Page 13 of 13 FirstFirst ... 3111213
Results 121 to 128 of 128

Thread: [ROOTKIT INFECTION] PUP.BitMiner: kwrd.dll

  1. #121
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    My only additional suggestions are to use CCleaner ONLY for removing temp files and the like. Leave the registry cleaning alone, what we did here was out of necessity only and never ever use it to uninstall programs. Best thing to do is Add/Remove and/or the programs own uninstall file.
    Here is a print screen of correct CCleaner settings. Click Analyze, it will scan the disk and then show you the temp stuff that can be removed. Have it remove.
    Update and do a weekly quick scan with MBA-M and have it remove anything found. If it does find something with Quick Scan then have it remove, immediately update to be safe and then do a Full Scan.

    Be sure the browser has correct settings for cookies, allow 1st party cookies and BLOCK 3rd party cookies.

    I would also suggest, since we had to do so much moving and playing with files that you do a disk defrag. These are generally done automatically with Windows 7 but in cases like this might as well be sure everything is "lined up" like it should be.

    Other than that I can't think of anything else. Any questions?
    Attached Thumbnails Attached Thumbnails Click image for larger version. 

Name:	ccleaner settings.jpg 
Views:	5 
Size:	47.1 KB 
ID:	2098  

  2. #122
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Quote Originally Posted by KamikazeKarrot View Post
    So are we basically all cleared up, then? Infection dead? Break out the party hats?
    I would say yes, if you feel everything is running exactly as it should, then

  3. #123
    No questions at all. Just a big bucket of "thank you very very much". I owe you one. Well, two now. This is the second rootkit you've helped me on, incidentally. But not for the same person or the same computer, in case a red flag just went up for you.
    Last edited by KamikazeKarrot; 12-29-2011 at 07:07 AM.

  4. #124
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Really happy to help...another rootkit? When was that?

  5. #125

  6. #126
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Oh, that was "way back when" the TDSS Rootkit was fairly new. They have a program now that removes it without much trouble anymore.

  7. #127
    I love how two years constitutes "way back when" in the technological world.

  8. #128
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Quote Originally Posted by KamikazeKarrot View Post
    I love how two years constitutes "way back when" in the technological world.
    Heck, in the tech world sometimes "way back when" means last week! This PUP.BitMiner: kwrd.dll you have for instance, when I first began searching for info google only had two listings, then later, 4 listings. Each time the numbers grew and finally last night the info that it was likely the Zero.Access rootkit. In fact I found one thread with the same difficulties you had removing McAfee and another with another av program that supposedly was gone but continued to show in the logs. So in three days a solution was posted but the first couple, nothing. Give it a month and it will be just a few steps hopefully instead of these multiple runnings of combofix....all the threads I found today had almost the same things we ended up doing. Things change rapidly, that's for sure!
    you had for instance, when I first began searching for information I found two threads with very minor info on two forums, 9

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •