Malicious software help

Page 1 of 2 12 LastLast

  1. Posts : 48
    Windows Seven Ultimate x64
       #1

    Malicious software help


    While its not technically a virus, what is going on here is annoying and I cannot make it stop.

    in my Appdata/roaming/microsoft/windows/start menu/programs folder is a folder called startup. no matter what I do including weeding out all the startup services I can that I don't recognize with msconfig a program that is mining bitcoins for someone is added to that folder and run on start up. I cannot figure out what program is creating this, and I thus do not know how to remove it. Virus scans with many different programs all do nothing, including rootkitremover and malwarebytes. even setting these to not run on start up still has them running on start up. Worse yet, it takes around 15 minutes or so (haven't actually timed it) for the contents of that folder to be created and run. Any Ideas?

    Edit: I also ran a program called combofix
      My Computer


  2. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #2

    It sound like something that has been added to one of your browsers.

    I'm no expert on anything but I use this free program for such problems on my computers from Bleeping Computer site.

    Downloading AdwCleaner
      My Computer


  3. Posts : 48
    Windows Seven Ultimate x64
    Thread Starter
       #3

    I ran that program and it says it removed something that malwarebytes was supposed to have gotten rid of, so hopefully it did the trick. I'll keep you up to date
      My Computer


  4. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #4

    No one program does it all or we would all have that program. This bitcoin thing is not considered a malware or a virus officially but you and I think it is. It probably came as a add on form something you downloaded and you didn't notice it at the time.
    Do keep us informed.
      My Computer


  5. Posts : 48
    Windows Seven Ultimate x64
    Thread Starter
       #5

    oh, I only mentioned malwarebytes because 2 of the things adw removed were things that MWB said it was taking off. So far so good.
      My Computer


  6. Posts : 28
    Windows 7 Home Premium (x64) Service Pack 1 (build 7601)
       #6

    In the meantime, you can DL FireFox Portable and use it until you get your main browser sorted.
    It's a small portable version of Firefox that an be put anywhere on your computer. No installation required.
    I like it enough that I've removed Firefox and only run Firefox Portable.
    It can be installed on a flash drive and moved from box to box if needed.

    Mozilla Firefox, Portable Edition | PortableApps.com - Portable software for USB, portable and cloud drives
      My Computer


  7. Posts : 48
    Windows Seven Ultimate x64
    Thread Starter
       #7

    nope. whatever it is that's doing this is still here. really really annoying at this point.

    Edit: found some files in my %temp% folder, that contain all the files put into my start folder, and these are all .exe's. Clearly I have a trojan that is downloading this crap, but nothing is able to find+remove it
      My Computer


  8. Posts : 48
    Windows Seven Ultimate x64
    Thread Starter
       #8

    well, the scan is going. I looked at the keys in currentversion\run and saw there was an extra instruction to run some files on java, so I went to the %appdata% folder and removed those too. hopefully a combination of these things will knock this out. I guess that will teach me to keep on top of java updates better.
      My Computer


  9. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #9

    Java for a few months has been nothing but trouble in many ways and has more updates than their is blades of grass in a ball park.
    If you don't need Java you can remove it completely as I have done.
    If you need Java try FileHippo Updater. It works well for me checking programs for updates. I use it once a day.

    FileHippo.com Update Checker - FileHippo.com
      My Computer


  10. Posts : 48
    Windows Seven Ultimate x64
    Thread Starter
       #10

    well, scan said I was clean (takes forever too!) hopefully it's right. I will double check the registry to make sure whatever does what its doing hasn't re-added those keys.

    What really sucks is I can tell that it is back when I notice how hot my laptop is getting while setting idle. it only takes like 53k of memory, but it brings my cpu usage up to around 28-35% while its running. not to mention since it's abusing my graphics chip watching youtube is jittery and choppy.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 10:38.
Find Us