[ROOTKIT INFECTION] PUP.BitMiner: kwrd.dll

[jholland1964]

So are we basically all cleared up, then? Infection dead? Break out the party hats?

I would say yes, if you feel everything is running exactly as it should, then

[jholland1964]

My only additional suggestions are to use CCleaner ONLY for removing temp files and the like. Leave the registry cleaning alone, what we did here was out of necessity only and never ever use it to uninstall programs. Best thing to do is Add/Remove and/or the programs own uninstall file.
Here is a print screen of correct CCleaner settings. Click Analyze, it will scan the disk and then show you the temp stuff that can be removed. Have it remove.
Update and do a weekly quick scan with MBA-M and have it remove anything found. If it does find something with Quick Scan then have it remove, immediately update to be safe and then do a Full Scan.

Be sure the browser has correct settings for cookies, allow 1st party cookies and BLOCK 3rd party cookies.

I would also suggest, since we had to do so much moving and playing with files that you do a disk defrag. These are generally done automatically with Windows 7 but in cases like this might as well be sure everything is "lined up" like it should be.

Other than that I can't think of anything else. Any questions?

[KamikazeKarrot]

No questions at all. Just a big bucket of "thank you very very much". I owe you one. Well, two now. This is the second rootkit you've helped me on, incidentally. But not for the same person or the same computer, in case a red flag just went up for you.

[jholland1964]

Really happy to help...another rootkit? When was that?

[KamikazeKarrot]

You came in right around here:

http://forum.networktechs.com/showth...4830#post44830

[jholland1964]

Oh, that was "way back when" the TDSS Rootkit was fairly new. They have a program now that removes it without much trouble anymore.

[KamikazeKarrot]

I love how two years constitutes "way back when" in the technological world.

[jholland1964]

I love how two years constitutes "way back when" in the technological world.

Heck, in the tech world sometimes "way back when" means last week! This PUP.BitMiner: kwrd.dll you have for instance, when I first began searching for info google only had two listings, then later, 4 listings. Each time the numbers grew and finally last night the info that it was likely the Zero.Access rootkit. In fact I found one thread with the same difficulties you had removing McAfee and another with another av program that supposedly was gone but continued to show in the logs. So in three days a solution was posted but the first couple, nothing. Give it a month and it will be just a few steps hopefully instead of these multiple runnings of combofix....all the threads I found today had almost the same things we ended up doing. Things change rapidly, that's for sure!
you had for instance, when I first began searching for information I found two threads with very minor info on two forums, 9