cpuminer-gw64

Good day. i have a problem.

  1. 5 hours ago i downloaded https://zima31g.storage.yandex.net/rdisk/ed244a9fd0a96fcc6d4932df8408d8f67e374077042779e5a26893ff4874a07e/557c7dae/u-sGwJt_RqxJfwofAdIOTuo3Ay7LPd7r9MeP-Hrq7Qo_jStuUWBSzExIMaPwupxhAENpB7EaM-FbH9so2nYMHQ==?uid=0&filename=Price_Action.rar&disposition=attachment&hash=XOuwfnzuC6ZVToDPOmhgYYIYz%2BIaUIr7c/wtgBO19og%3D&limit=0&content_type=application%2Fx-rar&fsize=3302184&hid=0f29569411a22151f53d6b97a7ef4870&media_type=compressed&tknv=v2&rtoken=4937bf36fe9d25b25f0860baa8de4dd6&force_default=no
  2. 4 hours ago http://travian-bot.ru/K7I1NzQwNTJSK7Y1tDRUK7XNKCkpUDV2VDVyA6Ly8nK9osSinMQkveT8XKAAkAMSzswDMnQrzEx0TY0M9VIrUtXybMMz84Icg-JN9aAiVbYmhpYmxgYmaiW2EA0A
  3. found 18 viruses, but i still have many processes and programs that i can’t control. can U help me with this issue?
  4. cpuminer-gw64 and surfing protection (i can’t delete them manually)

Follow instructions here https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs

scan logs.

  1. smth is still not deleted
  2. every boot i have a porn star page in chrome

Hi Ivan160, welcome to the forum :slight_smile:

In the same directory as the FRST.txt log there should be an Additions.txt log as well. Please attach that too.
You will be helped as soon as possible.

Greetz, Red.

attached. thanks for your time.

Your first link is not available.

Second link is to download WinRar but with a Virus.
Virus call Luhe Fiha
Luhe Fiha is a malicious software that once it is executed has the capability of replicating itself and infect other files and programs. These type of malware, called Viruses, can steal hard disk space and memory that slows down or completely halts your PC. It can also corrupt or delete data, erase your hard drive, steal personal information, hijack your screen and spam your contacts to spread itself to other users. Usually, a Virus is received as an attachment on an email or instant message. Luhe Fiha is currently ranked 27 in the world of online malware.

Let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Download the attached Fixlist.txt to the same location as FRST

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

It works as i see. some problems with chrome and start pages. i’ll try to reinstall it. The main progress is no cmd windows while booting.

What problems are you experiencing with chrome ?

http://udacha.club/clbv/p7202/EAVB4/?at=1&goto=site&mir=1

and many others starting pages like this. (i don’t know what to do to remove this shit)

  1. all cash and cookies deleted
  2. chrome reinstalled

no result

Is this in chrome only ?

Could I have a fresh FRST scan please

here they are.
As u can see in the last doc file, there are always alerts with chrome. I use onle chrome, but i’ve checked IE and everything is the same.

Start with removing everything from IObit:
https://forums.malwarebytes.org/index.php?/topic/29681-iobit-steals-malwarebytes-intellectual-property/

OK lets try again

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\...\Run: [gpuminer] => C:\Users\Hudyakov\AppData\Roaming\cpuminer\sgminer\sgminer.cmd GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKU\S-1-5-21-2668243879-3027452634-3090891347-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://spacesearch.ru/?ri=1&rsid=4bc1e5e1f04fb7bfd478683ed7f8f7a9&q={searchTerms} URLSearchHook: HKU\S-1-5-21-2668243879-3027452634-3090891347-1001 - (No Name) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - No File DefaultPrefix-x32: => http://spacesearch.ru/?ri=1&rsid=4bc1e5e1f04fb7bfd478683ed7f8f7a9&q= <==== ATTENTION C:\Users\Hudyakov\AppData\Roaming\cpuminer Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that