someone harvesting bitcoin on my laptop

Borg 386 · 22 Dec 2012

I couldn't tell you offhand if that would work or not. When you d/l WDO, it's a small file that will connect to the MS site, d/l an ISO file & burn it to disk or FD. You do have the option to create a bootable ISO file as listed in the tutorial.

Other options you can try are ESET Online scanner. Detailed directions on using it can be found at this post:

Unable to get rid of virtool.win32/obfuscator.XZ

Another online scanner you can try is Symantec Security Check. Click on the Virus Detection button to start the scan, you'll be prompted to d/l some items. It will only run in IE.

What you decide to do is your choice, however, as me & whs stated, if you want to be 100% sure that it's clean again, then a clean reinstall is your best option. In the future you may wish to consider making a System Image & when something like this happens down the road, you won't have to reinstall.

Backup Complete Computer - Create an Image Backup

Clean Install Windows 7

Alchemy · 24 Dec 2012

I do not know if anything can be done with either because they were not made when the laptop was used first and therefore, I am unsure if they are clean or not but I have a backup and a windows image on my external hd. Both made within past two months but have had this laptop for 2 years

Borg 386 · 24 Dec 2012

Did you have any success in running ESET or Symantec on your laptop? This looks like your only option (online scanners) since you said you don't have access to clean PC to make WDO. Either that or a clean install.

The image file is going to be your call. If your problems started after you made the file, then it might be worth it to give it a shot since it's more recent & you won't have to catch up on too many updates.

Alchemy · 24 Dec 2012

Hey and Merry Christmas or Happy Holidays to everyone. I did and posted the log but for some reason, it did not show up. ESET found this but I do not know what if I should click delete quarantined files and then click finish or what:

C:\Users\Merlin\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120802210106249.rsc a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined

Borg 386 · 24 Dec 2012

Go ahead & delete it, then click finish. Make sure you have the latest version of Java (Version 7 Update 10).

Information on TrojanDownloader.Agent.NDJ

Encyclopedia entry: Exploit:Java/CVE-2011-3544.T - Learn more about malware - Microsoft Malware Protection Center

Once you have completed the scan, run additional scans with Malwarebytes & MS Safety Scanner

The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Happy & Safe Holidays to you also.

Alchemy · 28 Dec 2012

Scanned with Microsoft Safety Scanner in normal windows and MWB Anti-Mal and received both logs stating this:

Alchemy · 28 Dec 2012

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Database version: v2012.12.21.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Merlin :: ARCHIMEDES [administrator]

12/27/2012 9:44:20 PM
mbam-log-2012-12-28 (00-34-28).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 466088
Time elapsed: 1 hour(s), 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Users\Merlin\Downloads\D7\3rd Party Tools\iehv.exe (PUP.HistoryTool) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\mailpv.exe (PUP.MailPassView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\produkey.exe (PUP.PSWTool.ProductKey) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\webbrowserpassview.exe (PUP.PassView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\WirelessKeyView-x64.exe (PUP.WirelessKeyView) -> No action taken.
C:\Users\Merlin\Downloads\D7\3rd Party Tools\WirelessKeyView.exe (PUP.WirelessKeyView) -> No action taken.

(end)

Borg 386 · 28 Dec 2012

What you have there are listed as Potentially Unwanted Programs, they usually come bundled with other programs. They can contain spyware, malware or viruses depending on the source you got them from.

A PUP is similar to malware in that it may cause problems once it is installed on your computer. However, unlike malware, you consent to a PUP being installed, rather than it installing itself without your knowledge.

Most PUPs are spyware or adware programs that cause undesirable behavior on your computer. Some may simply display annoying advertisements, while others may run background processes that cause your computer to slow down. The label "potentially unwanted program" is a fitting description of these applications because you may not find out about their obnoxious behavior until after they are installed.

Go ahead & re-run Malwarebytes, when finished be sure to check the boxes next to the problems found & put them in quarantine. Malwarebytes, by default, will not remove these unless you specify it to.