Trojan.Dropper.BCMiner

[Bret]

Operating system: Windows 7 Home
Architecture: 64 bit
Antivirus software and on-demand scanners on this system : Malewarebytes
Date and how issue started: a few days ago I noticed IE9 started redirecting web searches.
Current issues and symptoms: IE9 started redirecting web searches and some popup webpages appearing occasionally.
Steps taken in order to remove the infection: Malwarebytes identified trojan.droper.bcminer and removed, but upon restarting my computer it is back.
REQUESTED LOGS: OTL LOG
aswMBR LOG
Can someone help me with this trojan.dropper.bcminer please?

[Bret]

After seeing similiar threads on this forum about the trojan.droppr.bcminer, I ran the ComboFix scan. Log attached.

Thanks in advance for any help provided.

[Jack]

Ok,looks like Combofix got the hard-core part of this infection......
NEXT,please follow the below steps.
VERY IMPORTANT! Please run only one scan at the time!DO NOT START ALL THE SCAN AT ONCE!
STEP 1: Run a HitmanPro scan

1. Download the latest official version of HitmanPro.
   HITMANPRO DOWNLOAD LINK (This link will open a download page in a new window from where you can download HitmanPro)
2. Start HitmanPro  by double clicking on the previously downloaded file. and then following the prompts.
   
3. Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click Next .
   
4. Click Activate free license to start the free 30 days trial and remove the malicious files.
   
5. HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
   

Add to your next reply, any log that HitmanPro might generate.

---

STEP 2: Run a scan with RogueKiller

1. Please download the latest official version of RogueKiller.
   ROGUEKILLER DOWNLOAD LINK (This link will automatically download RogueKiller on your computer)
2. Double click on RogueKiller.exe to start this utility and then wait for the Prescan to complete.This should take only a few seconds and then you can click the Scan button to perform a system scan.
   
3. After the scan has completed, press the Delete button to remove any malicious registry keys.
   
4. Next we will need to restore your shortcuts, so click on the ShortcutsFix button and allow the program to run.
   

The report has been created on the desktop.In your next reply please post:

All RKreport.txt text files located on your desktop.

---

STEP 3: Run a scan with ESET Online Scanner

1. Download ESET Online Scanner utility.
   ESET Online Scanner Download Link (This link will automatically download ESET Online Scanner on your computer.)
2. Double click on the Eset installer program (esetsmartinstaller_enu.exe).
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Check Scan archives
6. Push the Start button.
7. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
8. When the scan completes, push List of found threats
9. Push Export to Text file  and save the file to your desktop using a unique name, such as ESET Scan. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.
10. Push the back button.
11. Push Finish

---

STEP 4: Run Temp File Cleaner by OldTimer

1. You can download the TFC utility from the below link
   TFC DOWNLOAD LINK (This link will automatically download Temp File Cleaner on your computer)
2. Please double-click TFC.exe to run it. (Note: If you are running on Vista or 7, right-click on the file and choose Run As Administrator).
3. It will close all programs when run, so make sure you have saved all your work before you begin.
4. Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
5. Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

---

What's next?

Attach the following logs to your post (You can find here details on how to use the Attachment System):

1.HitmanPro logs
2.RogueKiller logs
3.ESET log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!

[Bret]

Attached are the logs. No problems to report, everything seems to be working fine so far.

[Jack]

Unless you are having other problems, it is time to do the final steps.

Remove ComboFix

1. Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
2. In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
3. Follow the prompts on the screen
4. A message should appear confirming that ComboFix was uninstalled

---

Remove the OTL utility

Run OTL and hit the CleanUp button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

---

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:

• Go to this site and click Do I have Java
• It will check your current version and then offer to update to the latest version

---

SPRING CLEAN
To manually create a new Restore Point

• Go to Control Panel and select System 
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• Go Start > All programs > Accessories > system tools 
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

---

Clean your temporary files

Clean your temporary files

1. Download to your Desktop - CCleaner Portable
2. UnZip CCleaner Portable to a folder on your Desktop named CCleaner
3. Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)
4. The following should be selected by default, if not, please select:
   
5. Click  and choose 
6. Uncheck 
7. Then go back to  and click  to run it.
8. Exit CCleaner.


What's next?

1. I strongly advise you,to start a thread in our Security Configuration Wizard forum, to build up your computer malware defenses.
2. It's good to know that the best way to prevent future infections is to know how to avoid them,so with this in mind I strongly recommend that you read this article on how to avoid computer infections. > How to easily avoid PC infections

[Bret]

Thanks so much Jack. Everything is working as it should.