Help with Win32:BitCoinMiner-CA (Trj)

Dear friends,

I got infected with Win32:BitCoinMiner-CA (Trj) and my Avast Antivirus is constantly popping a message about the infection. The path is:

C:\Users\Filkam\AppData\Local\Temp\iswizard\wuaudit.exe

I tried different programs to remove it, but had no success. Tdsskiller and MBAM quick scan doesn’t detect it. It is only detected by MBAM full scan - i got 3 infected files in that directory - C:\Users\Filkam\AppData\Local\Temp\iswizard\ Deleting the directory didn’t do any good either. My screen goes black every 5 minutes for 2-3 seconds and I continue to receive a message that my NVidia display driver stopped responding and recovered.

I enclose the logs from OTL and aswMBR.exe. I will be very glad if you can give me some solution how to remove the trojan.

Many thanks in advance!

removers are notified… should be here soon…

This should stop it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKU\S-1-5-21-3348895688-2950632305-3319571672-1000..\Run: [tsiVideo] C:\Users\Filkam\AppData\Local\Temp\tsiVi232.dll ()

:Files
C:\Users\Filkam\AppData\Local\Temp\iswizard

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

essexboy,

Thanks for your reply. I applied the fix. I enclose the log from the Quick scan of OTL.

P.S.
I got no more black screens and my computer definitely works much faster. Let me know what should I do next.

Just let me know tomorrow if all is still well and then I will remove my tools :slight_smile:

Everything is fine now, no more black screens, no sign of malicious activity, computer runs as it should be. The only detection now is in the “moved files” directory in _OTL folder, which is normal, I suppose.

I attach the latest log from MBAM scan. Let me know how to remove the tools and the remains of the trojan.

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run AdwCleaner and select Uninstall

Delete AswMBR from the desktop

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:

Thanks a lot, essexboy,

Everything is fine now, I ran some tests from MBAM and Avast, no infection, computer is clean. Thanks for all your recommendations, I downloaded the programs, they look very useful indeed.
Still can’t believe it - after I tried for a whole day to remove the trojan, you did it for 5 minutes. You are a real magician. Many thanks again!

My pleasure … Keep safe :slight_smile: