Author Topic: cpuminer-gw64 (Read 6121 times)

REDACTED · « **on:** June 13, 2015, 10:34:44 PM »

Good day. i have a problem.
1) 5 hours ago i downloaded https://zima31g.storage.yandex.net/rdisk/ed244a9fd0a96fcc6d4932df8408d8f67e374077042779e5a26893ff4874a07e/557c7dae/u-sGwJt_RqxJfwofAdIOTuo3Ay7LPd7r9MeP-Hrq7Qo_jStuUWBSzExIMaPwupxhAENpB7EaM-FbH9so2nYMHQ==?uid=0&filename=Price_Action.rar&disposition=attachment&hash=XOuwfnzuC6ZVToDPOmhgYYIYz%2BIaUIr7c/wtgBO19og%3D&limit=0&content_type=application%2Fx-rar&fsize=3302184&hid=0f29569411a22151f53d6b97a7ef4870&media_type=compressed&tknv=v2&rtoken=4937bf36fe9d25b25f0860baa8de4dd6&force_default=no
2) 4 hours ago http://travian-bot.ru/K7I1NzQwNTJSK7Y1tDRUK7XNKCkpUDV2VDVyA6Ly8nK9osSinMQkveT8XKAAkAMSzswDMnQrzEx0TY0M9VIrUtXybMMz84Icg-JN9aAiVbYmhpYmxgYmaiW2EA0A
3) found 18 viruses, but i still have many processes and programs that i can't control. can U help me with this issue?
4) cpuminer-gw64 and surfing protection (i can't delete them manually)

Pondus · « **Reply #1 on:** June 13, 2015, 10:52:42 PM »

Follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

REDACTED · « **Reply #2 on:** June 14, 2015, 03:47:53 AM »

scan logs.
1) smth is still not deleted
2) every boot i have a porn star page in chrome

Rednose · « **Reply #3 on:** June 14, 2015, 04:00:23 AM »

Hi Ivan160, welcome to the forum

In the same directory as the FRST.txt log there should be an Additions.txt log as well. Please attach that too.
You will be helped as soon as possible.

Greetz, Red.

REDACTED · « **Reply #4 on:** June 14, 2015, 05:45:44 AM »

attached. thanks for your time.

REDACTED · « **Reply #5 on:** June 14, 2015, 08:12:39 AM »

Your first link is not available.

Second link is to download WinRar but with a Virus.
Virus call Luhe Fiha
Luhe Fiha is a malicious software that once it is executed has the capability of replicating itself and infect other files and programs. These type of malware, called Viruses, can steal hard disk space and memory that slows down or completely halts your PC. It can also corrupt or delete data, erase your hard drive, steal personal information, hijack your screen and spam your contacts to spread itself to other users. Usually, a Virus is received as an attachment on an email or instant message. Luhe Fiha is currently ranked 27 in the world of online malware.

essexboy · « **Reply #6 on:** June 14, 2015, 12:07:43 PM »

Let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Download the attached Fixlist.txt to the same location as FRST

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S0].txt as well.

REDACTED · « **Reply #7 on:** June 14, 2015, 02:35:36 PM »

It works as i see. some problems with chrome and start pages. i'll try to reinstall it. The main progress is no cmd windows while booting.

essexboy · « **Reply #8 on:** June 14, 2015, 03:26:29 PM »

What problems are you experiencing with chrome ?

REDACTED · « **Reply #9 on:** June 14, 2015, 04:55:23 PM »

http://udacha.club/clbv/p7202/EAVB4/?at=1&goto=site&mir=1

and many others starting pages like this. (i don't know what to do to remove this shit)
1) all cash and cookies deleted
2) chrome reinstalled

no result

essexboy · « **Reply #10 on:** June 14, 2015, 05:04:50 PM »

Is this in chrome only ?

Could I have a fresh FRST scan please

REDACTED · « **Reply #11 on:** June 14, 2015, 10:24:37 PM »

here they are.
As u can see in the last doc file, there are always alerts with chrome. I use onle chrome, but i've checked IE and everything is the same.

Eddy · « **Reply #12 on:** June 14, 2015, 10:32:24 PM »

Start with removing everything from IObit:
https://forums.malwarebytes.org/index.php?/topic/29681-iobit-steals-malwarebytes-intellectual-property/

essexboy · « **Reply #13 on:** June 14, 2015, 11:24:37 PM »

OK lets try again

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

CreateRestorePoint:
HKLM\...\Run: [gpuminer] => C:\Users\Hudyakov\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2668243879-3027452634-3090891347-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://spacesearch.ru/?ri=1&rsid=4bc1e5e1f04fb7bfd478683ed7f8f7a9&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-2668243879-3027452634-3090891347-1001 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File
DefaultPrefix-x32: => http://spacesearch.ru/?ri=1&rsid=4bc1e5e1f04fb7bfd478683ed7f8f7a9&q= <==== ATTENTION
C:\Users\Hudyakov\AppData\Roaming\cpuminer
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

Author Topic: cpuminer-gw64 (Read 6121 times)

REDACTED

cpuminer-gw64

Pondus

Re: cpuminer-gw64

REDACTED

Re: cpuminer-gw64

Rednose

Re: cpuminer-gw64

REDACTED

Re: cpuminer-gw64

REDACTED

Re: cpuminer-gw64

essexboy

Re: cpuminer-gw64

REDACTED

Re: cpuminer-gw64

essexboy

Re: cpuminer-gw64

REDACTED

Re: cpuminer-gw64

essexboy

Re: cpuminer-gw64

REDACTED

Re: cpuminer-gw64

Eddy

Re: cpuminer-gw64

essexboy

Re: cpuminer-gw64