Messages

1

Malware removal help / Re: Possibly infected with a Bitcoin farmer malware

« on: August 21, 2018, 03:14:54 AM »

I think you are right! I indeed downloaded a cracked version of the game from a website called Ocean of Games, I'm kinda disappointed because I've been using that website for years and never got anything bad from it.. When I searched 'Ocean of Games' and 'malware' the first thing to pop up was a bitcoin malware

It would be a bummer removing it, but I will do it if necessary.. Do you think that if I open the game the malware will appear again?
I could leave you the files from the game ZIP I downloaded so you can analyze it and see what it did (i wont include the big files), to install it I had to open a Setup.vbe which I definetely think is where it started, then I would get an .ISO to create the virtual disk and install the game. Let me know.
Also I guess I'll just live with the big Windows folder, I thought it to be abnormally big
Thanks, bye!!

2

Malware removal help / Re: Possibly infected with a Bitcoin farmer malware

« on: August 20, 2018, 06:01:32 PM »

Thanks, that's good to know! Do you have any idea of where this may have originated from or what it actually was? I'm really curious and wanna know where I got it, was I right to think it started with the MicrosoftRuntimeUpdate.vbe?
By the way since I used RogueKiller the first time it all went back to normal, I just wanted to make sure it was all ok, especially because my anti-virus progams (avast and malwarebytes) didn't detect anything...

Also I would like to ask you to check another issue of mine (even if i don't think it's virus-related) since you look full of resources
I don't know if I have to create another post for this but I may have an issue with my disk space, it basically shows more full space than it should, since if i try to select all the folders in C: they weigh way less than it shows on Computer tab (something like 15-20 GB less), also my Windows folder is reaaally big, it almost hits 40 GB of space, I already tried reducing it by disabilitating the hibernate mode and using the disk cleaning tool, which reduced some space cleaning the Windows Update folder, freeing 8 gb (i think it is winsxs, but it's still really big), the biggest files/folders in Windows are pagefile.sys (15GB) and winsxs folder (15GB), I used WinDirStat to check it. I don't really think it is a virus causing this, but it's still really strange, I don't think it is supposed to be like that, if you can help I would really appreciate!

3

Malware removal help / Re: Possibly infected with a Bitcoin farmer malware

« on: August 20, 2018, 04:27:50 PM »

Here they are

4

Malware removal help / Possibly infected with a Bitcoin farmer malware

« on: August 20, 2018, 09:58:58 AM »

Hi!! So some days ago my computer started acting really weird, there was a constant use of the CPU in the task manager (30% more or less) and my internet just seemed to stopped working, or at least it worked for some minutes after start and then it just kept loading pages indefinitely, I thought it to be a internet problem, but on my other devices it was just fine.. So I did a quickscan with Malwarebytes and it detected ASKTOOLBARINSTALLER-ORJ-SPE[1].7Z and [2].7Z and MicrosoftRuntimeUpdate.vbe in Appdata/Roaming/libraries, looking it up I found people saying it was a bitcoin miner malware, which made sense for how my PC was behaving, anyway I quarantined it and restarted, but the problem was still there, CPU used without anything running and no internet (nothing was showing up in Task Manager either). There were also two processes that autoran on start called 'Microsoft Runtime' and 'Microsoft Runtime Update' starting from that file, that I found in CCleaner.
Anyway I started panicing and tried to use RogueKiller, ComboFix and AdwCleaner in that order, the problem seemed to be fixed after RogueKiller, but I ran the other ones too, I'll leave the logs

I'm asking here to know how I could have get infected and if there may be still something left on my PC, if it can help I think I had this for a long time and only recently it started to completely stop my internet connection, indeed I used to see a chrome.exe process using a lot of CPU in the background even tho I didn't even start it (I use Firefox), I thought it was Chrome trying to update and kept closing the process manually, eventually I tried uninstalling and reinstalling Chrome but nothing changed, after some time this stopped happening with chrome.exe and the same thing was happening with firefox.exe and if I tried to kill the process my Firefox would still run normally, which was really suspicious.
Let me know!! Bye (: