Hi!
Two days ago I got a trojan infection. Avast regularly detects wuaudit.exe as a bitcoin miner and quarantines it. I’ve been trying to remove it multiple times with Malverbyte’s Anti-Rootkit, and Anti-Malware as well as with Avast to no avail. After removal it always relocates itself in C:Users/János/AppData/Local/Temp/iswizard. Deleting this folder doesn’t help either as it pops up right after removal.
It looks like the same problem user ggggg had today: http://forum.avast.com/index.php?topic=129465.0
I’d be eternally grateful if somebody could help me with this issue.
:Commands
[CREATERESTOREPOINT]
:OTL
O2 - BHO: (no name) - {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - No CLSID value found.
O4 - HKU\S-1-5-21-1196099747-4077872981-3641871310-1002..\Run: [tsiVideo] C:\windows\SysWOW64\rundll32.exe C:\Users\JNOS~1\AppData\Local\Temp\\tsiVi132.dll,start File not found
:Files
C:Users/János/AppData/Local/Temp/iswizard
C:\Users\JNOS~1\AppData\Local\Temp\_MEI55842
:Commands
[resethosts]
[emptytemp]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
I haven’t gotten an alert since the fix, though I haven’t used the system extensively.
However the files haven’t been relocated in the iswizard folder, so that’s good.
Do you think we are in the green?
Also, can I delete the iswizad folder? Though it’s empty it’s still there.
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Run AdwCleaner and press Uninstall
Delete AswMBR from the desktop
Clear Restore Points
Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
Thank you for your help, I really appreciate it.
I will make sure to do everything I can to avoid further infections.
Have a nice day and good virus hunting!