Page 3 of 13 FirstFirst 12345 ... LastLast
Results 21 to 30 of 128

Thread: [ROOTKIT INFECTION] PUP.BitMiner: kwrd.dll

  1. #21
    My aunt told me she disabled and/or removed McAfee. Clearly that did not happen.

    Good news: I ran the removal tool, and the computer is starting normally now. I'm going to run MBA-M, post the logs, and restart unless I hear otherwise from you.

  2. #22
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Absolutely, be sure to update MBA-M of course and then do the full system scan in normal mode, have it remove all, reboot and post back here with the log. Wonder how she "removed" it? Sounds like she just went in and deleted the files, which of course removes the visible traces but not the program.

  3. #23
    Don't know really. She's usually pretty good with computers.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122605

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    12/26/2011 8:26:41 PM
    mbam-log-2011-12-26 (20-26-41).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 337760
    Time elapsed: 37 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\WINDOWS\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

    Restarting now.

    EDIT: Restart worked. Going to run ESET now.

  4. #24
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Don't be doing anything else when ESET is running.

  5. #25
    I couldn't find the ESET log file at C:\Program Files\EsetOnlineScanner\log.txt. I did manage to find C:\Program Files (x86)\EST\EST Online Scanner\log.txt, which reads as follows:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=53251

    I don't know that that's what you're looking for. I can tell you that it quarantined and deleted two files and found another one working in the active memory, something like that. Couple of trojans.
    Last edited by KamikazeKarrot; 12-27-2011 at 07:21 AM.

  6. #26
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Log is usually always located here

    C:\Program Files\EsetOnlineScanner\log.txt.

    I haven't seen one that is located where you found it.

  7. #27
    There's no such filepath on the computer. Also, the only file on the entire C: drive named "log.txt" is the one I copied and pasted above.

  8. #28
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Is this a 64bit operating system? Even if it is there should be Two listings in C drive. I am running Windows 7 64bit and there are two...the first one is generally program files that are 64bit and the other is the one for 32bit programs.
    C:\Program Files\

    C:\Program Files (x86)\

  9. #29
    There are two separate Program Files folders as you listed, but there is no C:\Program Files\EsetOnlineScanner. There is only C:\Program Files (x86)\ESET\ESET Online Scanner.

    I'm running ESET again to see if I can find a log this time. It's at 98% right now. The same trojan is being detected: "probably a variant of Win32/Olmarik.AVQ trojan".

  10. #30
    Join Date
    Aug 2006
    Location
    The Middle
    Age
    71
    Posts
    4,079
    Write down names and locations of everything found, in case there is no log again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •