Author Topic: JAVA: Bitcoin -a [Trojan]  (Read 10192 times)

0 Members and 1 Guest are viewing this topic.

Smigckles1

  • Guest
JAVA: Bitcoin -a [Trojan]
« on: July 14, 2012, 01:46:43 PM »
Hey all,

Scanned brothers computer yesterday, found 18 malware. All random numbers + letters .exes with american flag symbols as task icon. Ran a boot time scan and found four "Java:Bitcoin -A" trojans.

Did the same to my computer this morning, found nothing with the usual found but also found this bitcoin trojan on mine during the boot time scan.

From what I've read about it, all it does is act as a mining bot on infected machines. One thing I don't understand is, it says it's distributed with pirated software but I'm fairly certain everything on both computers is legit.

My main question is, should I be worried about changing passwords etc ?

Thanks

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: JAVA: Bitcoin -a [Trojan]
« Reply #1 on: July 14, 2012, 02:14:37 PM »
i would recomend to let essexboy have a look inside

follow this guide and attach (not copy and paste) logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Smigckles1

  • Guest
Re: JAVA: Bitcoin -a [Trojan]
« Reply #2 on: July 14, 2012, 03:37:54 PM »
i would recomend to let essexboy have a look inside

follow this guide and attach (not copy and paste) logs from malwarebytes / OTL / aswMBR
http://forum.avast.com/index.php?topic=53253.0

Hey Pondus,
Here are the requested logs.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JAVA: Bitcoin -a [Trojan]
« Reply #3 on: July 14, 2012, 04:18:31 PM »
It is always advisable with the current malware to reset passwords as a matter of course

I can see no remnants on the system how is it behaving ?

Smigckles1

  • Guest
Re: JAVA: Bitcoin -a [Trojan]
« Reply #4 on: July 14, 2012, 06:10:19 PM »
It is always advisable with the current malware to reset passwords as a matter of course

I can see no remnants on the system how is it behaving ?

Hi essexboy,
Both computers acted fine with the malware on. The only issue I've encountered is a heavy CPU usage on desktop startup, enough to freeze all tasks for up to 10-20 seconds. I've looked it up in resource manager and it just appears to be some issue with pagefile.sys, even though it's limited  to 4GB.

The only odd thing I've noticed is it calling up the task 7 or 8 times on my brothers computer, whereas it hasn't even tried to connect to the internet on mine (according to zonealarm anyhow).

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JAVA: Bitcoin -a [Trojan]
« Reply #5 on: July 14, 2012, 08:36:31 PM »
Which one is trying to access the net ?  The one you posted or the other ?

Smigckles1

  • Guest
Re: JAVA: Bitcoin -a [Trojan]
« Reply #6 on: July 15, 2012, 02:48:48 AM »
Which one is trying to access the net ?  The one you posted or the other ?

The one I posted was my computer which had the single trojan and no net connectivity attempts, I can provide logs for the other computer with the 4 trojans + connectivity if you want.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: JAVA: Bitcoin -a [Trojan]
« Reply #7 on: July 15, 2012, 01:44:24 PM »
Yep but first how is your computer

Attach the same series of logs as you did for your system