Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!

09 Jun 2014   #1
Mr Davo

Windows 7 (XP, by Virtualization)
 
 
Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!

Hi Everyone,

I noticed a suspicious message on my computer when first logging on -



MalwareBytes identified the issue as 'Trojan.Bitcoin' and moved it to Quarantine (as shown in the attached log file), however I am still seeing the message (above) whenever logging onto Windows.

I would really like to remove all traces of this Trojan, and until I do so I am not confident that my computer is secure.

Has anybody else experienced this Trojan, and if so did you manage to remove this message box?

Kind Regards,

Davo




Attached Files
File Type: txt protection-log-2014-05-30.txt (954 Bytes, 2 views)
My System SpecsSystem Spec
09 Jun 2014   #2
Mr Davo

Windows 7 (XP, by Virtualization)
 
 

Hi Everyone,

After doing some more research I realized that the threat which had infected my computer was quite common, and was called different things by different protection programs. Here is a link that describes the infection in greater detail -

http://www.herdprotect.com/defrag.ex...7994fcb4f.aspx

For those interested in a little extra reading; I found this article to be quite informative -

New trojan hijacks your PC for Bitcoin mining

Whilst running an up to date version of MalwareBytes did seem to quarantine the Trojan (please see attached log), ultimately it did not stop it completely. Instead I was constantly seeing the message that started my thread...

After doing a little digging in my file system I found the offending folder that still contained some files that were part of the Trojan threat.



The 'def.bat' file (above) was found to contain the offending Windows Script Host commands -



Once I knew what the Trojan was doing I double checked Msconfig for any unusual entries, and found -



I could not take a screen shot of the entire Msconfig entry in one go so here is some more...



I unchecked the Msconfig entry for this Trojan, and manually performed a 'permanent' delete (with SHIFT + DELETE) on the files contained in the Cache folder. After rebooting the message did not present on screen again, and the Cache folder was clean -



Once more I am running a full MalwareBytes scan, and once this completes I will scan with additional Anti-Virus programs before being convinced that my system is completely clean. However I think that I am now on the right track...

Kind Regards,

Davo
My System SpecsSystem Spec
09 Jun 2014   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let us know what MBam found ... post the log!
My System SpecsSystem Spec
09 Jun 2014   #4
Mr Davo

Windows 7 (XP, by Virtualization)
 
 

Hi,

The MalwareBytes log is attached to my original post.

Kind Regards,

Davo
My System SpecsSystem Spec
Reply

 Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!




Thread Tools



Similar help and support threads for2: Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!
Thread Forum
Update Plugins message popping up. Browsers & Mail
Solved Scheduled task message popping up in background ... General Discussion
Solved Logon screen, change/remove logon picture Customization
New Trojan Targets Bitcoin Wallets Security News
How to change Logon screen Picture frame (before logon) Customization

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:40 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App