Coin miner nejde odstranit

[sejnt]

No ide mi to spustit len v nudzovom rezime, a po 20 minutach mam len 2% je take chovanie normalne ??

[Rudy]

AVPTool je běh na dlouhou trať. Při takřka zcela zaplněném disku se nedivte. Můžete zkusit ještě MS safety scanner: http://www.microsoft.com/security/scann ... fault.aspx . Nezaručím vám ale, že bude rychlejší.

[sejnt]

Prvy krat ked som to presiel sa mi to pri vytvarani logu seklo. Program nasiel jeden zly subor. Ale proces coin miner sa po pripojeni na internet vyrvoril znova. Po druhom skenovani nic nenaslo a log sa neda ulozit.Lebo tam nic nie je:).tak sem hodim potom ten z toho microsoftu.

[Rudy]

OK.

[sejnt]

No ten to presiel cele, nic nenasiel a ani nevyhodil ziadny log, a nebola tam ani taka moznost:)

[Rudy]

Ještě na to zkuste pustit MBAM: http://www.malwarebytes.org/mbam.php MBAM . Proveďte úplný sken a dejte log. Předem nic nemažte.

[sejnt]

ten som nahodou robil doobeda:)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org



Database version: v2013.08.06.04



Windows 8 x64 NTFS (Safe Mode/Networking)

Internet Explorer 10.0.9200.16635

SSejnt :: SEJNT [administrator]



Protection: Disabled



8/13/2013 10:48:22

mbam-log-2013-08-13 (10-48-22).txt



Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 754648

Time elapsed: 2 hour(s), 22 minute(s), 59 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 8

C:\temp\cm.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.

C:\temp\coinutil.dll (PUP.BitcoinMiner) -> Quarantined and deleted successfully.

C:\temp\miner.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.

C:\temp\usft_ext.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.

D:\Games\WARCRAFT III\Warcraft III\xpam.exe (Trojan.MultiDropper) -> Quarantined and deleted successfully.

D:\ousb\Bordel\Feast\Ival\Feast.exe (Trojan.Refroso) -> Quarantined and deleted successfully.

D:\ousb\Bordel\SANJAM\STOBOM.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

D:\W3instalation\xpam.rar (Trojan.MultiDropper) -> Quarantined and deleted successfully.



(end)

[Rudy]

Mělo by to být smazané.

[sejnt]

Mam pre vas zlu spravu:D ten proces sa zase vytvoril :/

[Rudy]

Vypněte obnovu systému, restartujte PC. Pak udělejte nový sken MBAM a dejte před smazáním log ke kontrole.

[sejnt]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org



Database version: v2013.08.06.04



Windows 8 x64 FAT

Internet Explorer 10.0.9200.16635

SSejnt :: SEJNT [administrator]



Protection: Disabled



8/14/2013 19:37:44

MBAM-log-2013-08-14 (21-57-40).txt



Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 599222

Time elapsed: 2 hour(s), 17 minute(s), 18 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 4

C:\temp\cm.exe (PUP.BitCoinMiner) -> No action taken.

C:\temp\coinutil.dll (PUP.BitcoinMiner) -> No action taken.

C:\temp\miner.dll (PUP.BitCoinMiner) -> No action taken.

C:\temp\usft_ext.dll (PUP.BitCoinMiner) -> No action taken.



(end)

[Rudy]

Nalezené položky smažte a zapněte obnovu systému.

[sejnt]

potom restartovat pocitac a skusit pripojit na internet ??:)


//edit po restarovani sa zase vytvoril priecinok temp ale je prazdny..po pripojeni na internet sa do neho postupne davali subory dll a nakoniec cm.exe a zase sa spustil ten proces

[Rudy]

Jistě. I s připojením.

[sejnt]

po restarovani sa zase vytvoril priecinok temp ale je prazdny..po pripojeni na internet sa do neho postupne davali subory dll a nakoniec cm.exe a zase sa spustil ten proces