Please help me removing this virus, it kills me
Avast keeps telling me that it has found&blocked c:users/Pentakristal/appdata/local/temp/iswizard/wuaudit.exe
Win32:BitcoinMiner-CA[Trj]
C:\Windows\SysWOW64\rundll32.exe
Logs attached
Please help me removing this virus, it kills me
Avast keeps telling me that it has found&blocked c:users/Pentakristal/appdata/local/temp/iswizard/wuaudit.exe
Win32:BitcoinMiner-CA[Trj]
C:\Windows\SysWOW64\rundll32.exe
Logs attached
OTL
Hello.
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
MOD - [2013/08/22 05:48:57 | 001,504,768 | ---- | M] () -- C:\Users\Pentakristal\AppData\Local\Temp\tsiVi332.dll
O4 - HKU\S-1-5-21-2424716169-1927615775-132645528-1000..\Run: [tsiVideo] C:\Users\Pentakristal\AppData\Local\Temp\tsiVi332.dll ()
O33 - MountPoints2\{0f63194e-dec0-11e2-b582-c86000bde767}\Shell - "" = AutoRun
O33 - MountPoints2\{0f63194e-dec0-11e2-b582-c86000bde767}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011/03/17 03:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{15d457b8-82a0-11e2-8ff8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15d457b8-82a0-11e2-8ff8-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011/03/17 03:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{17e9e6d8-829f-11e2-874e-caf1b3f585eb}\Shell - "" = AutoRun
O33 - MountPoints2\{17e9e6d8-829f-11e2-874e-caf1b3f585eb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1c491ad9-e879-11e2-9bb8-c86000bde767}\Shell - "" = AutoRun
O33 - MountPoints2\{1c491ad9-e879-11e2-9bb8-c86000bde767}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011/03/17 03:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\{3db55267-bd0a-11e2-b2ad-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{3db55267-bd0a-11e2-b2ad-001e101f1f81}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{b4eee8c1-a5d1-11e2-8646-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{b4eee8c1-a5d1-11e2-8646-001e101f9843}\Shell\AutoRun\command - "" = L:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2011/03/17 03:57:22 | 000,148,320 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
:commands
[CREATERESTOREPOINT]
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
hey thanks for the reply, im the one who posted above, but my account/computer got suspened.
log attached
How looks now the system?
big thanks for your help, now my system is clean.
only had this problem after run fix OTL:
the chrome’s address bar seems got wider
already set to default, reinstall (fresh download), but doesnt work
http://s11.postimg.org/w32prgijn/Untitled.jpg
but it’s okay, not a big deal. just wanna say thanks
Please download zoek.exe and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.zip to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
chrdefaults;
autoclean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”
I hope that this will solve the problem, if not, I’ll see if there is some crap in chrome.
It doesnt fix, it just restart chrome’s setting to default and some of my app got deleted.
also, my computer got banned again, it says:
“sorry pentakristal, you are banned from using this forum!
this ban is not set to expire”
log is not attached since im posting this with my phone.
log attached
Re-run zoek with this script
filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;
just realized another problem: my screen wont turn off, even i’ve set it to 20 minutes
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
http://fotkica.com/thumbs3/1_tmb_65588090_delfix.gif.jpg
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.