Win32:BitCoinMiner-Ca trojan in audit.exe file

[Joytas]

Hi,

I have problem with virus Win32:BitCoinMiner-Ca.
It was detected by Avast in a file C:\Users\[user_name]\AppData\Local\Temp\iswizard\audit.exe.
I removed "iswizard" folder but after that Avast detected virus and the folder appeared again.

I tried instructions from http://forum.avast.com/index.php?topic=53253.0 It didn't help.
OTL log is attached.

How can I get rid of this virus?

[Pondus]

How can I get rid of this virus?

you wait for a removal expert to arrive.... it may take hours, so be patient

[essexboy]

Here you go, let me know if this kills it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\S-1-5-21-299887075-721810186-3028965521-1000..\Run: [tsiVideo] C:\Users\Tomek\AppData\Local\Temp\tsiVi032.dll ()

:Files
C:\Users\Tomek\AppData\Local\Temp\iswizard

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Joytas]

Great! Looks like problem is solved  I haven't had any virus report for several hours and malicious folder hasn't appeared so far.

I attach an OTL log after quick scan. Is everything fine in it?

[essexboy]

Looks good, run OTL and press the cleanup button to remove it

[Joytas]

Great! The virus has been killed for sure Many thanks for your professional help! 

[essexboy]

My pleasure