Trojan.Dropper.BCMiner
- Thread starter Bret
- Start date
- Status
- Jan 24, 2011
- 9,378
Ok,looks like Combofix got the hard-core part of this infection......
NEXT,please follow the below steps.
VERY IMPORTANT! Please run only one scan at the time!DO NOT START ALL THE SCAN AT ONCE!
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">ROGUEKILLER DOWNLOAD LINK</a> <em>(This link will automatically download RogueKiller on your computer)</em></li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Scan button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>
The report has been created on the desktop.In your next reply please post:
All RKreport.txt text files located on your desktop.
<hr />
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET Online Scanner Download Link</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 4: Run Temp File Cleaner by OldTimer
<ol>
<li>You can download the TFC utility from the below link
<a title="External link" href="http://oldtimer.geekstogo.com/TFC.exe" rel="nofollow external"><>TFC DOWNLOAD LINK</></a> <em>(This link will automatically download Temp File Cleaner on your computer)</em></li>
<li>Please double-click <>TFC.exe</> to run it. (<>Note:</> If you are running on Vista or 7, right-click on the file and choose <>Run As Administrator</>).</li>
<li>It <>will close all programs</> when run, so make sure you have <>saved all your work</> before you begin.</li>
<li>Click the <>Start</> button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. <>Let it run uninterrupted to completion</>.</li>
<li>Once it's finished it should <>reboot your machine</>. If it does not, please <>manually reboot the machine</> yourself to ensure a complete clean.</li>
</ol>
<hr />
What's next?
Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.HitmanPro logs
2.RogueKiller logs
3.ESET log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!
NEXT,please follow the below steps.
VERY IMPORTANT! Please run only one scan at the time!DO NOT START ALL THE SCAN AT ONCE!
STEP 1: Run a HitmanPro scan
<ol>
<li><>Download the latest official version of HitmanPro</>.
<a href="http://www.surfright.nl/en/hitmanpro/" rel="nofollow" target="_blank"> <>HITMANPRO DOWNLOAD LINK</></a> <em>(This link will open a download page in a new window from where you can download HitmanPro)</em></li>
<li>Start HitmanPro by <>double clicking on the previously downloaded file.</> and then following the prompts.
<img src="http://malwaretips.com/images/removalguide/hpro4.png" alt="[Image: hitmanproscan4.png]" border="0" /></li>
<li>Once the scan is complete, a screen displaying all the malicious files that the program found will be shown as seen in the image below.After reviewing each malicious object click <>Next</> .
<img src="http://malwaretips.com/blogs/wp-content/uploads/2012/02/rsz_hpro5.png" alt="[Image: hitmanproscan5.png]" border="0" /></li>
<li>Click <>Activate free license</> to start the free 30 days trial and remove the malicious files.
<img src="http://malwaretips.com/images/removalguide/hpro6.png" alt="[Image: hitmanproscan6.png]" border="0" /></li>
<li>HitmanPro will now start removing the infected objects, and in some instances, may suggest a reboot in order to completely remove the malware from your system. In this scenario, always confirm the reboot action to be on the safe side.
</ol>
Add to your next reply, any log that HitmanPro might generate.
<hr />
STEP 2: Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">ROGUEKILLER DOWNLOAD LINK</a> <em>(This link will automatically download RogueKiller on your computer)</em></li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Scan button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>
The report has been created on the desktop.In your next reply please post:
All RKreport.txt text files located on your desktop.
<hr />
STEP 3: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET Online Scanner Download Link</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
STEP 4: Run Temp File Cleaner by OldTimer
<ol>
<li>You can download the TFC utility from the below link
<a title="External link" href="http://oldtimer.geekstogo.com/TFC.exe" rel="nofollow external"><>TFC DOWNLOAD LINK</></a> <em>(This link will automatically download Temp File Cleaner on your computer)</em></li>
<li>Please double-click <>TFC.exe</> to run it. (<>Note:</> If you are running on Vista or 7, right-click on the file and choose <>Run As Administrator</>).</li>
<li>It <>will close all programs</> when run, so make sure you have <>saved all your work</> before you begin.</li>
<li>Click the <>Start</> button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. <>Let it run uninterrupted to completion</>.</li>
<li>Once it's finished it should <>reboot your machine</>. If it does not, please <>manually reboot the machine</> yourself to ensure a complete clean.</li>
</ol>
<hr />
What's next?
Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.HitmanPro logs
2.RogueKiller logs
3.ESET log
4.Let me know if you had any problems with the above instructions and also let me know how things are running now!
Last edited:
- Jan 24, 2011
- 9,378
Unless you are having other problems, it is time to do the final steps.
<>Remove ComboFix</>
<ol>
<li>Hold down the <>Windows key</> + <>R</> on your keyboard. This will display the Run dialogue box</li>
<li>In the Run box, type in <>ComboFix /Uninstall</> <em>(Notice the space between the "x" and "/")</em> then click <>OK</> <a href="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png"><img class="alignnone size-full wp-image-4129" title="Uninstall Combofix" src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png" alt="Combofix uninstall command" width="413" height="212" /></a></li>
<li>Follow the prompts on the screen</li>
<li>A message should appear confirming that ComboFix was uninstalled</li>
</ol>
<hr />
<>Remove the OTL utility</>
Run OTL and hit the <>CleanUp</> button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
<ul>
<li>Go to control panel</li>
<li>Select folder options (Appearance > Folder options in category view)</li>
<li>Select the View Tab.</li>
<li>Under the Hidden files and folders heading select <>Do not show hidden files and folders</>.</li>
<li>Click Yes to confirm.</li>
<li>Click OK.</li>
</ul>
<hr />
<img src="http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif" alt="Posted Image" /> Your <>Java</> is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of <>Java</> components and upgrade the application. <>
</><>Upgrading Java</>:
<ul>
<li>Go to<a title="External link" href="http://java.com/en/" rel="nofollow external"> this site</a> and click <>Do I have Java</></li>
<li>It will check your current version and then offer to update to the latest version</li>
</ul>
<hr />
<>SPRING CLEAN</>
<>To manually create a new Restore Point</>
<ul>
<li>Go to <>Control Panel </>and select <>System </></li>
<li>Select <>System</></li>
<li>On the left select<> System Protection </>and accept the warning if you get one</li>
<li>Select <>System Protection Tab</></li>
<li>Select <>Create</> at the bottom</li>
<li>Type in a name i.e. Clean</li>
<li>Select <>Create</></li>
</ul>
<>Now we can purge the infected ones</>
<ul>
<li>Go <>Start > All programs > Accessories > system tools </></li>
<li>Right click <>Disc cleanup</> and select run as administrator</li>
<li>Select <>Your main drive</> and accept the warning if you get one</li>
<li>For a few moments the system will make some calculations</li>
<li>Select the <>More Options tab</></li>
<li>In the System <>Restore and Shadow Backups select Clean up</></li>
<li>Select <>Delete</> on the pop up</li>
<li>Select OK</li>
<li>Select Delete</li>
</ul>
<hr />
<>Clean your temporary files</>
<ol>
<>Clean your temporary files</>
<ol>
<li>Download to your Desktop - <a title="External link" href="http://www.piriform.com/ccleaner/download/portable" rel="external">CCleaner Portable</a></li>
<li>UnZip CCleaner Portable to a folder on your Desktop named CCleaner</li>
<li>Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)</li>
<li>The following should be selected by default, if not, please select:
<img src="http://i52.tinypic.com/4l5a4i.png" alt="Posted Image" /></li>
<li>Click <img src="http://i56.tinypic.com/16jox2o.png" alt="Posted Image" /> and choose <img src="http://i40.tinypic.com/5x3nu8.gif" alt="Posted Image" /></li>
<li>Uncheck <img src="http://i51.tinypic.com/amuvj8.gif" alt="Posted Image" /></li>
<li>Then go back to <img src="http://i41.tinypic.com/2jb4qyb.gif" alt="Posted Image" /> and click <img src="http://i25.tinypic.com/nf47ev.gif" alt="Posted Image" /> to run it.</li>
<li>Exit CCleaner.</li>
</ol>
What's next?
1. I ly advise you,to start a thread in our Security Configuration Wizard forum, to build up your computer malware defenses.
2. It's good to know that the best way to prevent future infections is to know how to avoid them,so with this in mind I ly recommend that you read this article on how to avoid computer infections. > <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid PC infections</a>
<>Remove ComboFix</>
<ol>
<li>Hold down the <>Windows key</> + <>R</> on your keyboard. This will display the Run dialogue box</li>
<li>In the Run box, type in <>ComboFix /Uninstall</> <em>(Notice the space between the "x" and "/")</em> then click <>OK</> <a href="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png"><img class="alignnone size-full wp-image-4129" title="Uninstall Combofix" src="http://malwaretips.com/blogs/wp-content/uploads/2012/07/combofix-uninstall.png" alt="Combofix uninstall command" width="413" height="212" /></a></li>
<li>Follow the prompts on the screen</li>
<li>A message should appear confirming that ComboFix was uninstalled</li>
</ol>
<hr />
<>Remove the OTL utility</>
Run OTL and hit the <>CleanUp</> button. It will remove all the programmes we have used plus itself. We will now confirm that your hidden files are set to that, as some of the tools I use will change that
<ul>
<li>Go to control panel</li>
<li>Select folder options (Appearance > Folder options in category view)</li>
<li>Select the View Tab.</li>
<li>Under the Hidden files and folders heading select <>Do not show hidden files and folders</>.</li>
<li>Click Yes to confirm.</li>
<li>Click OK.</li>
</ul>
<hr />
<img src="http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif" alt="Posted Image" /> Your <>Java</> is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of <>Java</> components and upgrade the application. <>
</><>Upgrading Java</>:
<ul>
<li>Go to<a title="External link" href="http://java.com/en/" rel="nofollow external"> this site</a> and click <>Do I have Java</></li>
<li>It will check your current version and then offer to update to the latest version</li>
</ul>
<hr />
<>SPRING CLEAN</>
<>To manually create a new Restore Point</>
<ul>
<li>Go to <>Control Panel </>and select <>System </></li>
<li>Select <>System</></li>
<li>On the left select<> System Protection </>and accept the warning if you get one</li>
<li>Select <>System Protection Tab</></li>
<li>Select <>Create</> at the bottom</li>
<li>Type in a name i.e. Clean</li>
<li>Select <>Create</></li>
</ul>
<>Now we can purge the infected ones</>
<ul>
<li>Go <>Start > All programs > Accessories > system tools </></li>
<li>Right click <>Disc cleanup</> and select run as administrator</li>
<li>Select <>Your main drive</> and accept the warning if you get one</li>
<li>For a few moments the system will make some calculations</li>
<li>Select the <>More Options tab</></li>
<li>In the System <>Restore and Shadow Backups select Clean up</></li>
<li>Select <>Delete</> on the pop up</li>
<li>Select OK</li>
<li>Select Delete</li>
</ul>
<hr />
<>Clean your temporary files</>
<ol>
<>Clean your temporary files</>
<ol>
<li>Download to your Desktop - <a title="External link" href="http://www.piriform.com/ccleaner/download/portable" rel="external">CCleaner Portable</a></li>
<li>UnZip CCleaner Portable to a folder on your Desktop named CCleaner</li>
<li>Open the CCleaner Folder on your Desktop and double click CCleaner.exe (32-bit) or CCleaner64.exe (64-bit)</li>
<li>The following should be selected by default, if not, please select:
<img src="http://i52.tinypic.com/4l5a4i.png" alt="Posted Image" /></li>
<li>Click <img src="http://i56.tinypic.com/16jox2o.png" alt="Posted Image" /> and choose <img src="http://i40.tinypic.com/5x3nu8.gif" alt="Posted Image" /></li>
<li>Uncheck <img src="http://i51.tinypic.com/amuvj8.gif" alt="Posted Image" /></li>
<li>Then go back to <img src="http://i41.tinypic.com/2jb4qyb.gif" alt="Posted Image" /> and click <img src="http://i25.tinypic.com/nf47ev.gif" alt="Posted Image" /> to run it.</li>
<li>Exit CCleaner.</li>
</ol>
What's next?
1. I ly advise you,to start a thread in our Security Configuration Wizard forum, to build up your computer malware defenses.
2. It's good to know that the best way to prevent future infections is to know how to avoid them,so with this in mind I ly recommend that you read this article on how to avoid computer infections. > <a href="http://malwaretips.com/blogs/how-to-easily-avoid-pc-infections/">How to easily avoid PC infections</a>
Last edited:
- Status
Similar threads
