need help with Win32:BitCoinMiner-B [PUP]

Hi all.
iv got a virus some weeks ago and cant delete it!
At the scan that runs before starting the computer i have noticed 2 viruses:

  • Win32:BitCoinMiner-B [PUP]
  • Win32:Sirefef-PL [rtk]

and every 5 minuts avast throws me a new file infected warning.

which logs should i upload?
Any help on deleting this virus would be greatly appreciated.

Also,
the warnings says:
“infection: Win32:ZAccess-JC [Trj]”
“infection: Win32:Trojan-gen”
“infection: Win32:Malware-gen”

This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.

Sorry DavidR im new in this forum.
what do you mean with "This needs further analysis by a malware removal specialist: "?
i wont find help in avast forum??
what do you recomend?

Hi brunofas,

Well help is out here in the avast forum. We are so lucky to have a couple of qualified removal experts in our midst, that help in these cases, so go read here how to provide the logs http://forum.avast.com/index.php?topic=53253.0
and the removal expert that has been informed by DavidR will soon come to assist you cleansing. Best is to follow his instructions to the dot, and you will be out of the woods before long. All will be well, and our removal experts are the best around. Trust me,

polonus

  1. Exactly that, gathering information for the specialists so they can clean the system. These zero access infections can be complex and needs specialist tools to find it and a customised script to remove it. This is why it should be done by a specialist, who can help/guide you through to the process.

  2. The specialists are forum members (volunteers) and they will be working with you in this topic in this forum.

First of all thanks for the reply!
And here goes the logs attached and a few comments…

aswMBR crashes after finding 3 files infected:
C:/windows/system32/services.exe - Win32:Sirefef-ZT (Trj)
C:/windows/assembly/GAC_32/Desktop.ini - Win32:Sirefef-PL (Rtk)
C:/windows/assembly/GAC_64/Desktop.ini - Win32:Sirefef-PL (Rtk)

RogueKiller also created a RK_Quarentine on desktop. what should i do with this?

I cant attach the OTL log because it has 194 kb… should i delete some lines?

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.

But now you have attached the logs when someone is available they will have something to work with.

you may upload OTL to some file share site, like mediafire.com and post the download link here

I suggest to upload it here and post the link: http://www.pastebucket.com

Here is the link to OTL’s file.
http://www.mediafire.com/view/?x1w0wwd5jlmgzm3

thanks