Over 1 million tech questions and answers.

Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Q: Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Hello,

Problem description:

Noticed that the Microsof Security Essentials suite (and the firewall) was disabled, and could not be restarted ("The specified service does not exist as an installed program."); after uninstalling and reinstalling the MSE application, the computer would boot and almost immediately shut down (a dialog box would warn of shut-down in 1 minute); I did a restore and the shut-down warning stopped, but MSE was disabled again and uninstalling/reinstalling would produce the same problem.

Next step was to download and run Malwarebytes - log as follows:

////////////////////////////////////////////////////////////////////////////

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
CC2 :: CC2-PC [administrator]

7/16/12 6:41:40 AM
mbam-log-2012-07-16 (06-41-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195899
Time elapsed: 4 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) -> Delete on reboot.
C:\Windows\Installer\{9586c484-025f-163f-a380-b9689526935d}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{9586c484-025f-163f-a380-b9689526935d}\U\[email protected] (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)

////////////////////////////////////////////////////////////////////////////

This produces the 3 trojan files above - after rebooting to "remove" the files they appear again on the next scan after the reboot. And so the cycle continues... which is why I am here.

Any help would be greatly appreciated - I have seen that you have helped someone get out of a similar jam, but I am concerned the instructions are too specific and could harm my system.

Thanks in advance,

-- Richard

////////////////////////////////////////////////////////////////////////////

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by CC2 at 7:45:31 on 2012-07-16
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.2012.1222 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Windows\system32\DKabcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\ErrorApp\dkab1err.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Users\CC2\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Windows\system32\mstsc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\System32\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
uRun: [DKab1err] c:\program files\dell\errorapp\DKab1err.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtDCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [BingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey
mRun: [widrf] rundll32.exe "c:\users\cc2\appdata\roaming\widrf.dll",CloseFile
mRun: [ichch] "c:\windows\system32\rundll32.exe" "c:\users\cc2\appdata\roaming\ichch.dll",TriPatchSize
StartupFolder: c:\users\cc2\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\cc2\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} - hxxp://parts.husqvarna.com/WebResource.axd?d=Ng3laKzcfUEvPGircgk8fw5wkOWRur6UN4lcg3qsi17UerAAcOkh21BenOQ8f-0UA5Fw5jF7lO3xvLd0x-RJaIT2yUACImJU8FXzCW0t8WoGgfKv_keoEvjEbx6e8mazFtr7qyMR33SrKS-Ee3KnwwVdRe0wDrZealjMSq0GEokUovtc0&t=634746229809631204
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{E3B4D13D-B336-4207-AD19-51718A19FF67} : DhcpNameServer = 192.168.0.1
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-15 146448]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2012-3-30 151656]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2010-12-18 260648]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2010-12-18 273448]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 svcGenericHost;Trend Micro Client/Server Security Agent;"c:\program files\trend micro\client server security agent\hostedagent\svcgenerichost.exe" --> c:\program files\trend micro\client server security agent\hostedagent\svcGenericHost.exe [?]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-15 283152]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;"c:\program files\trend micro\client server security agent\tmpfw.exe" --> c:\program files\trend micro\client server security agent\TmPfw.exe [?]
S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;"c:\program files\trend micro\client server security agent\tmproxy.exe" --> c:\program files\trend micro\client server security agent\TmProxy.exe [?]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-12 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-3 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-12 00:57:57 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 15:18:26 -------- d-----w- c:\users\cc2\appdata\roaming\Malwarebytes
2012-07-09 15:17:47 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 15:17:47 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 15:17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 19:31:18 415744 ----a-w- c:\users\cc2\appdata\roaming\ichch.dll
2012-07-03 19:30:29 136192 ----a-w- c:\users\cc2\appdata\roaming\widrf.dll
2012-06-28 16:22:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-27 21:17:02 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d157b342-1e4e-4a41-aed2-35e0f4636b33}\mpengine.dll
2012-06-26 14:02:23 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-19 13:45:20 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 13:45:10 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 13:44:56 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 13:44:55 33792 ----a-w- c:\windows\system32\wuapp.exe
.
==================== Find3M ====================
.
2012-06-13 13:47:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:47:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
============= FINISH: 7:45:48.42 ===============

RELEVANCY SCORE 200
Preferred Solution: Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Infected with Trojan.0access / Trojan.Dropper.BCMiner / Trojan.Sirefef

Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]now press the search button[*]when the search is complete, search.txt will also be written to your USB[*]type exit and reboot the computer normally[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Read other 12 answers
RELEVANCY SCORE 161.2

hello guys

really hope one of the experts can help me with this! malwarebytes found the 3 trojans on my computer today. i have tried following the path where affected by unhiding registery files etc but wont let me delete

anyone have any ideas how i get rid of these?

thanks in advance

dom

A:Trojan.0access, trojan.dropper.bc miner and trojan sirefef

apols im not trying to 'bump' - just seen i need gto post these logs

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18882
Run by Administrator at 21:42:27 on 2012-07-02
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer Provided By Sky Broadband
uDefault_Page_URL = hxxp://www.sky.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools\pc tools security\bdt\PCTBrowserDefender.dll
mURLSearchHooks: Reganam Toolbar: {db9d7a78-a76c-4bf2-97c6-258925ee1542} - c:\program files\reganam\tbRega.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0... Read more

Read other 36 answers
RELEVANCY SCORE 160.8

The infected PC is a Toshiba laptop running Vista Home Premium Service Pack 2. I ran MalWarebytes on this PC and it found 10 Trojans and Rootkits. It removed some of them but not all. Trend Micro Maximum Security was running on this machine but was not updating properly. I removed it and loaded a trial version of AVG Internet Security and ran a scan using AVG. It found several entries and tried to remove them. It came back that it was unable to remove some entries. Now it continually pops up with messages saying that malware still exists on this machine. When using Internet explorer and trying to go to various websites I was getting redirect problems. I think that problem is currently resolved but some trojans remain. Please advise how to proceed. I have another computer which I can use to access instructions which is not infected.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by stanley's pc at 15:34:58 on 2012-07-16
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.61.1033.18.1915.652 [GMT 10:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012 ... Read more

A:Infected with Dropper.BCMiner & Trojan.Sirefef

Hi,Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst6... Read more

Read other 17 answers
RELEVANCY SCORE 159.2

I tried removing this myself with Malwarebytes, Combofix, and a bunch of other cleaners but ESET Online Scanner keeps showing the same infections. Thanks for any help you guys can offer. Here is my dds.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Andrew at 18:44:55 on 2012-07-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4057.1816 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:�... Read more

A:Infected with Sirefef, trojan.dropper.bcminer, Patched.b.gen, etc.

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 14 answers
RELEVANCY SCORE 152.4

I was browsing for something to download yesterday when the following happened:
- Windows firewall and avast anti-virus got turned off
- user account control settings got turned to 'never notify'
- LAN connection got changed to a public unidentified network with no internet access
Two windows with some text and an 'OK' button popped up too, but I thought they were ads and just closed them immediately using the top right 'X' button. I didn't think of marking it down at the time and I forgot what it said now.

After that happened I downloaded Malewarebytes Anti-Malware, updated the database and ran both the quick and full scan. It caught some stuff and removed it. However, Rootkit.0access and Trojan.Dropper.BCMiner keep coming back and I need help in removing them.

Here is the DDS.txt file
----------------------------------------------.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Judy at 20:01:06 on 2012-08-19
Microsoft Windows 7 Starter 6.1.7601.1.1252.2.1033.18.1014.113 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\sys... Read more

A:Rootkit.0access and Trojan.Dropper.BCMiner

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 17 answers
RELEVANCY SCORE 146.4

Hey folks and thanks in advance for all of your hardwork. You guys have helped so many people; those asking and those who just lurk. Either way great job and you all deserve a pat on the back and then some.So it seems as though other people have recently been having problems with trojan.0acess as well. I found it with MBAM and like the others, it removes rootkit.zacess and trojan.dropper.bcminer however trojan.0acess appears again after reboot. As of now I have disabled internet connection to my infected desktop[The DDS and GMER were ran after running a (C:)/Windows specific scan with mbam and no connection to the internet. the MBAM log below is of the first full scan while being connected to the internet]. I started noticing web redirects and firefox being unable to connect to certain pages(this could be something else) about a three days ago and ran a quick scan with MBAM which came up with nothing. the Full scan came up with the three above. I run no antivirus software and I don't use windows firewall. UAC is also disabled.Further attempting to turn on Windows Firewall yields "Windows Firewall can't change some of your settings. Error code 0x80070424"********************DDS************************.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by Danny at 19:57:42 on 2012-08-02Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2338 [GMT -7:00].SP: Windows Defender *Disabled/Outdated* {D68DDC... Read more

A:Infected with Trojan.0acess, Rootkit.Zacess, Trojan.Dropper.BCMiner

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 14 answers
RELEVANCY SCORE 146.4

Hello,

I would be very thankful if you could help me cleanup my laptop . Since 2 days I have been experiencing problems everytime I log in into websites, especially facebook's. I get a sign that says that internet explorer has blocked that website and when I want to log in into facebook, I encounter a sign that says that the website's certificate has expires and whether I would like to proceed.

I have run the anti-malware software 3 times but without success . This is the first report I got using the quick function during normal mode:

-------------- PLEASE DONT SPENT ATTENTION TO THE DATE, I DIDNT REALIZED THAT IT WAS SET UP TO A DIFF. DATE.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.03.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: GLV [administrator]

Protection: Enabled

6/14/2012 8:37:18 AM
mbam-log-2012-06-14 (08-37-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228445
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No ... Read more

A:Infected with PUB.BundleInstaller, Trojan.Dropper.PE4, Rootkit.0Access, and Trojan Backdor

I would like to add that this problem came around the same time that I started using the free quebles offered by hotmail.

Read other 35 answers
RELEVANCY SCORE 146

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when in regular mode it does.

I have used TDSSKILLER, ccleaner, mbam so far...nothing. Mbam seems to find some files created by something else, which on deletion and restart, reappear.
At one point my buddy told me to download Microsoft Security Essentials. I did and ran a scan. The infection didn't like that and proceeded to bring up, "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now", then kept restarting. I tried many ways to figure out what was happening but then just decided to uninstall Microsoft Essentials and it stopped.

I followed steps 6-9 in the guide, attached my logs hope that helps.

I have Windows 7 Ultimate 32bit. Any help would be much ap... Read more

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 146

Hi my name is Mike and I recently scanned my computer with mbam and found: Trojan.small, Trojan.Sirefef, Rootkit.0Access. I quickly deleted them after the scan, restarted and found my desktop icons moved around and my color scheme changed. I have not had any serious issues yet and would like to prevent any ASAP. My antivirus also popped up while I was scanning with mbam informing me of an infection. I have used p2p (utorrent) and this is likely the cause of it. The last time I used utorrent was about Tuesday so this is likely when it started. I have read the pinned post on p2p and how it can infect my computer and I have taken this into consideration. Any help from here on out would be much appreciated. I have also noticed that while scanning with mbam in Safe Mode it does not find anything, but when not in Safe Mode it does.

I have Windows 7 32bit Ultimate

used: Mbam, tdsskiller, ccleaner.

Thank you

-Mike

A:Infected w/ Trojan.small, Trojan.Sirefef, Rootkit.0Access

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Read other 7 answers
RELEVANCY SCORE 146

I started to have my web browser redirect to various spam pages. Microsoft security essentials was killed and I cannot start the service. Any help would be appreciated.

Thanks,
Adam

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by aeglap at 21:29:20 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4022.2341 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:&... Read more

A:Malwarebytes reports Trojan.Dropper.BCMiner, Rootkit.0Access, and Rootkit.0Access

Please close this thread. I was planning on buying a SSD drive in the near future so I just moved it up.

Thanks,
Adam

Read other 3 answers
RELEVANCY SCORE 144.4

Apologies if my formating is incorrect, I was referred to this site from reddit. Earlier today my AVG detected a Luhe.sirefef.A virus1 but could not remove them.Upon instruction from a thread I created on reddit2 I downloaded and ran Malwarebytes. This programs output3 revealed a Trojan virus. Malwarebytes was able to delete this virus, I then ran a second AVG scan and the Luhe virus was gone. They were in different files according to the pathnames given in each of the outputs. I am confused by this and not certain if I am in the clear as far as the first virus that was detected goes. Again apologies if my formatting is off. 1. http://i.imgur.com/GDPY3.png2. http://www.reddit.com/r/techsupport/comments/xgpqa/have_luhesirefefa_virus_avg_doesnt_delete_it/3. http://paste.ubuntu.com/1122493/

A:Trojan.Dropper.BCMiner and Luhe.sirefef.A

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually ... Read more

Read other 12 answers
RELEVANCY SCORE 142.8

Oh please help.

I think I've got all of the recent viruses together. I cannot login to Nike+ (which I assumed was a Nike problem until I saw a post on bleeping computer). I had/have Trojan Dropper BCminer and Malware doesn't remove it permanently (I've run it many times). I had to uninstall and reinstall Microsoft Forefront Endpoint, but that seemed to kick-off the Sirefef.B problem. I have tried to run ComboFix, Malwarebytes, aswMBR, and TDSSKiller. Unfortunately, now the computer restarts every 5-10 minutes, so nothing can finish. I re-uninstalled Forefront, hoping that would help ComboFix - but it can't get done. Also, I have bitlocker on my machine and don't have administrator rights.

Any help is much appreciated!

Thanks,
RC Friedberg

A:oh please help - sirefef.b, trojan dropper bcminer, and Nike+ login all together

Combo Fix and Malwarebytes both managed to complete. I am attaching the logs here. . .

Read other 17 answers
RELEVANCY SCORE 139.6

My father ran the Malwarebytes Anti-Malware and found 3 viruses on my computer. Trojan.Dropper.BCMiner, Rootkit.0Access and a Rootkit.0Access.64 I need help removing them and I am not computer smart. Here is a DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Laura at 19:02:33 on 2012-10-12
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3996.2039 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C: ... Read more

A:Trojan.Dropper.BCMiner, Rootkit.0Access, Rootkit.0Access.64

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

Read other 3 answers
RELEVANCY SCORE 132.8

Hi!

My mother in law got the Trojan.Dropper.BCMiner on her computer today.

The symptoms are that Avast shows messages every other minute or so saying that some files have been blocked. The files are: [email protected], [email protected], [email protected] and [email protected]

Besides the internet being slow I haven't noticed any other problems. I?ve read that BCMiner usually opens up alot of pop up-adds. Is the reason for them not popping up on this computer that Avast is blocking them?

I ran Malwarebytes AM and it found this infected file:
C:\Windows\Installer\{8e332967-9d87-6826-99f8-79db66641bd3}\U\[email protected] (Trojan.Dropper.BCMiner)
I have read the preperation guide for posting here on the forum and have everything except for downloading GMER because it was only for the 32-bit windows.

I have attaced the DDS- and attach-log.

Thanks in advance! I appreciate the help!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Marivick at 20:28:55 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3873.2270 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ======... Read more

A:Infected with Trojan.Dropper.BCMiner

Hi,Please run the following:Download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computerFollow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" and find your flash drive letter and close the notepad. In the command window type e:\frst64.exe and press Enter. Note: Replace letter e with the drive letter of your flash drive.The tool will start to run. When the tool opens click Yes to disclaimer. Uncheck the Whitlelist boxes next to Registry, Services, Drivers, and known DLL's Place a check next to List Drivers MD5 Press Scan button. It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Read other 14 answers
RELEVANCY SCORE 132.8

Hello,

Over the past week, My Windows 7 Gateway has been running slow, etc. new windows loading very slowly. My browser also keeps opening new "redirect" tabs in my Firefox explorer. Malwarebytes shows a trojan.dropper.bcminer infection.

Help?
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Chaves at 23:21:39 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9079.6891 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:�... Read more

A:Infected Trojan.dropper.BCminer

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 16 answers
RELEVANCY SCORE 132.8

Hi there,

New to the forums. I tried running spybot, avg, pandascan, trendmicro, avg and finally MBAM. All to no avail. No matter how time I get rid of this trojan it pops up somewhere else! Help please?

~Ashley~

A:Infected with trojan.dropper.bcminer

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 1 answers
RELEVANCY SCORE 132.8

i have read most of the related questions and apparently each solution is meant only for the user in question....

Im wondering if i could get any help about getting rid of trojan.dropper.bcminer since i dont want further damage on my laptop....

if anyone is willing to help out id be mode than happy. since i tried already all the simplest solutions i could find on the web !!!!
thanks in advance for any help

A:infected with trojan dropper bcminer :(

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 16 answers
RELEVANCY SCORE 132.8

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

A:Infected with trojan.dropper.bcminer

i have received help with this virus, thanks for your response.

Read other 4 answers
RELEVANCY SCORE 132.8

Please help with trojan.dropper.bcminer. I have ran a full scan with malwareebytes several times and this virus doesnt want to be removed. Thanks in advanced for all your help

A:Infected with trojan.dropper.bcminer, please help..

Hello LoveKids Please go here....Preparation Guide ,do steps 6-9.Create a DDS log and post it in this topic,thanks.If GMER won't run (it may not on a 64 bit system) skip it and move on.

Read other 16 answers
RELEVANCY SCORE 132.8

A family member contacted me about fake pc scanner popup windows and hardware thrashing. They had run malwarebytes and it found trojan.dropper.bcminer, but it would not fully remove/keeps coming back after clean.

I just received the machine and have done the following:

* Ran Defogger, disabled cd emulation
* Put DDS on flash drive, entered recovery, ran dds and saved log
* Ran GMER and saved log
* Ran FRST and saved log
* Ran FRST Search for services.exe and saved results

I don't know much about this, but it appears FRST found services.exe did not pass MD5 check, that's why I ran the search for services. Not sure how to proceed from here. Any assistance is absolutely appreciated!

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by cgb at 18:08:36 on 2012-07-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2037.757 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\a... Read more

A:Infected with trojan.dropper.bcminer

GMER log...
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-11 18:28:12
Windows 6.1.7601 Service Pack 1
Running: n94s93ov.exe
---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll 424096 bytes executable
File C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe 351904 bytes executable
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPYD0O90\diyfashion_com[1].htm 54992 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXWYS5HF\getAds[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXWYS5HF\afr[1].htm 976 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXWYS5HF\afr[2].htm 933 bytes
File C:\Windows\SysWOW64\config\system... Read more

Read other 9 answers
RELEVANCY SCORE 132.8

Hi guys noticed that most of the instruction sets to remove this are system specific so am hoping I could get some help removing this baddy please and thank you.

A:Infected with Trojan.dropper.bcminer

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 9 answers
RELEVANCY SCORE 132.8

About a week ago I was surfing and realized that my google searches were being redirected. I immediately ran Malwarebytes and found a trojan (Trojan.Dropper.BCMiner) and ran spybot search and destroy (which found nothing). After having Malwarebytes supposedly fix the problem it reoccurs after reboot and rescan. Here is the Malwarebytes log:Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.08.01Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Kelvin :: KELVIN-PC [administrator]6/11/2012 9:02:00 PMmbam-log-2012-06-11 (21-09-08).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 282738Time elapsed: 6 minute(s), 45 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Windows\Installer\{436c7596-7953-29b7-f639-6e087d1d793a}\U\[email protected] (Trojan.Dropper.BCMiner) -> No action taken.(end)Here is the aswMBR logaswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-06-10 21:26:13-----------------------------21:26:13.000 OS Version: Windows x64 6.1.7601 ... Read more

A:Ugh, infected with Trojan.Dropper.BCMiner

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

Read other 22 answers
RELEVANCY SCORE 132.8

Hello everyone. I am running Windows 7 Professional 64bit on my pc (i5 core 750 2.66mhz) and I've tried unsuccessfully to remove Trojan.Dropper.BCMiner with Malwarebytes but it keeps coming back. I tried a few other Trojan removal software (Windows MSRT) with no success. I would really appreciate it if someone could please help me with this, I'm at a loss.This is the link to my previous post regarding this issue:http://www.bleepingcomputer.com/forums/topic460000.html/page_gopid_2758046#entry2758046Thank you for any assistance you can offer me.DDS Log:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1Run by OMAR IZ at 23:51:03 on 2012-07-09Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16375.14339 [GMT -4:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spools... Read more

A:My PC is Infected with Trojan.Dropper.BCMiner

Greetings And Welcome To The Forums!!My name is Gringo and I'll be glad to help you with your malware problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 22 answers
RELEVANCY SCORE 132.8

My PC is infected and is running Windows 7. First it was infected with "Security Shield 2012". After managing to install Malwarebytes Anti-malware with a USB stick and an uninfected laptop (that I hate using), I've put a dent in the overall infection but the problem isn't over. The trojan.dropper.bcminer is still active despite repeat attempts. I'm under the impression that I may need someone to hold my hand through this one.I don't know what else to post as far as information or scan-logs. I also understand that anyone here who helps with this kind of thing on a regular basis might be fed up with helping the ignorant masses with the same problem over and over but I've been trying to fix this all day on my own and I'm just all out of hope. For reals.So far, I've gone through this process and was then redirected to the forum I am posting in, now. .DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by User at 9:40:32 on 2012-07-24Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1975.714 [GMT -4:00].AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows�... Read more

A:Infected with trojan.dropper.bcminer

please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 12 answers
RELEVANCY SCORE 132

Hello! Please Help!

My antivirus started to warn me about blocking stuff a few days ago. I was using Bitdefender Total Security 2012. At first it found the threats and removed them but since this morning it started acting more weird. It wasn't able to remove them. I think it showed among others a trojan.sirefef.fy. I've changed my antivirus with Norton 360 but it didn't solve anything. I've installed Malwarebytes Anti-Malware which found another 2 trojans and rootkit.0Access. A second scan showed nothing. Norton 360 showed 2 threats and removed them. At last I ran Eset Online Scanner which now shows 7 threats. I'm really worried that my pc is compromised. I'm using Windows 7 with Firefox. Windows Update seems to be deactivated too.

A:trojan.sirefef.fy, Sirefef.Fd Trojan, rootkit.0Access problem

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 8 answers
RELEVANCY SCORE 131.6

Yesterday, one of my PC's was infected with Trojan.Dropper.Generic_c.MMI . I realized something was wrong when Google Chrome stopped me from logging into my Facebook because the connection was insecure. Then, the trojan was detected by AVG. I had a friend (who is a lot more tech-savvy than me) come over and take a look at it. He downloaded a tool called "Combofix" and apparently it fixed the issue on that PC. I haven't had any issues with that PC since then, even after several scans with MalwareBytes, AVG, and Security Essentials.

Today, I woke up to a DIFFERENT PC being infected. This time, the symptoms were a bit different. I had tried logging into my Facebook and the same Google Chrome error appeared. Suddenly, I realized Security Essentials was offline and I got error messages when I tried reenabling it. Also, Windows Firewall was offline and when I tried to enable it, I got error 0x8007042. I ran a scan with MalwareBytes and Trojan.Dropper.BCMiner was detected. I called my friend over again and he reinstalled Security Essentials and did a scan and nothing was found. Then he installed AVG Free and "Trojan.Dropper.Generic_c.MMI" was detected. I thought that was extremely odd since my other PC had the same trojan the day before. He then ran "Combofix" on this PC. According to him, it was successful, saying that "services.exe was disinfected" or something along that line. However, Windows Firewall was still having the previou... Read more

A:Trying to deal with Trojan.Dropper.Generic_c.MMI and Trojan.Dropper.BCMiner

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 52 answers
RELEVANCY SCORE 131.6

Hi everyone. Hope you won't mind helping me with this issue.

Yesterday, upon start up of my laptop (Windows Vista Home Edition OS), I was informed by Avast that I had some sort of a trojan infection and that it would proceed to quarantine them to the virus chest. After the reboot and scan, it had shown that the virus was removed but another scan done by MBAM revealed that the infected object was still there. I was told by MBAM that it was the following file C:\Windows\assembly\GAC\Desktop.ini (Trojan.0access) but I can't seem to find it anywhere. An Avast scan stated the following had been removed/placed in virus chest but each subsequent scan by MBAM still reveals the Desktop.ini to be infected.

C:\Windows\assembly\GAC\Desktop.ini
C:\Windows\Installer\{1ec6a51f-804c-3b4d-6c80-a239b6741082}\n
C:\Windows\Installer\...\[email protected]
Win32:Sirefef-PL[Rtk]
Win32:Malware-gen

At one point, Avast stated that one of my music software exe files for FL Studio.exe was a virus even though upon scanning by both Avast and MBAM, it was not. I'm not sure what is the cause of some false positives or how to remove this virus. My Google Chrome browser gets periodically automatically redirected to this address http://83.133.127.55/ whenever I click on a link in Yahoo or Google.

Also, whenever I try to access google.com on Chrome, I receive the following message:

The site's security certificate ... Read more

A:Infected with Trojan.0access and Win32:Sirefef-PL[Rtk]

Hi,Please run the following:Download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Boot Menu:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.Use the arrow keys to select the Repair your computer menu item.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Choose your language settings, and then click Next.Click Repair your computer.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolScan your computer's memory for errors.Command Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe and press Enter.Note: Replace letter e with the drive letter of your ... Read more

Read other 17 answers
RELEVANCY SCORE 131.2

Please help!  I felt compelled to be a “good Samaritan” today, and advise a well-known UK Political Party that all the roadside advertising boards they had put up over the weekend in my village had been stolen during the night! Therefore with good intentions, I visited their website and on clicking to get their local contact details received an alert from Trend Micro that it had detected and quarantined the MAL_Xin12 virus
 
At the time I was remotely linked by my laptop (HP ProBook) to my desktop (Dell Vostro 460) as I’m not well so was working from my bed. An Adobe PDF exe then launched and knowing not to allow it to run I tried to shut this down using the X, but it simply wouldn’t work and just kept popping back up. So, i hauled myself out of bed and went to the Vostro and disconnected the remote link. I stopped the PDF process from Task Manager and shut the whole computer down then rebooted. On restarting my sound card was knocked out and then Windows Defender reported that it had detected and quarantined WIN32/Sirefef. There was no other suffix, just that.  I immediately telephoned the Political Party to advise them that their website was infecting their visitors and whilst doing this, Defender automatically removed the Sirefef. I then started scanning with SuperAntiSpyware and MBAM (which I use regularly) and googled both viruses as I was not familiar with either. I was horrified with what I learned.
 
SAS found nothing... Read more

A:MAL_Xin12, Win32/Sirefef, Trojan.0Access & Trojan.FakeMS

Hello WSKI would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this... Read more

Read other 30 answers
RELEVANCY SCORE 130

Hey Bleeping Computer! I have a Dell Latitude E6500 laptop and am running windows vista ultimate. I am running my laptop on safe mode with networking because I get the blue screen whenever I try to start it normally. My Malwarebytes software has picked up Rootkit.ZAccess and Trojan.Dropper.BCMiner which come back whenever they are removed. Could I please receive help so that I can permanently remove these. Thank you for your time.

A:Infected with Rootkit.ZAccess and Trojan.Dropper.BCMiner

Please do the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) ... Read more

Read other 44 answers
RELEVANCY SCORE 130

First, let me apologize in advance for my computer illiteracy. I am not incredibly knowledgeable, but sometimes I get lucky.
Last week I discovered the viruses. Know after a few days of non-use I am unable to access my computer without it shutting down and restarting. Its a vicious cycle and it seems to be a popular virus.

I have a windows vista os on my home computer. I was using Microsoft Security Essentials as my antivirus. I now have at least 3 viruses. They are Trojan.0access, Rootkit.Zaccess and Trojan.Dropper.BCMiner. They got me last week sometime. Everytime i did a MSE scan, it would catch the viruses and when I went to apply the actions, it would only delete a few of them. I would then get a box that popped up with the heading "You are about to be logged off" "Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now". Well when my computer rebooted I did a google search for the viruses and possible solutions. One i tried was to download malwarebytes Anti Malware. Didn't really work. The viruses have turned off my firewall and I can not turn it back on. Now after a few days of not using my computer, when I turn it on and I bring up my main screen, it shuts down with the previous message and then starts up again and shuts down within about a minute. It's a nasty virus. Suggestions? Should I hit <esc> when it is starting up? F10 for the boot menu? f11 for system recovery? Does... Read more

A:Trojan.0accessRootkit.Zaccess, Trojan.Dropper.BCMiner

Hello and welcome to Bleeping Computer! I am D-FRED-BROWN and I will be helping you. Yes, see if you can launch Safe Mode by pressing F8 as the system boots. Then, please follow the instructions below.Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.----------Step 1----------------I know you've already run TDSSKiller before, but please run it one more time so we have an up-to-date idea of what may be remaining on the computer. Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Skip is selected, then click Continue > Reboot now to finish the cleaning process.
Note: Do not choose Cure or Delete unless instructed.A log file named TDSSKiller_version_date_time_log... Read more

Read other 40 answers
RELEVANCY SCORE 126

Good Evening,

The problem started happening yesterday an employee came to me saying that eset was deleting his files off the network share which is connected to the server on a seperate partition. When I looked on his computer all the .docx files were changed over to .exe files eset keeps saying the files are infected with a w32/Pronny.JG.worm. I immediatly disconnected access to the network shares by disconnecting them. After network shares were disconnected I ran a scan with malwarebytes I can post the log file if you would like it found Trojan.ZbotR.Gen, Trojan.0Access, Rootkit.0Access, a lot of the files were loaded in the user directory of the employee they said 2pom/exe, passwords.exe, pron.exe, runme.exe, secret.exe, sexy.exe. I removed all files rebooted. Computer came up everything looked good check taskmgr there were still items running in the process I believe I check msconfig items were still checked. Unchecked all the items. Ran combofix I can post the log file later as well if you request it. Computer rebooted seemed like everything was working fine nice and fast nothing running in the background nothing in the user folder. Plugged setup map drive to network share same exact problem same exact files infected. Well by this time it was late in the evening went to sleep thinking the issue was isolated and only one pc was infected. After 9:30 this morning 2 more pcs became infected from access the network share. I think I'm getting out of my expertise in dealin... Read more

A:Infected With Trojan.ZbotR.Gen, Trojan.0Access, Rootkit.0Access

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/478489 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 124.8

I have been clearing a computer from numerous infections. I uninstalled the outdated (since 2006) McAfee AV. I have installed Microsoft Security Essentials, MBAM, and SuperAntiSpyware. I used this combination as well as several online scanners to remove over 150 infections. Every time I run a scan with SAS, the log comes back with the following infections:Trojan.Dropper/SVCHost-FakeC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SVCHOST.EXETrojan.Agent/Gen-FakeAlertC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEC:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXEMicrosoft Security Essentials pops up during the scan with the following infection:Trojan Downloader: Win32/Unruy.D C:\SYSTEM VOLUME INFORMATION\_RESTORE{D5FFFA500B1B}\SMSS.EXE I created a new restore point and deleted all previous points, yet these infections still remain. I was receiving help from another moderator who had me try several things before directing me here. Topic referenced is here: http://www.bleepingcomputer.com/forums/t/318510/cannot-remove-trojan/ ~ OB I am posting the DDS log, GMER log, and attaching the attach.txt file. Thank you in advance for any and all help you can provide. DDS (Ver_10-03-17.01) - NTFSx86 Run by Phillips at 14:21:21.10 on Tue 05/25/2010Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.796 [GMT -4:00]AV: Microsoft Security Essentials *... Read more

A:Infected with: Trojan.Dropper/SVCHost-Fake,Trojan.Agent/Gen-FakeAlert, & Trojan Downloader: Win32/Unruy.D.

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

Read other 19 answers
RELEVANCY SCORE 120.4

I'm getting pop-ups while using Firefox, no other noticeable impact at this point. AVG is sending me warning messages about the viruses.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Sam at 19:40:16 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3561.1696 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Prog... Read more

A:Infected with Trojan horse Dropper.Generic_c.MMI and Luhe. Sirefef.A

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 14 answers
RELEVANCY SCORE 117.6

Noticed this morning that Microsoft Security Essentials real-time protection was turned off and that I could not get it to turn back on. Also could not get windows update to run. Went to Services and tried disabling and then enabling windows installer. Also tried uninstalling and reinstalling MSE, but still the same problem.

Next ran MBAM full scan and found the first Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader. Clicked remove selected and let it reboot. MBAM log created below. Ran MBAM (quick scan this time) again and found Trojan.Lameshield.124. About to hit "remove selected" and reboot. Will post log after reboot.

I have backup drives that I use (2.5" USB drives). Should I scan those as well (at same time)? Thank you for any help!!!

MBAM log attached. Ran DDS but didn't see any option to save the log. Will figure that out and post after reboot. EDIT: rebooted, and reran DDS. The program ran, but then shut down without allowing me to save a log. Any ideas to get more information about my issue?

I run Windows Vista 32-bit. Dell Inspiron E1505 (5 years old). I run MSE and windows firewall (firewall still active as far as I can tell). Removed other malware before reinstalling MSE and followed procedures on microsoft articles about reinstalling MSE.
 mbam-log-2012-12-29 (15-25-09).txt   5.9KB
  3 downloads

 mbam-log-2012-12-29 (18-25-47).txt   2.05KB
&nbs... Read more

A:MBAM - Rootkit.0Access; Exploit.Drop.GS; Trojan.Agent; Trojan.Downloader; Trojan.Lameshield.124

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

Hello there, iseeker I'm Conspire, I'll be glad to help you with your computer problems.Please observe these rules while we work:Read the entire procedureIt is important to perform ALL actions in sequence.If you don't know, stop and ask! Don't keep going on.Please reply to this thread. Do not start a new topic.Stick with me till you're given the all clear.Remember, absence of symptoms does not mean the infection is all gone.Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

Read other 16 answers
RELEVANCY SCORE 117.2

Google started redirecting to odd places today, so ran virus checker and malwarebytes. Said it found the trojan.dropper.bcminer and deleted it, but still shows up after reboot. I've read through some of the other posts about this, but each answer seems to be specific to the poster, so I decided to post before trying more stuff on my on.
TSG sysinfo :
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 8
RAM: 8169 Mb
Graphics Card: NVIDIA GeForce GTX 460M, 1024 Mb
Hard Drives: C: Total - 693400 MB, Free - 357636 MB;
Motherboard: ASUSTeK Computer Inc., G73Sw
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated and Enabled

hjt.log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:59 PM, on 7/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dexpot\dexpot.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Dexpot\plugins\SevenDex.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files ... Read more

Read other answers
RELEVANCY SCORE 117.2

Not sure how it got there, but during my routine weekly Malwarebytes scan, I found that virus. I have tried to remove it, but Malwarebytes seems incapable and all the stuff I have found online either doesn't work, doesn't make sense or costs too much money.

Can someone please help walk me through how to remove this virus?

I am running Windows 7.

A:Trojan.Dropper.BCMiner

HiPlease run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64... Read more

Read other 2 answers
RELEVANCY SCORE 117.2

Hi there

I got infected with the trojan dropper bcminer virus
I ran a ton of scans (anti malbytes,AVG,ad-adware,kaspersky virus removal tool)

none of the scans are showing it up anymore , I did do combofix unsupervised and I think on about step 43 or something it said a system file was corrupted
I haven't ran combofix again, kasperspy and anti malbytes seemed to have removed it but I can't be for sure

what should I do now? because I read the nature of this virus can keep coming back and a threat to security/passwords etc I'm a little worried

I don't have the windows recovery disks with me (windows vista) and if it is never a sure thing it will be gone I might buy a new laptop to be safe (this one is a little old)

A:trojan dropper bcminer

DownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results hereDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

Read other 9 answers
RELEVANCY SCORE 117.2

Hello,

An unexpected update for Adobe Flash popped up on my computer recently. I installed it, thinking nothing of it, then quickly ran into a host of problems.

First, that Live Antivirus Platinum showed up and started scanning for false problems. A reboot in safe mode, followed by virus removal using malwarebytes and spybot took care of that.

One Trojan persisted despite repeated removals and reboots, though: Trojan.Dropper.BCMiner. It seems to redirect my google searches to unrelated advertisement sites. I unconnected my computer from the internet and used a laptop to try finding a solution. What I've found seems to suggest that this virus (connected somehow to rootkit zeroaccess) updates frequently. I've been unable to find a solution, both here and on other websites, so I'm hoping you guys can help me out. Here are my stats, followed by a HijackThis log:

Windows 7 64-bit
Mozilla Firefox (latest version)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:24 AM, on 7/22/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Users\Virgil\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
E:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explore... Read more

A:Trojan.Dropper.BCMiner

Further research unearthed an individual who suffered from the same problem. By chance, he happened to have the exact same build as me, rendering his solution viable for me as well. I will post the link that solved my problem, but urge others to understand that the solution in this thread is a very specific one that may not apply.

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

http://forums.malwarebytes.org/index.php?showtopic=112885
 

Read other 1 answers
RELEVANCY SCORE 117.2

Hi I recently recieved this trojan about a few days ago and have tried to get rid of it myself using Malewarebytes. Despite my attempts the virus keeps returning. Please help as soon as possible thank you. I believe I attached the hijack this scan and the dds scan. If I did not do these correctly please inform me and thank you again.
 

A:Trojan Dropper BCminer help please.

Read other 16 answers
RELEVANCY SCORE 117.2

In the process of switching anti-virus software (my employer's provided software was expiring) I discovered that I was infected with BCMiner. All attempts to remove it using Malwarebytes and AVG have failed. When I run either of those programs it will detect the trojan and attempt to remove. However, upon restarting the trojan is still on the system. I've attempted to remove it via safe mode, with the same results. I'm running Windows 7 64-bit. Also, something has shut off Windows Firewall, and when I try to turn it back on I get error code 0x80070424. Any help is appreciated.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by NMSH at 9:47:21 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2314 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows&#... Read more

A:Trojan.Dropper.BCMiner

Hi,Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst6... Read more

Read other 12 answers
RELEVANCY SCORE 117.2

I am currently having trouble with a particular Trojan called trojan.dropper.bcminer. i am using maleware bytes anti maleware software to try and combat this pesky bug with little success. Each time I restart my computer it refreshes itself and i am looking for a way to get rid of it.

thank you
terry

A:trojan.dropper.bcminer

here is a copy of the malware log. I hope it may shed a little more light on the matter.

thank you,
TERRY

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.09.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
My Computer :: MYCOMPUTER-PC [administrator]

7/9/2012 5:43:14 PM
mbam-log-2012-07-09 (17-43-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210228
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{a2d8084d-c4fd-0a56-dcb8-2a0e980e3c62}\U\[email protected] (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

It shows that it was quarantined and deleted. although, after the prompted restart the trojan is detected once again.

Read other 2 answers
RELEVANCY SCORE 117.2

After performing several Malwarebytes scans not resulting in the removal of this Trojan I followed instructions from BC advisor and performed a TDSS, aswMBR, and ESETkiller scans (post: http://www.bleepingcomputer.com/forums/topic463187.html ). Then I was told to perform DDS scan (following this guide: http://www.bleepingcomputer.com/forums/topic34773.html) and post results here. I skipped GMER because I think I have 64-bit OS. Below and attached the log files from DDS.

Appreciate any help/ suggestions on getting rid of this infection.

Thanks!
R.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by JHOME at 20:47:55 on 2012-08-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.2724 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\sv... Read more

A:Trojan Dropper BCMiner, I think...

Also, I've run all programs/ diagnostics in safe mode with networking. I also just noticed that I didn't copy the DDS file from the flash drive it was on to the desktop rather I ran it from the flash drive. Not sure if that makes a difference in the results of the logs.

Thanks!

Read other 13 answers
RELEVANCY SCORE 117.2

Hi!

I'm running Vista (64-bit) and there seems to be a trojan on the computer (MWB found it, attempted to remove it, but it never goes away?). It's causing browser redirection and pop-ups.

Can someone please help? I don't know where to even start!

Thanks!

A:Trojan.Dropper.BCMiner?

I forgot to mention, I use IE. Any other questions that would help? Just ask! (sorry, I'm not too sure what info would be helpful!)

Read other 76 answers
RELEVANCY SCORE 117.2

Hi I have the trojan.dropper.bcminer and could not figure out whether there is an existent fix-all solution for this. Can somebody help.

thanks matthew

A:trojan.dropper.bcminer

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems. I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At... Read more

Read other 43 answers
RELEVANCY SCORE 117.2

I first made this topic, but got the advice to post it here. I think I have a virus named Trojan.Dropper.BCMiner, that made my computer stop working, then i had to do a system restore. Something I just remember is that I clicked on a java update before my troubles began. I made a log with DDS and GMER, but with GMER I wasn't able to check/uncheck most of the boxes (I was able to this with services registry and files).edit: i attached the files for dds and gmer.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Wouter at 16:13:34 on 2012-06-03.============== Running Processes ===============..============== Pseudo HJT Report ===============.mWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110627182543.dllBHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Intern... Read more

A:Trojan.Dropper.BCMiner

Hi,Please run the following:download Farbar Recovery Scan Tool and save it to a flash drive.(you need the 64bit version)Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bi... Read more

Read other 17 answers
RELEVANCY SCORE 117.2

Please advise with the removal of this malware that redirects my google searches.

Many thanks ahead of time for any and all help.

A:Trojan.dropper.BCminer

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 27 answers