Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Claymore CPU Miner, svchost.exe in C:/Windows/Temp


  • This topic is locked This topic is locked
2 replies to this topic

#1 aoisoraa

aoisoraa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 23 January 2015 - 03:00 AM

http://www.bleepingcomputer.com/forums/t/563607/self-creating-svchostexe-in-windowstemp-folder-claymore-cryptonote-cpu-miner/

http://www.bleepingcomputer.com/forums/t/562026/svchostexe-creates-itself-in-cwindowstemp/

 

I am having the same problem as the above two. Please help me remove the infection! :'(

 

Attached File  FRST.zip   69.47KB   8 downloads

Attached File  Addition.txt   32.85KB   3 downloads

Attached Files



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:51 AM

Posted 24 January 2015 - 05:44 PM

hi aoisoraa,

 

  If you still need help with the issue you can do this to get started:

 

  We will get two downloads to use, then go from there based on the logs:

 

1)  Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.

 

   http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.3.1025.exe

 

    Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.

    At the end, be sure a checkmark is placed next to the following:

        Launch Malwarebytes Anti-Malware

        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal   capabilities of the program.

    Click Finish.

    On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.

    Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

    A Threat Scan will begin.

    With some infections, you may see this message box.

        'Could not load DDA driver'

    Click 'Yes' to this message, to allow the driver to load after a restart.

    Allow the computer to restart. Continue with the rest of these instructions.

    When the scan is complete, click Apply Actions.

    Wait for the prompt to restart the computer to appear, then click on Yes.

    After the restart once you are back at your desktop, open MBAM once more.

    Click on the History tab > Application Logs.

    Double click on the scan log which shows the Date and time of the scan just performed.

    Click 'Copy to Clipboard'

    Paste the contents of the clipboard into your reply.

 

2)  Please download adwcleaner from here and save to your desktop.

    Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
    Now click on the Scan tab, once the scan is complete click on the Clean tab and follow the prompts.
    Allow the system to reboot. You will then be presented with the report. Copy & Paste this report in your next  reply.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Note: The log can also be located at C: AdwCleaner AdwCleaner[S0].txt

 


How Can I Reduce My Risk to Malware?


#3 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:51 AM

Posted 27 January 2015 - 09:40 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users