Jump to content

trojan.bitcoin.miner help needed.

Minjon
By Minjon
in Operating Systems
 Share
Posted

So i installed open office like 2 weeks ago, 1 week ago i started getting o.exe has stopped working while mostly watching youtube videos i tried to find what it was to no avail so i thought it must have been flash player since i scanned both with MSE and Malwarebytes and it showed no threats.

The other day friend told me openoffice is now libre office so i downloaded that and deleted openoffice first everything seemed fine until today i came and booted my machine, malwarebytes instantly reported i have trojan.bitcoin.miner o.exe and openoffice.exe so it quarantined them immediately, and it showed it was in appdata/roaming/miner folder, after that i did some research about this malware and i never saw the processes they listed miner.exe btc.exe and i go frequently in taskbar menager daily . i never saw fans going up or temperature since i have msi afterburner when im standby mode and i only found one registry about windows/run/openoffice.exe which i removed.

After that i did full scan with malwarebytes:

Files Detected: 2

C:\Users\David\AppData\Roaming\Miner\c.exe (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

C:\Users\David\AppData\Roaming\Miner\gc.exe (Trojan.BitcoinMiner) -> Quarantined and deleted successfully.

(end)

Then i did a full scan with MSE and it found nothing.

Then i used combofix and it deleted 1 file:

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\d2d1debug1.dll

But i still do not know do i delete this folder vrrcYLx.png

and i have no idea if i removed the malware fully :(

AMD Radeon 7870 Gigabyte OC / Intel i5 3570k / ASrock Z77 Pro4 /Samsung 840 EVO 250GB / WD Blue 500GB 7200rpm / Kingston HyperX T1 2x4GB 1600mhz / SeaSonic 520w M12 / Thermaltake v4 Black

 

 

Link to comment
https://linustechtips.com/topic/7591-trojanbitcoinminer-help-needed/
Share on other sites
Link to post
Share on other sites
Posted

Yes, delete that folder, just to be sure.

Second, if you downloaded OpenOffice from the official website, then the chances of that being a virus are very very small.

(However, if that was the problem, then you have a much bigger problem. Then someone could be spoofing your DNS or something like that.)

Projects | > Project DisplayGRID < | > Portable Virtualization Server < | > CORE GTX < | Projects

Community | > Schnitzel Teamspeak Server < | Community

Guides | > Getting started with a NAS < | > Setting up your Ubiquiti Access Points < | > pfSense Guide < | Guides

Link to post
Share on other sites
Posted
  • Author

Deleted last night and booted computer today and no sign of folder /miner, i think il run another full scan with malwarebytes just to be sure, i got openoffice from my brothers usb ( maybe infected?) like 2 3 weeks ago so i do not know where he got it from. I also uninstalled java since i found on malwarebytes forum one guy got this virus through java.

AMD Radeon 7870 Gigabyte OC / Intel i5 3570k / ASrock Z77 Pro4 /Samsung 840 EVO 250GB / WD Blue 500GB 7200rpm / Kingston HyperX T1 2x4GB 1600mhz / SeaSonic 520w M12 / Thermaltake v4 Black

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Operating Systems

×