0 Members and 2 Guests are viewing this topic.
I use MalwareBytes Anti-Malware Premium for scanning and protection. When I first got infected I believe I removed the dll file with MalwareBytes but I was still getting a lot of CPU slowdown so I googled it and found someone who had the same problem (an infection in mdi064.dll). Someone replied recommending running both Roguekiller and Combofix (which I have used before) and after running both successfully, it seemed the infection was dealt with, aside from that PUM on my homepage.
I do use DAEMON Tools quite regularly. However I'd had it installed for a long time and only recently found these IRP hooks.
This is the removal process I followed: http://www.bleepingcomputer.com/forums/t/509791/dwmexetrojanbitcoinminer-detected-by-malwarebytes/ I'm not the person who made that thread, I just followed the instuctions because it seemed like a similar infection.As for the original MalwareBytes log, I had to do some digging through old results to find it, as I've done a number of scans with MalwareBytes since and they have all come back clean. The original scan (done on the 7th) found a virus in dwm.exe.I then used Roguekiller and found more infected files, including mdi064.dll, which I also was able to remove. I included that log from Roguekiller as well.
As for Daemon Tools, I have not recently updated it or reinstalled it or anything like that, and it doesn't appear to be running currently. Do you think that it could still be causing those hooks to show up? BTW the version of Daemon Tools is the 4.47 Lite version.
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
I ran the Farbar Recovery tool and uploaded the logs.
As it turns out I was running Daemon Tools after all, and after closing it and running Roguekiller again those IRP hooks no longer showed up.
However, the PUM on my homepage is still there - I'm still not sure what that is. I'm guessing it's most likely harmless?
Yeah my computer did need a restart. I noticed in the log that the fixlist was looking for Combofix, but I had removed it after I used it the first time because that other forum thread suggested deleting it. Should I redownload Combofix and run the fixlist again?
Thank you!And thanks for the reassurance about the PUM.