Inactive BitCoinMiner.PD Infection, Removal Failed.

[Matthewlotts]

I have tried everything to get this virus off of my pc and nothing is working for long. First I attempted to uninstall manually once I tracked down what I thought was the root but it just kept coming back, I then ran around 5 different anti virus and only one of them found anything associated but even then it still came back.

I first noticed the issue when my GPU was at 100% usage while idle, this is not normal considering my pc is pretty modern and not a slouch in any regard.

I have searched the web for answers but have fund nothing helpful.

The files I keep coming across are:

BitCoinMiner.PD

misiexec64.exe

syswow65

Traceroute command

Traceert


Any ideas ?

 

[Matthewlotts]

Sorry for the lack of farbar recovery text log, I am not even able to download it.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

"I am not even able to download it." - please explain.

 

[Matthewlotts]

The virus seems to detect certain phrases I type in to each browser I have attempted as once I type phrases like virus, defender or recovery it closes the browser.

Thanks for the reply!

 

[Broni]

Do you have an access to some other computer to download necessary files?

 

[Matthewlotts]

Not at this moment in time, no. I know people with computers who would let me use them but it's quite late here so I wouldn't be able to right now. Depending on the software I might already have it on my machine or on an old usb I have full of anti virus stuff, I decided not try anything on there however as this virus seems very definsive and wanted some advice before proceeding.

 

[Broni]

Having logs from FRST would give me better idea what's going on there, so try to get those through your friend's computer.

 

[Matthewlotts]

I managed to download the file on my phone and use that as a usb to transfer the first installer. I opened it successfully but after it opens and it says it is creating the initial logs and it may take a few seconds, I get one alert after the other saying write permission is denied. any advice on what to do at this point ?

 

[Broni]

We need to access your computer from the outside...

NOTE Use another working computer to download Farbar Recovery Scan Tool and save it to USB flash drive.


For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 10 If you're having problems accessing System Recovery Options create Windows 10 USB or DVD as described here: http://betanews.com/2015/07/29/how-...your-own-installation-usb-flash-drive-or-dvd/ and boot from it.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. To access Advanced Boot Options start and shut down computer TWICE. On third start you should see Advanced Boot Options.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• Startup Repair
• System Restore
• Windows Complete PC Restore
• Windows Memory Diagnostic Tool
• Command Prompt

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.