Author Topic: Miner Trojan detected..... CPU Max out, nothing is helping.  (Read 5734 times)

0 Members and 1 Guest are viewing this topic.

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Miner Trojan detected..... CPU Max out, nothing is helping.
« on: December 05, 2018, 09:50:46 PM »
Hi,

I am having trouble with my PC. About two months ago, my CPU started to max out while I was browsing internet (same problem in Chrome, Explorer, Opera). Avast scan before Windows boot detected miner BV:Miner-T (TRJ), JS:CryptoNightMiner-A (TRJ) , JS:Miner-AI (PUP). Avast tried to remove it, but without success. Issues continue so I installed Kaspersky, program gave me a warning every time I tried to load/connect to HTTP web page but at least stop the attack(my cpu would not get on 100% while browsing), scan and removing did not help either. HTTPS webpages are fine. I am currently using Malwarebytes that is giving me warning and stoping the alert, but I am able to use Avast with it, Malwarebytes also failed with removing those problems completely.

I attached the logs from from the manual and also the Malwarebytes pop-up warning while connecting to HTTP.

I hope, that you will be able to help me guys.

Much appreciated

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #1 on: December 05, 2018, 10:32:25 PM »
Open Extension Manager in Chrome and remove:

Platby Internetového obchodu Chrome


Report status after that.

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #2 on: December 05, 2018, 11:37:03 PM »
Open Extension Manager in Chrome and remove:

Platby Internetového obchodu Chrome


Report status after that.

Sorry for being stupid, but I have no idea how should I open extension manager and remove that. Three dots->more tools -> extension  and then?

Thanks for replay
« Last Edit: December 05, 2018, 11:45:54 PM by tomas.denver »

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #3 on: December 06, 2018, 12:15:06 AM »
I don't use Chrome, but the three vertical dots are now pretty commonly use as the icon to access the Menu/Setting for the program including Chrome.

I have found an image on-line that shows, what I believe to be the three dots Sass Drake is talking about.  Clicking them should start to give you the other menu options.

Whilst this image might be old and show different options, it should at least get you into the three dots options.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #4 on: December 06, 2018, 12:25:18 AM »
Open Extension Manager in Chrome and remove:

Platby Internetového obchodu Chrome


Report status after that.

Sorry for being stupid, but I have no idea how should I open extension manager and remove that. Three dots->more tools -> extension  and then?

Thanks for replay



I wrote the reply with the three dots :D not Sass Drake.
I don't know what to do in the extension menu/manger, if that's the right extension manager that Drake mentioned.
I currently do not have any extensions.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #5 on: December 06, 2018, 12:45:54 AM »
<snip quotes>
I wrote the reply with the three dots :D not Sass Drake.
I don't know what to do in the extension menu/manger, if that's the right extension manager that Drake mentioned.
I currently do not have any extensions.

I'm aware of that, my post being directly below your was directed to you (on the information Sass Drake gave you). 

Sorry if there was any confusion, I thought you couldn't find the three dots information.

EDIT:  Sass Drake saw the extension (Platby Internetového obchodu Chrome) in your FRST.txt log that you attached.  Since you can't find it we will have to wait for SASS Drake to get back to the topic.
« Last Edit: December 06, 2018, 01:00:07 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #6 on: December 06, 2018, 08:50:55 PM »

I wrote the reply with the three dots :D not Sass Drake.
I don't know what to do in the extension menu/manger, if that's the right extension manager that Drake mentioned.
I currently do not have any extensions.

https://support.google.com/chrome_webstore/answer/2664769?hl=en&ref_topic=6238977

Click on three dots sign -> More tools -> extensions. Make screenshot of opened page and attach it your message.

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #7 on: December 07, 2018, 08:06:53 PM »
Here is the printscreen of my extensions.

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #8 on: December 07, 2018, 08:13:11 PM »
Maybe this could help as well. I attached log from Kaspersky, first time I did the scan it found this.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #9 on: December 09, 2018, 01:24:09 PM »
Do you have Mikrotik router?

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #10 on: December 09, 2018, 06:36:21 PM »
No, I do not.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #11 on: December 09, 2018, 11:48:15 PM »
Try to factory reset your router because problem is not your PC as far I can tell from logs.

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #12 on: December 11, 2018, 12:11:56 AM »
Hi again,

I restarted the router, set up the new paswword and login etc.
I also did the scans again, logs are attached togheter with pop-up alert, which is still showing up on every browser, the file where the threat is detected depends on the browser I am  currently using.

Any suggestions, which could help?
Can you please look at the logs again?
If you do not find anything, what would you suggest?
Windows reinstall? Should I try local IT shop for "virus, malware cleaning"?
Anything else?

Thanks for reply

Offline Jiří Šembera

  • Avast team
  • Jr. Member
  • *
  • Posts: 46
  • Developer/Malware Analyst, former VPS maintainer
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #13 on: December 11, 2018, 10:55:39 AM »
Hi Tomas,

it really looks like the problem is not on your computer but somewhere on the network. As mentioned above, the symptoms really resemble an infected Mikrotik router.  What ISP (Internet Service Provider) do you have? May be their router got infected. You can tell this is the case by looking at the Network tab in Developer Settings in Chrome (shortcut F12). If there is a request with 403 in "Status" column and (after selecting the request) you see "Mikrotik HttpProxy" (see attached images) then there is an infected Mikrotik router between you and the websites you're visiting.

You can also try to change your DNS server IPs to 8.8.8.8/8.8.4.4 (Google) to see whether there is a problem with your DNS settings (either on PC or on your router). Guide here: https://www.lifewire.com/how-to-change-dns-servers-in-windows-2626242

I would also recommend installing at least some adblocker (uBlock Origin works great for me) - they are quite successful in blocking miners. I am also using ScriptSafe plugin, that prevents websites from running JavaScript unless I explicitly let them, so unless a trusted website gets hacked, no cryptomining on my computer. However this approach is a bit painful because you need to build your list of trusted websites first.

Jiri

EDIT: It turned out we did not have a good coverage of the omine.org miner mentioned in your screenshots, so I've added a couple of new detections that should at least prevent the miner from loading.
« Last Edit: December 11, 2018, 11:09:51 AM by Jiří Šembera »

Offline tomas.denver

  • Newbie
  • *
  • Posts: 8
Re: Miner Trojan detected..... CPU Max out, nothing is helping.
« Reply #14 on: December 11, 2018, 03:31:42 PM »
Zdravím,
podle jména usuzuji, že už není nutné nadále chatovat v AJ.

Podle příloh je vidět, že jste měl s mikrotikem pravdu, jde o "lokálního" poskytovatele, zkusím se ho na to zeptat.
Zajímavé však je, že dnes jsem se zkoušel připojit na jinou síť wifi (jiný poskytovatel) a pop-alert vyskočil stejně.
Zkusím ještě nastavit jiné DNS, nevím zda je to v tuto chvíli ještě nutné, ale přesto.
V tuhle chvíli řeším jediný problém, jediné dva programy které doposud dokázaly všechny hrozby detekovat bez problému jsou malwarebytes a kaspersky, oboje jsou placené. Pluginy v podobě addblockeru atd. jsem zkoušel, bohužel byly úspněšné tak z 50%.  Neexistuje jiné řešení, pokud tedy kompletní čištění počítače není řešením, např. blokace dané IP adresy/domény, viz. druhá příloha, přímo ve wifi routru nebo avastu?

Díky za odpověď.