I've many Application Bitcoin Miner SX notifications in Bitdefender about hijackthis HOT 10 CLOSED

Thank you for the log.
We'll return to you as soon, as we have a free time.

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!

from hijackthis.

Hello,

Please go to Control Panel and uninstall an unwanted software:

SpyHunter 5

Please update the AVZ safe files database:

1. Sart AVZ.
2. Execute database update by going through menu Files -> Update database
3. Close all of the applications and start the Internet Browser you use in your system (for example Internet Explorer, FireFox, Opera etc. – if several are installed on the system - start all of the browsers so that AVZ would analyze all of the plug-ins and extensions used).
4. In AVZ menu select File – Standard scripts. Select script 8 in an opened window ("Collection not recognized and suspicious files") and click "Execute selected scripts". This should take 1-5 minutes. As a result there will be created folder LOG inside of the AVZ folder and an archive named virusinfo_files<PC_name>.zip_
5. Upload this archive as described here.
6. If size of the archive will be more thatn 100 Mb you will need to upload it to any file exchange server that does not require recapture submission (for example: RGhost, Uploadmb.Com, Zippyshare, My-Files.RU, Ge.tt or WebFile) and add a link to it in your next forum message.

Fix in HijackThis following lines:

O3 - HKLM..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O9-32 - Button: HKLM..{2670000A-7350-4f3c-8081-5663EE0C6C49}: (no name) - (no file)
O9-32 - Button: HKLM..{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: (no name) - (no file)
O9-32 - Button: HKLM..{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: (no name) - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\WSISVCUchrome: [CLSID] = {78A543EB-3A61-4ED3- - (no file)
O21 - HKLM..\ShellIconOverlayIdentifiers\00avast: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM..\ShellIconOverlayIdentifiers\� MEGA (Pending): � MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Diego\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O21-32 - HKLM..\ShellIconOverlayIdentifiers\� MEGA (Synced): � MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Diego\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O21-32 - HKLM..\ShellIconOverlayIdentifiers\� MEGA (Syncing): � MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Diego\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task: Driver Booster SkipUAC (Diego) - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe /skipuac (file missing)
O22 - Task: Rerun Warsaw's CoreFixer - C:\WINDOWS\TEMP\is-T6FO4.tmp\corefixer.exe /norerun (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Task: \Microsoft\Windows\Setup\Notifier - C:\WINDOWS\system32\Notifier.exe (file missing)

Then download AdwCleaner (by Malwarebytes) and save it to Desktop.
Run (it should be run by right-clicking as Administrator), press "Scan" and wait.
At the end of the scan log will be found at:
C:\AdwCleaner\Logs\AdwCleaner[Sxx].txt (where x is any digit).
Attach it to your next post here.

from hijackthis.

Hi,

thanks for your help.

Spyhunted was deleted, but his name remains.

The AVZ File > Database Update button is disabled. What I should do?

The AdwCleaner log is attached.

AdwCleaner[C00].txt
AdwCleaner[S00].txt

from hijackthis.

AVZ File > Database Update button is disabled. What I should do?

Skip this and go on, do the 3-rd point.

Next step:
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
• Please attach the logs back here.

from hijackthis.

Hi,

Here are the logs:
https://www98.zippyshare.com/v/jhSdC0Gv/file.html
Addition.txt
FRST.txt

from hijackthis.

Please describe - what kind of problems you still have?

from hijackthis.

I think it was solved with the previous steps. Thanks a lot for the help.

from hijackthis.

OK,
Do the ending steps:
1.

• Please run adwcleaner.exe
• In Settings menu scroll down to - Delete AdwCleaner - choose Delete.
• Confirm deleting pressing Yes.

Rename FRST.exe (or FRST64.exe) to uninstall.exe and run.
Computer will reboot.

All other tools and its folders could be simply deleted. But before that:
2.
Run script in AVZ while Internet is connected:

var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('It is impossible to download AVZ script for finding vulnerability!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.

After script ends and if it find vulnerabilities file avz_log.txt will be open in the Notepad and there'll be download links in it. First of all it depends to browsers, Java, Adobe Acrobat/Reader and Adobe Flash Player. You should download and install needful programs if they exist in avz_log.txt.

Reboot your PC.
Run script again to ensure that all vulnerabilities gone.

from hijackthis.

Hi,

It founds a flash player vulnerability. I downloaded e installed the update.

Now:
Search for critical vulnerabilities
Frequently used critical vulnerabilities not found.

Thanks a lot!!

from hijackthis.

Good luck!

from hijackthis.