![]() |
|
09 Jun 2014 | #1 |
|
Message box keeps popping up on my screen (at logon) - Trojan Bitcoin!
Hi Everyone,
I noticed a suspicious message on my computer when first logging on - ![]() MalwareBytes identified the issue as 'Trojan.Bitcoin' and moved it to Quarantine (as shown in the attached log file), however I am still seeing the message (above) whenever logging onto Windows. I would really like to remove all traces of this Trojan, and until I do so I am not confident that my computer is secure. Has anybody else experienced this Trojan, and if so did you manage to remove this message box? Kind Regards, Davo |
My System Specs![]() |
. |
|
09 Jun 2014 | #2 |
|
Hi Everyone,
After doing some more research I realized that the threat which had infected my computer was quite common, and was called different things by different protection programs. Here is a link that describes the infection in greater detail - http://www.herdprotect.com/defrag.ex...7994fcb4f.aspx For those interested in a little extra reading; I found this article to be quite informative - New trojan hijacks your PC for Bitcoin mining Whilst running an up to date version of MalwareBytes did seem to quarantine the Trojan (please see attached log), ultimately it did not stop it completely. Instead I was constantly seeing the message that started my thread... After doing a little digging in my file system I found the offending folder that still contained some files that were part of the Trojan threat. ![]() The 'def.bat' file (above) was found to contain the offending Windows Script Host commands - ![]() Once I knew what the Trojan was doing I double checked Msconfig for any unusual entries, and found - ![]() I could not take a screen shot of the entire Msconfig entry in one go so here is some more... ![]() I unchecked the Msconfig entry for this Trojan, and manually performed a 'permanent' delete (with SHIFT + DELETE) on the files contained in the Cache folder. After rebooting the message did not present on screen again, and the Cache folder was clean - ![]() Once more I am running a full MalwareBytes scan, and once this completes I will scan with additional Anti-Virus programs before being convinced that my system is completely clean. However I think that I am now on the right track... Kind Regards, Davo |
My System Specs![]() |
09 Jun 2014 | #3 |
![]() |
Let us know what MBam found ... post the log!
|
My System Specs![]() |
. |
|
09 Jun 2014 | #4 |
|
Hi,
The MalwareBytes log is attached to my original post. Kind Regards, Davo |
My System Specs![]() |
![]() |
Thread Tools | |
Similar help and support threads | ||||
Thread | Forum | |||
How To Change Win7 Ultimate logon screen to classic win xp logon scree Hello! I wanna know how to change win7 logon screen to win xp logon screen/classic i know its possible but my other question is can i activate a hotkey to access that classic logon like using alt ctrl del to only access that classic logon screen only if i don't press ctrl alt del windows will show... |
Themes and Styles | |||
Windows update message box keeps popping up Hi all, Recently we have a computer which keeps popping up the Windows update message box. Weird things are: 1. Windows update shows that this computer is up-to-date and no failed updates in the update history 2. The "Restart now" button is greyed out, which does not seems like normal... |
Windows Updates & Activation | |||
Update Plugins message popping up. The yellow bar with the "update" message pops up on some sites, but not all sites. I hesitate to do updates on things I don't understand, so I'd like to get rid of that annoying popup. Any ideas? http://dickh.zenfolio.com/img/s2/v51/p296332187-4.jpg |
Browsers & Mail | |||
Scheduled task message popping up in background ... Using the method in this post ... Writer I Am: Creating an Hourly Reminder in Windows Why is the message displaying under current windows? Is there a way to force it to the front? Thanks, Ashley |
General Discussion |
Our Sites |
Site Links |
About Us |
Find Us |
Windows 7 Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd All times are GMT -5. The time now is 05:19. |
![]() ![]() ![]() ![]() ![]() |