Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security concerns after Malwarebytes scan


  • Please log in to reply
5 replies to this topic

#1 Peter78

Peter78

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 21 February 2018 - 11:54 AM

I installed Malwarebyte and after i run a scan on my Windows 7 OS i get these results:
 

Trojan.BitCoinMiner.E, C:\PROGRAMDATA\MICROSOFT WINDOWS STARTUP\WININIT.EXE, No Action By User, [209], [489316],1.0.4032
Trojan.BitCoinMiner.E, C:\PROGRAMDATA\MICROSOFT WINDOWS INIT\WININIT.EXE, No Action By User, [209], [489317],1.0.4032
Trojan.BitCoinMiner, C:\PROGRAMDATA\MICROSOFT WINDOWS\SYSTEM\WUAUCLT.EхE, No Action By User, [68], [487172],1.0.4032
Trojan.BitCoinMiner, C:\PROGRAMDATA\MICROSOFT WINDOWS NT\SERVICE\SPPSVC.EхE, No Action By User, [68], [487172],1.0.4032
Trojan.BitCoinMiner, C:\USERS\ANON\APPDATA\ROAMING\MICROSOFT\NETWORK\SYSTEM\WMIPRVSE.EхE, No Action By User, [68], [487172],1.0.4032
Trojan.MalPack, C:\USERS\ANON\APPDATA\ROAMING\MICROSOFT\SYSTEMCERTIFICATES\WININIT.EXE, No Action By User, [32], [487828],1.0.4032
Trojan.BitCoinMiner, C:\USERS\ANON\APPDATA\LOCAL\MICROSOFT\WINDOWS\CACHES\WINLOGON.EхE, No Action By User, [68], [487228],1.0.4032
Trojan.BitCoinMiner, C:\USERS\ANON\APPDATA\LOCAL\MICROSOFT\WINDOWS\EXPLORER\TASKMGR.EхE, No Action By User, [68], [487172],1.0.4032
Trojan.BitCoinMiner.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|WindowsSystem, No Action By User, [209], [489316],1.0.4032
Trojan.BitCoinMiner.E, HKU\S-1-5-21-3769621780-3217232507-1090172942-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Startup, No Action By User, [209], [489317],1.0.4032


I don't have idea how these malware files get on my PC. Did i downloaded them through the browser or they get installed through other programs? Do i have to change my passwords for important online accounts? Is it possible these malware files to have sent sensitive information to a hacker? I will reinstall my Winodws to be safe but i want to know how these files get on my PC and how dangerous they are. 



BC AdBot (Login to Remove)

 


#2 iancatalan

iancatalan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 21 February 2018 - 12:09 PM

Are you using your computing for mining bitcoin? 



#3 Peter78

Peter78
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 21 February 2018 - 01:03 PM

Are you using your computing for mining bitcoin? 

No, i don't.



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 21 February 2018 - 04:59 PM

Well however they probably rode in on something.. Did you ask MBAM to remove? It doesn't appear so. Do that

Please also do these.

MiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP conf[iguration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
And finally I'd like us to scan your machine with ESET OnlineScan:
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
Enable detection of potentially unsafe applications
Enable detection of suspicious applications
Scan archives
Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Peter78

Peter78
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 AM

Posted 22 February 2018 - 05:12 AM

I reinstalled my Windows so i hope everything on my hard drive is malware free now. By the way, except ESET Online Scanner what other online scanner i could use? And how good the on demand online scanners are?



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:26 AM

Posted 22 February 2018 - 11:46 AM

I think the ESET and F-Secure are the best to use and are very good as the data bases are completely updated.
https://www.f-secure.com/en_US/web/home_us/online-scanner
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users