Please help with Win32:BitCoinMiner-CA[Trj]

Dear Experts,

Please help with the removal of this trojan.
It has been a day since the first warning of this trojan from avast.
I first try the TFC, and so far (2 hours after i ran it) there isn’t any trojan activities appear from avast.
Please find attached the logs.
Thank you so much.

removers are notified…

One more log.
Please help, thank you so much :slight_smile:

it may take some hours before any removal specialist arrive so be patient. :wink:

Yes, Pondus.
Thank you for your friendliness :slight_smile:

Hi, I will be working on your Malware issues.

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
O4 - HKU\S-1-5-21-969727876-1222006065-2701588059-1000..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\SUGIXI~1\AppData\Local\Temp\\tsiVi132.dll,start File not found
O33 - MountPoints2\{c8986139-d43c-11e2-87c9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c8986139-d43c-11e2-87c9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun\AutoRunX\AutoRunX.exe
O33 - MountPoints2\{e6ceaed1-d43b-11e2-ba24-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e6ceaed1-d43b-11e2-ba24-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe

:commands
[CREATERESTOREPOINT]
[emptytemp]



[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

I run the command, like the pic attached, but the program is not responding and i have to hard reset it.
Did i do it wrong?
Please advise :slight_smile:
Thank you

Please download zoek.zip (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Dear Argus,

I downloaded zoek.zip, extracted it in desktop, closed the browser, disabled antivirus, ran zoek.exe, copied and ran the script like the pic attached.
Please find the log attached also. Is everything OK now?
Thank you :slight_smile:

Not showing it zoek…

Please turn off Malwarebytes and run again OTL fix.

I didn’t run Malwarebytes. And I don’t find it in processes.
Where can I find it?

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

Startup :wink:

Uninstall Malwarebytes and run fix.

Dear Argus,

I’m sorry but i don’t really understand hahaha…
I uninstalled the Malwarebytes after reading your last post, then i opened OTL and clicked Run Fix but it said, “No fix has been provided”.
What is it actually am i supposed to do?

Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

Do you do this??

See my first post.

Dear Argus,

I think i made mistake, i have just tried the command and here’s the result.
Should i install Malwarebytes again and run the command on OTL?

Dear Argus,

I run the command and here is the result.
Is it okay?
Thank you so much

Another check

Re-run OTL and click Run scan

Attach here log. (OTL.txt)

Dear Argus,

I ran the scan just like http://forum.avast.com/index.php?topic=53253.0
minus the command on Custom Scans/Fixes.
Here’s the log, thank you

OK, system is clean.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.