "unhide" programs and other tools that are supposed to fix it. No matter what, pup.bitminer comes back. In Firefox, it keeps getting the proxy turned on to 127.0.0.0 to a high port which doesn't work. I'm guessing a piece of the malware for it is missing.

Please help me cleanup this laptop.

Thanks,
Smurf-Slayer

Edited by Smurf-Slayer, 07 January 2012 - 06:00 PM.


BC AdBot (Login to Remove)

 


#2 Smurf-Slayer

Smurf-Slayer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 07 January 2012 - 06:00 PM

Additional information.

We have also run the Kaspersky TDSSKiller and it did find some stuff, but it is currently clean.

Also, MBAM sometimes doesn't find pup.bitminer in normal mode, but always finds it in safe mode.

We have also run rkill too. It is currently showing clean.

Smurf-Slayer

#3 Smurf-Slayer

Smurf-Slayer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 07 January 2012 - 07:57 PM

In addition to the above, Trendmicro also reports the following items, and says they were removed. However they come back. In addition, this does not happen in Safe Mode, only in a normal boot up.

TROJ_FAKEAV.DAM
TROJ_SIREFEF.BZ
TROJ_SIREFEF.BW

The .BZ and .BW change a lot also.

Files named 80000032.@ where 32 changes all the time, but the 32 is common. Some examples are c0.@, 64.@, cb.@, cf.@

Frequently after booting up normally, the computer locks up. Some things kinda work but for the most part it never recovers.

Smurf-Slayer

#4 Smurf-Slayer

Smurf-Slayer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 08 January 2012 - 01:05 PM

Also, this computer was infected with System Fix. It appears that we got that taken care of, but the remaining problem(s) might be residual?

#5 Smurf-Slayer

Smurf-Slayer
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 08 January 2012 - 10:24 PM

I reposted this thread due to my follow up posts. Please close this thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users