Inactive Handling Trojan.BitCoinMiner.Generic

kevinj888

Thread Starter
Joined
Oct 6, 2016
Messages
31
Hi,

I recently discovered a spike in my CPU/Memory usage from COM Surrogate process. I did a scan with MBAM and found out the cause was Trojan.BitCoinMiner.Generic. Since then, I have cleaned the detected malwares and ran AdwCleaner + FRST. However, I appreciate if someone could review my log and/or advice if there is any further steps I should take? Thank you very much.

Cheerio,
Kevin
 

Attachments

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hello.

I will be assisting you regarding your computer's issues. Here, we will check your computer for malware.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.


==========================

Please allow me some time to review your logs and provide instructions.
 

kevinj888

Thread Starter
Joined
Oct 6, 2016
Messages
31
Hi Dr M,

Thank you for your kind assistance. Appreciate that you are taking the time.

I will wait for your analysis results then.

Cheers,
Kevin
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Kevin,

Allow me to make to you a question first: Is this a personal or a company computer?
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Thanks. I will be back as soon as I finish reviewing your logs.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Hi, Kevin.

No active infection present, but I do have some things for you to consider and do:

1. P2P program

You have μΤorrent installed in your computer. This is a P2P program. P2P programs form a direct conduit on to a computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program. If you don't uninstall it, your computer will probably get infected, soon or later. But it is your computer and of course your decision.
  • If you decide to keep it, DON'T use it during the cleaning procedure.
  • If you decide to uninstall it, uninstall it.

2. Uninstall programs

Do you need these programs? If you carefully use them, you can keep them. If there is not a particular reason for them to be installed in the computer, please uninstall them.

Any Send for Windows
TeamViewer


Also: Is the following program legally installed/activated? It seems that its installer is detected by Microsoft Defender. Probably it is a false-positive, but please keep it only if it is legally activated. Otherwise, uninstall it.

PowerISO


3. Norton Security

Norton Security is installed, but it shows disabled. Also, there are multiple entries of it in the Security Center, probably indicating that the program is not properly installed.

If it is the paid version, make sure you have the license and uninstall it.
If it is the free version, uninstall it.

If you want Norton as your antivirus solution, you can reinstall it later, when we finish from here. Otherwise, you can stay with Windows Defender, the Windows 10 built-in antivirus, which is good enough to protect you. Please, let me know about your decision.

To uninstall Norton Security:
  • Download the Revo Uninstaller (Free Download) and save it on your Desktop.
  • Double click on the exe file created on your Desktop to run the installer, and follow the instructions to install the program.
  • Double click the program's icon to open it.
  • Write in the search area, on the top left, the following program:
Code:
Norton
  • Choose the Uninstall tab from the menu and let the program to create a Restore point.
  • Choose Scan, and then the Advanced mode scan.
  • Select all the Norton items found, Delete and Next.
  • Let the procedure be completed and click on Finish.
  • Restart the computer.

4. Fresh FRST logs

After uninstalling any of the above programs, or anything else, please let me check fresh FRST logs, Addition and FRST. It would be best to move the FRST tool on to your Desktop instead of the Download folder you have it now.


In your next reply please post:
  1. The programs you uninstalled
  2. Fresh FRST logs
 

kevinj888

Thread Starter
Joined
Oct 6, 2016
Messages
31
Hi Dr M,

Thank you for the advice. I'd like to clarify a couple of things before proceeding with the uninstallation and FRST log.

1. Would you be able to kindly provide me with guides on how to set the configuration properly? I mainly use this to download torrent files.

2. Teamviewer: I am using this regularly to remote to one of the common PC stationed in the office since currently I am working from home.
Anysend: I can uninstall it, not frequently used.
PowerISO: Currently using the unregistered version with limited features.

3. I think I got a free license of Norton from when I purchased the computer. But I am not sure if it's a perpetual license or just for a few years. For now I guess we can uninstall first.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
1. Would you be able to kindly provide me with guides on how to set the configuration properly? I mainly use this to download torrent files.
I never used a torrent client, so I can't help with that. But when you search in the web, you can find out about the best settings configuration. As I said above, just do not use μTorrent while we are cleaning the computer.

I'm fine with your other comments. You can uninstall whatever you don't use and keep anything you are aware of their purpose.

If Norton was installed when you bought the computer, then probably the licence has expired, so you can uninstall it for now.

I will be waiting for your fresh logs, when you are ready.
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Kevin,

Unfortunately there is evidence of potentially illegal software on your computer. I am going to request you to completely uninstall all products for which you do not have a valid Product Key, including all "cracked" software.

Have in mind that installing pirated programs in your computer is the easiest way to install malware. Thus, and regardless the illegal part of this action, what's the reason to clean the computer, since it's going to get infected again.

If you are willing to do that please rerun a FRST scan after removal and attach both reports in your reply. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
 

kevinj888

Thread Starter
Joined
Oct 6, 2016
Messages
31
Dear Dr M,

Thanks for the complete review.

You may close the topic for now. The detected .exe files by Windows Defender are crack/installer files which I have not installed. I will delete them separately and check if there is any other cracked software installed to be removed.

Kevin
 

DR.M

Malware Specialist
Joined
Sep 4, 2019
Messages
2,354
Kevin,

I'll leave it open (In progress, since it's not solved anyway), and when you are ready, feel free to post back. (y)
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top