Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on June 17, 2018, 02:30:48 PM
-
I am getting the same message from avast every 10 minutes or so.
Attached you can find said message. Sorry, it's a german PC ;)
Thanks for your help in advance!
-
Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892
-
Here you go. Thank you! :)
-
OK, now you've to wait for one of the malware experts...
-
Alright, thanks again!
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
CloseProcesses:
cmd: sc stop BITS
Task: {332B247D-1284-4648-9096-DACE4C681F0D} - System32\Tasks\Windows Cryptography Service => C:\Program Files (x86)\Common Files\Cryptography\Hasher\xmr-stak.exe
Task: {FD024C7F-E7A3-4F02-954B-DF608D80D43E} - System32\Tasks\Windows Cryptography Service Updater => C:\Program Files (x86)\Common Files\Cryptography\Hasher\ConfigUpdate.bat [2018-05-22] () <==== ACHTUNG
C:\Program Files (x86)\Common Files\Cryptography
EmptyTemp:- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
There you go :)
-
What is situation now?
-
Sadly, i'm still getting the notification every 10 minutes when the pc is turned on. :P
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
sc stop BITS
RemoveDirectory: C:\ProgramData\Microsoft\Network\Downloader
Reboot:- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
There you go.
and i am happy to say that i did not get another notification since the last restart! Nice! :D
Does this mean my PC is clean, or should i do some more testing?
-
Report if notification returns.
Rename FRST64 to uninstall and run it. It should uninstall FRST.
-
Will do. Thank you so much!
Can you explain in layman's terms what exactly happened?
It seems like it was a Trojan that kept trying to download a payload via a blocked website, am i correct?
Any way i can find out how it got on my PC? And how is it possible that Avast did not notice it in the first place? And why did not even Malwarbytes detect it?
Sorry for the many questions, i am just very interested and confused. :)
-
Trojan that was run on PC created BITS download job and deleted itself. Payload was meant to be downloaded using Windows but it was blocked by Avast.