General Category > Malware removal help

Possibly infected with a Bitcoin farmer malware

(1/2) > >>

Hi!! So some days ago my computer started acting really weird, there was a constant use of the CPU in the task manager (30% more or less) and my internet just seemed to stopped working, or at least it worked for some minutes after start and then it just kept loading pages indefinitely, I thought it to be a internet problem, but on my other devices it was just fine.. So I did a quickscan with Malwarebytes and it detected ASKTOOLBARINSTALLER-ORJ-SPE[1].7Z and [2].7Z and MicrosoftRuntimeUpdate.vbe in Appdata/Roaming/libraries, looking it up I found people saying it was a bitcoin miner malware, which made sense for how my PC was behaving, anyway I quarantined it and restarted, but the problem was still there, CPU used without anything running and no internet (nothing was showing up in Task Manager either). There were also two processes that autoran on start called 'Microsoft Runtime' and 'Microsoft Runtime Update' starting from that file, that I found in CCleaner.
Anyway I started panicing and tried to use RogueKiller, ComboFix and AdwCleaner in that order, the problem seemed to be fixed after RogueKiller, but I ran the other ones too, I'll leave the logs

I'm asking here to know how I could have get infected and if there may be still something left on my PC, if it can help I think I had this for a long time and only recently it started to completely stop my internet connection, indeed I used to see a chrome.exe process using a lot of CPU in the background even tho I didn't even start it (I use Firefox), I thought it was Chrome trying to update and kept closing the process manually, eventually I tried uninstalling and reinstalling Chrome but nothing changed, after some time this stopped happening with chrome.exe and the same thing was happening with firefox.exe and if I tried to kill the process my Firefox would still run normally, which was really suspicious.
Let me know!! Bye (:

Hi Dyav,

Welcome to Forum.
If you do not use Teamviewer, please uninstall it.

Please download Farbar Recovery Scan Tool (x64) and save it to your Desktop.
[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also attach that along with the FRST.txt into your reply.


Here they are

Hi Dyav,

The main part of the infection was already removed.
However, we will now get rid of some leftovers.

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system !

Run FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please attach it to your reply.

How is your computer running ?


Thanks, that's good to know! Do you have any idea of where this may have originated from or what it actually was? I'm really curious and wanna know where I got it, was I right to think it started with the MicrosoftRuntimeUpdate.vbe?
By the way since I used RogueKiller the first time it all went back to normal, I just wanted to make sure it was all ok, especially because my anti-virus progams (avast and malwarebytes) didn't detect anything...

Also I would like to ask you to check another issue of mine (even if i don't think it's virus-related) since you look full of resources
I don't know if I have to create another post for this but I may have an issue with my disk space, it basically shows more full space than it should, since if i try to select all the folders in C: they weigh way less than it shows on Computer tab (something like 15-20 GB less), also my Windows folder is reaaally big, it almost hits 40 GB of space, I already tried reducing it by disabilitating the hibernate mode and using the disk cleaning tool, which reduced some space cleaning the Windows Update folder, freeing 8 gb (i think it is winsxs, but it's still really big), the biggest files/folders in Windows are pagefile.sys (15GB) and winsxs folder (15GB), I used WinDirStat to check it. I don't really think it is a virus causing this, but it's still really strange, I don't think it is supposed to be like that, if you can help I would really appreciate!


[0] Message Index

[#] Next page

Go to full version