Trojan Win32/CoinMiner removal - Help!

Discussion in 'SW Helpdesk' started by angel, Mar 12, 2018.

  1. angel

    angel Registered User

    Joined:
    Dec 23, 2016
    Messages:
    95
    Likes Received:
    364
    Over the last 10 days I've "acquired" this Trojan, try as I will, I can't remove it completely.


    I've used the following software to erase it:

    MS Defender - "catches" it every time it runs
    UnHackMe
    HitmanPro
    Malwarebytes
    Eset
    CCcleaner
    Emsisoft Emergency Kit
    TDSSKiller
    Reset Explorer, Google and FF (my browser of choice)


    All the programs detect it but none of remove the "thing" that triggers it.


    Any help will be appreciated!


    Oh, and BTW, I use Window$ 10 Home
     
  2. Warax

    Warax Honorary Member Honorary Member V.I.P DEV Guild

    Joined:
    Jan 16, 2011
    Messages:
    4,231
    Likes Received:
    3,493
    by searching I found these

    Code:
    https://www.2-spyware.com/remove-win32-coinminer.html
    http://greatis.com/blog/howto/remove-trojan-win32-coinminer.htm

    Another solution is to see in what file it was detected ? submit this file to symantec

    Code:
    https://www.symantec.com/security-center/submit-virus-samples
    Gave them few days to update it in the database and then download their NIS or NS trial version and try again. if not contact them directly.

    Kaspersky also has same system you can submit the infected file to them and use their free antivirus or contact them in the forum for more help.

    In general I advise you to get Norton Security package installed and running always in your system.
     
    angel likes this.
  3. angel

    angel Registered User

    Joined:
    Dec 23, 2016
    Messages:
    95
    Likes Received:
    364
    Will get back soon
     
  4. Mr

    MrSmithr Registered User

    Joined:
    Dec 23, 2017
    Messages:
    43
    Likes Received:
    559
    Another way is to see what's causing it, usually something like a scheduled task to open the program that controls the miner. You could use a program called "Process Hacker", this will allow you to see which file has executed the running process. It's also possible that it could be in your temp files. Did you run these scans in "Safe Mode"? Failing that you could use a bootable USB into a linux distro and then run virus scan from that environment which will ensure that it isn't running at all thus allowing it to be deleted because it won't be locked due to being in use.

    Process Hacker
     
    hacker7 likes this.
  5. angel

    angel Registered User

    Joined:
    Dec 23, 2016
    Messages:
    95
    Likes Received:
    364
    got into safe mode, scanned with everything I have and rebooted, seems all good. found a add in for Firefox called miner block, seems to be good from the reviews. Thanks for all the help.
     
    MrSmithr likes this.
  6. Mr

    MrSmithr Registered User

    Joined:
    Dec 23, 2017
    Messages:
    43
    Likes Received:
    559
    Glad it's all sorted :)
     
  7. angel

    angel Registered User

    Joined:
    Dec 23, 2016
    Messages:
    95
    Likes Received:
    364
    I think it was one site s
    that asked for you to donate usng the miner but needed to install something, I never did, i am beginning to think installed with out knowing, if thats possible
     
  8. men240

    men240 is a Trusted Warez Postermen240 V.I.P. User V.I.P DEV Guild

    Joined:
    May 14, 2006
    Messages:
    10,223
    Likes Received:
    24,551
    It's possible, if the site wanted to install a trojan into your system, would it ask you politely, can I install a trojan into your system?o_O

    Well, usually trojan would usually install silently without your knowledge.

    I remember a programming site, that always install a virus into my system each time I visit it through google search engine. Cant remember that site name, happen quite long ago.
     
    hacker7 likes this.
  9. angel

    angel Registered User

    Joined:
    Dec 23, 2016
    Messages:
    95
    Likes Received:
    364
    Yes, I understand, but the site ask for help in keeping the site up. Instead of donating money they want you to allow mining, well I learned a bit and hopefully it won't happen again
     
  10. dbpreston

    dbpreston Registered User

    Joined:
    May 5, 2018
    Messages:
    39
    Likes Received:
    226
    SpyHunter ..

    Highly recommend !!!
     
    BRUNOfranco and angel like this.