Win32:BitCoinMiner-CA trojan

[Harry86]

Hi. I have exactly the same problem with this guy here http://forum.avast.com/index.php?topic=124164.0
I've already tried mbam and mbar with no result. Here is a screen of avast blocking the trojan horse
http://img716.imageshack.us/img716/4271/trojann.png

[essexboy]

Could you follow the steps here please http://forum.avast.com/index.php?topic=53253.0

[Harry86]

Here are my logs

[Harry86]

..and aswMBR.txt

[Pondus]

essexboy is notified....
you are a bit late, so essexboy is on bed now, check back tomorrow.   

[magna86]

post_edit:

Ups, just now I saw colleague essexboy has already taken over this case.

[essexboy]

  Hi lets get at it

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Harry86]

I got an error while Combofix was running (PEV.exe Error) however the scan completed.
I think nothing changed, the trojan is still there.

[essexboy]

OK I can see the reason for that

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 

• Doubleclick on TDSSKiller.exe to run the application
  
  
  
• Then click on Change parameters.
   
  
   
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
  
• Click the Start Scan button.
   
   
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
   
  
   
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
• Get the report by selecting Reports

 

• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  

Please copy and paste its contents on your next reply.

[Harry86]

3 threats found but without cure button.

[essexboy]

OK lets see if we can find a spare copy of Atapi.sys

Please run OTL and paste the following in the custom scans and fixes box

/md5start
atapi.*
/md5stop

Then press Run Scan
Attach the resultant log please

[Harry86]

Do you need extras log? I didn't find it.

[Pondus]

Do you need extras log? I didn't find it.

it is only created at first OTL run and is only extra tech info and usually not needed

[essexboy]

Intriguing Combofix reports that Atapi is infected however, both TDSSKiller and OTL MD5 scan report no problems

Please delete the current copy of combofix from your desktop
Then download and run a fresh copy please

Link 1
Link 2
 

[ComputerRepairTech]

Forum virus removal is not my field and this is essexboys show here..I just glanced over those txt files..



Sometimes when you are dealing with an undetectable rootkit you may find that you've been fooled and you aren't dealing with a rootkit at all just an amateur virus that you missed because you were searching so hard for a rootkit.  I could be way off base here