Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!


  1. Mr Davo
    Posts : 173
    Windows 7 (XP, by Virtualization)
       New #1

    Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!


    Hi Everyone,

    I noticed a suspicious message on my computer when first logging on -



    MalwareBytes identified the issue as 'Trojan.Bitcoin' and moved it to Quarantine (as shown in the attached log file), however I am still seeing the message (above) whenever logging onto Windows.

    I would really like to remove all traces of this Trojan, and until I do so I am not confident that my computer is secure.

    Has anybody else experienced this Trojan, and if so did you manage to remove this message box?

    Kind Regards,

    Davo
    Message box keeps popping up on my screen (at logon) - Trojan Bitcoin! Attached Files
      My Computer
    Quote Quote

  3. Mr Davo
    Posts : 173
    Windows 7 (XP, by Virtualization)
    Thread Starter
       New #2

    Hi Everyone,

    After doing some more research I realized that the threat which had infected my computer was quite common, and was called different things by different protection programs. Here is a link that describes the infection in greater detail -

    http://www.herdprotect.com/defrag.ex...7994fcb4f.aspx

    For those interested in a little extra reading; I found this article to be quite informative -

    New trojan hijacks your PC for Bitcoin mining

    Whilst running an up to date version of MalwareBytes did seem to quarantine the Trojan (please see attached log), ultimately it did not stop it completely. Instead I was constantly seeing the message that started my thread...

    After doing a little digging in my file system I found the offending folder that still contained some files that were part of the Trojan threat.



    The 'def.bat' file (above) was found to contain the offending Windows Script Host commands -



    Once I knew what the Trojan was doing I double checked Msconfig for any unusual entries, and found -



    I could not take a screen shot of the entire Msconfig entry in one go so here is some more...



    I unchecked the Msconfig entry for this Trojan, and manually performed a 'permanent' delete (with SHIFT + DELETE) on the files contained in the Cache folder. After rebooting the message did not present on screen again, and the Cache folder was clean -



    Once more I am running a full MalwareBytes scan, and once this completes I will scan with additional Anti-Virus programs before being convinced that my system is completely clean. However I think that I am now on the right track...

    Kind Regards,

    Davo
      My Computer
    Quote Quote

  4. Jacee
    Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       New #3

    Let us know what MBam found ... post the log!
      My Computer
    Quote Quote

  6. Mr Davo
    Posts : 173
    Windows 7 (XP, by Virtualization)
    Thread Starter
       New #4

    Hi,

    The MalwareBytes log is attached to my original post.

    Kind Regards,

    Davo
      My Computer
    Quote Quote

 

  Related Discussions
Hello! I wanna know how to change win7 logon screen to win xp logon screen/classic i know its possible but my other question is can i activate a hotkey to access that classic logon like using alt ctrl del to only access that classic logon screen only if i don't press ctrl alt del windows will show...
Windows update message box keeps popping up
in Windows Updates & Activation

Hi all, Recently we have a computer which keeps popping up the Windows update message box. 376720 Weird things are: 1. Windows update shows that this computer is up-to-date and no failed updates in the update history 2. The "Restart now" button is greyed out, which does not seems like...
The yellow bar with the "update" message pops up on some sites, but not all sites. I hesitate to do updates on things I don't understand, so I'd like to get rid of that annoying popup. Any ideas? http://dickh.zenfolio.com/img/s2/v51/p296332187-4.jpg
Using the method in this post ... Writer I Am: Creating an Hourly Reminder in Windows Why is the message displaying under current windows? Is there a way to force it to the front? Thanks, Ashley
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 15:25.
Find Us