I have encountered a problem with my computer’s speed (slow) yesterday when I was watching multimedia application in Mozilla browser. I started a quick scan with MBAM and it found some PUP.BitCoinMiner troubles which could be removed after restart. But the problems weren’t gone. When computer restarted I started quick scan again (just to make sure), there were still some troubles. I decided to perform a full scan in safe mode and again there were a lot of troubles (Trojan.Agent.VBS, Misused.Legit.AI, Trojan.Agent.BCM,…). Restarted again but still no good. I tried to find the answer online, but the problem was even worse (like the “virus” was multipling after connected with internet - I disconnected after first problems were found). I don’t know what to do, I cannot disinfect my computer (using safe mode or not).
I followed your instruction, I am attaching logs (a few of MBAM).
[*]Close any open browsers
[*]Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool . Please wait for the tool to start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Please download ComboFix by sUBsfrom here and save it to your Desktop. If you are unsure how ComboFix works please read this guide carefully. Note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix. If you are unsure how to do this please read this or this Instruction.
Instructions how to disable avast:
[*]Right click on the avast! system tray icon ( http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.
Run ComboFix. Click on I Agree!
[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.[/size]
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
[/i]
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])
The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.