Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trojan Dropper BCminer help please.


(!)

Mark1956's Avatar
Malware Removal Specialist with 13,960 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Jul-2012, 01:00 PM #16
The Combofix log is looking good. Just one more scan to be sure there is nothing left behind and a check to see if anything needs updating.


Eset online scan instructions.
IMPORTANT ---> Please make sure you follow the instruction to uncheck the box next to Remove found threats. Eset will detect anything that looks even remotely suspicious, this can include legitimate program files. If you do not uncheck the box, as instructed, Eset will automatically remove all suspect files which could leave some of your software inoperative. If you make a mistake these files can be restored from quarantine, but it would be preferable not to add any extra work to the clean up of your system.
  • Disable your existing Anti Virus following these instructions.
  • Please go here to use the Eset Online Scanner.
  • When the web page opens click on this button
  • If you are not using Internet Explorer you will see a message box open asking you to to download the ESET Smart Installer, click on the link and allow it to download and then run it. Accept the Terms of use and click on Start. The required components will download.
  • If using Internet Explorer the Terms of use box will open immediately, accept it and click on Start.
  • After the download is complete the Computer scan settings window will open, IMPORTANT ----> uncheck the box next to Remove found threats and click on Start. The virus signature database will then download which may take some time depending on the speed of your internet connection. The scan will automatically start when the download is complete.
  • This is a very thorough scan and may take several hours to complete depending on how much data you have on your hard drive. Do not interrupt it, be patient and let it finish.
  • A Scan Results window will appear at the end of the scan. If it lists any number of Infected Files click on List of found threats. Click on Copy to clipboard, come back to this thread and right click on the message box. Select Paste and the report will appear, add any comments you have and post the reply.
  • Back on the Eset window, click the Back button and then click on Finish.
_______________________________________________________________


Download Security Check by screen317 from Here or Here.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
xFlashmonkeyx's Avatar
xFlashmonkeyx xFlashmonkeyx is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
17-Jul-2012, 03:39 PM #17
C:\Qoobox\Quarantine\C\Users\Ken\AppData\Local\{72e64b4a-c891-162c-92da-c19fcd70e04c}\n.vir Win64/Sirefef.W trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{72e64b4a-c891-162c-92da-c19fcd70e04c}\U\80000000.@.vir Win64/Sirefef.AE trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{72e64b4a-c891-162c-92da-c19fcd70e04c}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
xFlashmonkeyx's Avatar
xFlashmonkeyx xFlashmonkeyx is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
17-Jul-2012, 03:43 PM #18
Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
Mark1956's Avatar
Malware Removal Specialist with 13,960 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Jul-2012, 05:16 PM #19
Eset scan looks good, the only detections are already in quarantine and will be deleted completely when Combofix is uninstalled. Please continue by updating Java and Adobe Reader, as follows, please post back when done.

Adobe
Close any programs you may have running - especially your web browser.
Click on Start > Control Panel, double-click on Programs and Features and uninstall the following Adobe entries:

Adobe Reader

NOTE: For XP click on > Control Panel, double-click on Add or Remove Programs and continue as above.
Then go to this link Adobe Downloads and select the latest version to download and install. You will see this page below, click on the appropriate button for Adobe Reader as indicated.



You will now see a page similar to this one:



All four Adobe products, Reader, Flash Player, Air and Shockwave Player are set by default to download the version for Windows Operating Systems and for Internet Explorer in English. If you are using a Macintosh, or you want to use the Adobe product with a different Browser or language you must click on the line (as indicated in the above image) to make further selections to meet your requirements.
As you will see in the above image the Adobe Reader is set for Windows 7, please click (as indicated) if you are using a different version of Windows to make further selections. All the other Adobe products are universal and you will only need to change the selection for different Browsers, Languages or for Macintosh.
NOTE: In all the downloads look out for the Google Toolbar and uncheck the box if you do not need it.
Some additional instructions may appear for XP installations. In all cases save the download to your desktop, then close your browser and double click on the Adobe icon on your desktop to install it. If you have any problems installing, disconnect from the internet and disable your Anti Virus and any other security software, instructions for most AV's, etc. can be found here: How to disable security software.

________________________________________________________

How to update Java:
Be aware that the act of downloading any Java installer means that you have read and agree to abide by the end users license agreement.
End user licence agreement

First uninstall all existing versions of Java.
  • Go to Start > Control Panel double-click on Add/Remove programs (or Programs and Features) and click on any item with Java, Java(TM), JRE or J2SE in the name.
  • Click the Uninstall, Remove or Change/Remove button and allow it to uninstall.
  • If a User Account Control warning appears click on Allow.
  • Repeat as many times as necessary to remove each and every item.
  • Reboot your computer once all Java components are removed.
NOTE: If you have a 64bit version of Windows and are using the 64bit version of Internet Explorer the Java site will automatically give you the correct Java version using the instructions below, but it is recommended that you use only 32bit browsers and versions of Java. Please read this for further information: Which Java download should I choose for my 64bit operating system?. If you install Java for the 64bit version of Internet Explorer and you use any other browser you will also need to repeat the installation while using your other browser which will most likely be 32bit. If in doubt please ask.

How to install the latest version.
  • Open the browser that you normally use and click on this link: Java Download
  • Click on the big red button Free Java Download
  • On the next page click on the big red button Agree and Start Free Download
  • Select Run whenever the option appears. If no Run option appears click on Save and then when the download completes click on Run. If a User Account Control warning appears click on Continue.
  • When the Welcome to Java window appears click on Install.
  • It may takes several minutes to download the installer depending on the speed of your connection, allow it to complete.
  • If any error messages appear click on OK and then click on the Agree and start free download button again.
  • Please wait for the Java Setup window to appear. Uncheck the box to install the Ask Toolbar and then click on Next.
  • NOTE: The Ask Toolbar option may change without notice to something different, please make sure you uncheck the box for anything else that is offered. On some systems this offer may not appear, in which case, continue with the next instruction.
  • You will then see the Java Setup Progress window and another will appear for JavaFX (on some systems the JavaFX will not appear or be installed). Finally the Java Setup Complete window will appear, click on Close.
  • If a Java page then appears with a button to Verify Java Version click on it and it will verify the installation.
  • The Installation is now complete, please reboot the system.
  • NOTE: The JavaFX component is not required unless you are developing Java applications. It is perfectly safe to keep on your system, but if you wish to uninstall it please do so.

Last edited by Mark1956; 17-Jul-2012 at 05:27 PM..
xFlashmonkeyx's Avatar
xFlashmonkeyx xFlashmonkeyx is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
17-Jul-2012, 10:23 PM #20
Okay everything is updated.
Mark1956's Avatar
Malware Removal Specialist with 13,960 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
18-Jul-2012, 12:52 AM #21
Ok, now to remove all the tools used:

To re-enable your CD Emulation drivers if you disabled them, double click DeFogger.exe to run the tool again.
  • The application window will appear.
  • Click the Re-enable button to re-enable your CD Emulation drivers.
  • Click Yes to continue.
  • A 'Finished!' message will appear.
  • Click OK.
  • DeFogger will now ask to reboot the machine...click OK.
To uninstall ComboFix, press the WINKEY + R keys on your keyboard or click on Start , type Run into the search box and hit Enter.
In the Run box type: ComboFix /Uninstall (Be sure to leave a space before the forward slash).
  • Click on OK.
  • If you encounter any problems using the switch from the Run dialog box, just rename ComboFix.exe to Uninstall.exe, then double-click on it to remove.
  • This will delete ComboFix's related folders/files, reset the clock settings, hide file extensions/system files, clear the System Restore cache to prevent possible reinfection and create a new Restore point.
  • When it has finished you will see a dialog box stating that "ComboFix has been uninstalled".
  • After that, you can delete the ComboFix.exe program from your computer (Desktop).
Next
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose Run as Administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
-- Doing this will remove any specialized tools downloaded and used. If OTC does not delete itself, then delete the file manually when done.
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

Please post back when this is complete and let me know if you have had any problems.
xFlashmonkeyx's Avatar
xFlashmonkeyx xFlashmonkeyx is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
18-Jul-2012, 09:34 AM #22
I do not have defogger.exe where could I get this tool?
Mark1956's Avatar
Malware Removal Specialist with 13,960 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
18-Jul-2012, 01:11 PM #23
In post 10 STEP 1 was to download and run Defogger. It will have created an icon on your desktop which is Defogger.exe. If you skipped that instruction you can ignore the instruction above to run it again and just continue with the rest.
xFlashmonkeyx's Avatar
xFlashmonkeyx xFlashmonkeyx is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
18-Jul-2012, 10:54 PM #24
Okay I have done uninstalled combofix and ran OTC. On my desktop I still have TFC and Security Check am I suppose to keep those or remove them?
Mark1956's Avatar
Malware Removal Specialist with 13,960 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Jul-2012, 01:03 AM #25
In the last few lines of the instructions there is the answer to your question:
-- Any leftover folders/files related to ComboFix or other tools which OTC did not remove can be deleted manually (right-click on it and choose delete).

We are all done, I shall now mark this thread as Solved and leave you with some security advice, but please feel free to post back if you have any remaining issues or concerns.

There are many places where you will find security advice, but most are biased towards a particuler item of software that they are trying to promote. I have given some unbiased advice below that shoud help keep you better protected. Unfortunately there is no "best protection", new Malware is being produced every minute of the day so it is a cat & mouse game for all security software vendors to keep up with the latest infections.

It has always been the case that what one Anti Virus program will detect another one will miss and vice versa. That being said, never be tempted to install more than one Anti Virus program thinking that will give you better protection as in fact the reverse is true. Two or more AV programs will (in most cases) conflict with each other, slow your system down and actually reduce your security level. Don't assume that your present Anti Virus is no good on the grounds that you got infected, if I have seen you are using a poor Anti Virus I will have advised you earlier in the thread. There are a lot of nasty infections out there waiting to jump onto a PC and with some of the newest infections there is very little that will block them. Fortunately there are those who dedicate their spare time, for little reward, in making the tools we use here to remove these infections. It is those people that we have to thank as without them a reinstall would be the only way out.

Some additional security measures.
If your present security software does not include a third party Firewall or AntiSpyware.
Go Here for a selection of third party Firewalls.
Go Here or Here for Anti Spyware.

Malwarebytes free version (which you may have used during this thread) is worth having for regular scans of your system, always check for updates before using it. If you can afford the Malwarebytes Pro version it will provide even better protection with a full time active scanner. Never have more than one active anti virus, anti spyware or firewall running on your system as it can cause conflicts and slow down the PC. You can safely run the Pro version of Malwarebytes with any Anti Virus software.

WOT (Web OF Trust) Will warn you (in most cases) about dangerous web sites.

Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular"among criminals.

WinPatrol is a useful facility to have. WinPatrol takes snapshots of your critical system resources and alerts you to any changes that may occur without your knowledge. It can also be used to control all your start up programs.
xFlashmonkeyx's Avatar
xFlashmonkeyx xFlashmonkeyx is offline
Member with 15 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Intermediate
19-Jul-2012, 03:16 AM #26
Thank you very much for your help! I actually do have one more question my cpu will spike from time to time and my computer will get really hot even if it is just sitting idle. Would you perhaps know of the cause?
Mark1956's Avatar
Malware Removal Specialist with 13,960 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-Jul-2012, 04:32 AM #27
If you hit these three keys on your keyboard Ctrl+Alt+Del and then select Task Manager from the menu you should be able to see what is using the CPU in the Processes list.

If it is something you don't recognise let me know.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑