Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: someone harvesting bitcoin on my laptop

22 Dec 2012   #11
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

I couldn't tell you offhand if that would work or not. When you d/l WDO, it's a small file that will connect to the MS site, d/l an ISO file & burn it to disk or FD. You do have the option to create a bootable ISO file as listed in the tutorial.

Other options you can try are ESET Online scanner. Detailed directions on using it can be found at this post:

Unable to get rid of virtool.win32/obfuscator.XZ

Another online scanner you can try is Symantec Security Check. Click on the Virus Detection button to start the scan, you'll be prompted to d/l some items. It will only run in IE.

What you decide to do is your choice, however, as me & whs stated, if you want to be 100% sure that it's clean again, then a clean reinstall is your best option. In the future you may wish to consider making a System Image & when something like this happens down the road, you won't have to reinstall.

Backup Complete Computer - Create an Image Backup

Clean Install Windows 7


My System SpecsSystem Spec
.
24 Dec 2012   #12
Alchemy

Windows 7 Home Premium x64
 
 

I do not know if anything can be done with either because they were not made when the laptop was used first and therefore, I am unsure if they are clean or not but I have a backup and a windows image on my external hd. Both made within past two months but have had this laptop for 2 years
My System SpecsSystem Spec
24 Dec 2012   #13
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Did you have any success in running ESET or Symantec on your laptop? This looks like your only option (online scanners) since you said you don't have access to clean PC to make WDO. Either that or a clean install.

The image file is going to be your call. If your problems started after you made the file, then it might be worth it to give it a shot since it's more recent & you won't have to catch up on too many updates.
My System SpecsSystem Spec
.

24 Dec 2012   #14
Alchemy

Windows 7 Home Premium x64
 
 

Hey and Merry Christmas or Happy Holidays to everyone. I did and posted the log but for some reason, it did not show up. ESET found this but I do not know what if I should click delete quarantined files and then click finish or what:

C:\Users\Merlin\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120802210106249.rsc a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
My System SpecsSystem Spec
24 Dec 2012   #15
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

Go ahead & delete it, then click finish. Make sure you have the latest version of Java (Version 7 Update 10).

Information on TrojanDownloader.Agent.NDJ

Encyclopedia entry: Exploit:Java/CVE-2011-3544.T - Learn more about malware - Microsoft Malware Protection Center

Once you have completed the scan, run additional scans with Malwarebytes & MS Safety Scanner

Quote:
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
Happy & Safe Holidays to you also.
My System SpecsSystem Spec
28 Dec 2012   #16
Alchemy

Windows 7 Home Premium x64
 
 

Scanned with Microsoft Safety Scanner in normal windows and MWB Anti-Mal and received both logs stating this:


Attached Files
File Type: txt mbam-log-2012-12-28 (00-34-28).txt (3.0 KB, 2 views)
My System SpecsSystem Spec
28 Dec 2012   #17
Alchemy

Windows 7 Home Premium x64
 
 

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Database version: v2012.12.21.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Merlin :: ARCHIMEDES [administrator]

12/27/2012 9:44:20 PM
mbam-log-2012-12-28 (00-34-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466088
Time elapsed: 1 hour(s), 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Merlin\Downloads\D7\3rd Party Tools\iehv.exe (PUP.HistoryTool) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\mailpv.exe (PUP.MailPassView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\produkey.exe (PUP.PSWTool.ProductKey) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\webbrowserpassview.exe (PUP.PassView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\WirelessKeyView-x64.exe (PUP.WirelessKeyView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\WirelessKeyView.exe (PUP.WirelessKeyView) -> No action taken.

(end)
My System SpecsSystem Spec
28 Dec 2012   #18
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

What you have there are listed as Potentially Unwanted Programs, they usually come bundled with other programs. They can contain spyware, malware or viruses depending on the source you got them from.

Quote:
A PUP is similar to malware in that it may cause problems once it is installed on your computer. However, unlike malware, you consent to a PUP being installed, rather than it installing itself without your knowledge.

Most PUPs are spyware or adware programs that cause undesirable behavior on your computer. Some may simply display annoying advertisements, while others may run background processes that cause your computer to slow down. The label "potentially unwanted program" is a fitting description of these applications because you may not find out about their obnoxious behavior until after they are installed.
Go ahead & re-run Malwarebytes, when finished be sure to check the boxes next to the problems found & put them in quarantine. Malwarebytes, by default, will not remove these unless you specify it to.
My System SpecsSystem Spec
Reply

 someone harvesting bitcoin on my laptop




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Norwegian manís forgotten $27 investment in Bitcoin now worth $886,000
Source A Guy
Chillout Room
Anyone use BitCoin?
"Bitcoin is an experimental, decentralized digital currency that enables instant payments to anyone, anywhere in the world. It is based on an open-source, peer-to-peer Internet protocol." You might want to read this report! BitCoin Jackers Ask:
Chillout Room
BSOD while bitcoin mining for ~ 30 mins
Hey guys. I have set up a bit coin mining rig. Fresh windows 7 64 bit home premium. 2x6950 and 6970 on a 990fx UD7, Using a 555BE unlocked to quad. After setting the mining going it runs fine but randomly crashes. Graphic card temps are bout 70 degrees and they are stock clocked atm. ...
BSOD Help and Support


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 21:52.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App