Ataque a : Win32:BitCoinMiner-CA (Trj)

[javiervalero]

Rogue Killer Reports
Zoek log.
I found that the zoek results goes to f:
It is possible that were mixed this report with the old ones inside the file...
tell me if I must rerun zoek. Now i´m deleting the zoek-result in F
sorry.

[magna86]

Leave for now zoek logs, we will delete them later if need be.

1.
Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/

Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
    Please note: This is a beta version so please be sure to read the disclaimer and note of it.

• Unzip/unrar MBAR in a folder to your Desktop
• Open the folder where the contents were unzipped to run mbar.exe
  
  
• Click on Next > then on Update button to download fresh definitions.
  
• When database updates click Next
  
• In the following window ensure "Targets" scan for Drivers; Sectors; System are ticked. Then select "Scan button"
  
  
• If an infection/s are found ensure "Create Restore Point" is checked, then select the "Cleanup Button" to remove threats.
  Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.
  
  
• The Clean up procedure will be Scheduled for process.
• When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
  

>> Please attach the two following logs from the mbar folder:

system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.


-----------------------------------

2.Now you need to delete old ComboFix (drag&drop Combofix icon into recycle bin) and download fresh copy from here:
http://www.bleepingcomputer.com/download/combofix/
Run Combofix as you did before and attach here fresh Combofix.txt log


**********************


Tell me now, how is your computer running now?

[javiervalero]

First MBAR scan.
sustem log and mbar log.

[javiervalero]

Second mbar scan:
scan finished: no malware found!

[javiervalero]

ComboFix Report

[magna86]

Finally powerfull MBAR got him ...       Let's have check that just to be sure.


> Delete now all old zoek logs ( delete all C:\zoek-results.log ) and Re-run zoek.exe using this script:

Code: [Select]

dwm.exe;z
wuaudit.exe;z
iswizard;z


Attach here fresh zoek log.

----------------------------


Tell me how is your computer running now?

[javiervalero]

all running well
no avast banners at this moment
there was a system crash when I opened a large cad file. This is not the first time during all this process after each cleaning.
I´m going with your next instruction.

[javiervalero]

zoek results:
Come on, Magna, it seems you have it!!!

[javiervalero]

I tested the pc and no more virus messages!!!!! Good job, Magna!!!
I think you must run some final scripts. Don´t you?
I needed to repair-reinstall Revit (cad soft), due to some instabilities. Now seems to work fine.
Internet Explorer now working fine after a configuration restore.
BUT:
Skype, Skydrive, and google  drive, don´t start at the windows startup.
In all these cases I check "start with windows startup", I close the dialog box, I open again the dialog box, and it´s uncheked again.
I tried updating skype, and gets this error:

(I hope you understand my english)

[magna86]

there was a system crash when I opened a large cad file.

Yeah ... CF is fault for that. 

Skype, Skydrive, and google  drive, don´t start at the windows startup.

Don't know, malware removal tools didn't catche nothing related for that.


.............................
Re-run zoek.exe as you did before with this scrpt:

Code: [Select]

C:\Windows\Prefetch\DWM.EXE-7C5D1E43.pf;f
autoclean;

Then,

It is necessary to uninstall ComboFix :

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.


**********************


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.

Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.


**********************


Try to repair windows with this tool;






Please download Windows Repair (all in one) from here:
http://www.tweaking.com/content/page/windows_repair_all_in_one.html

• Install the program then run.
• Go to Step 2 and allow it to run Disk check
  
• Once that is done then go to Step 3 and allow it to run SFC
  
• Go to Step4 and create registry backup and system restore point.
  
  
  
• On the Start Repairs tab => Click the Start
  - Click on the Select all button and then click on Start
  - Don't use the computer while each scan is in progress!!!
  
  
• Restart may be needed to finish the repair procedure.

*********************


How's your computer running now?

[javiervalero]

Magna... wonderful!!!
autostart of skype, skydrive and google drive.... resolved
Revit: opening and closing large cad files, .... seems at this moment to be solved
I'm gonna do a deep test now, and then I'll share the results with you.
Thanks, Thanks, Thanks.

[magna86]

 

[javiervalero]

Magna:
I tested my pc all these days, and all is running fine and quickly.
Except:
when I run an Avast full scan,after 15 minutes or more of initiated,  the system crashes with the typical blue screen...
There´s any fix for this?

There´s a lot of updates from windows, waiting for download.

[magna86]

Magna:
I tested my pc all these days, and all is running fine and quickly.

There´s a lot of updates from windows, waiting for download.

 

when I run an Avast full scan,after 15 minutes or more of initiated,  the system crashes with the typical blue screen...
There´s any fix for this?

From the software side, BSOD appears at the driver level. What causes it I don't know but we can check.



Download BlueScreenWiew tool from here:
http://www.nirsoft.net/utils/bluescreenview.zip

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.

Attach BSOD.txt here.

[javiervalero]

i haven´t downloaded the windows updates until be sure all is running ok