Please, help me remove virus Crypto mining virus!! – Virus, Trojan, Spyware, and Malware Removal Help

0
13


Hello there I’m in urgent need for help as I’m using my father’s bosses’ old pc, I am a total dumbass I don’t know much about computers.

About a month ago I downloaded Internet Download Manager patch from crackingcity.com (I’m posting the website name so that other reading this post should be aware that this websites distributes viruses, I have no intentions of promoting) and after that I have been noticing COMSurrogate process taking up about 90% of CPU usage in task manager.  It even made my pc fans run loudly. At first I was ignorant but when I checked task manager I found the culprit.

Even since I’m struggling to get rid of this malware, firstly I uninstalled IDM. Then i tried every websites on malware removal guide based on this particular virus. Mostly all suggested using anti-virus, which didn’t help much, so i tried the manual removal and managed to stop it from running in task manager. That included deleting a lot of registry files which were parts of the malware.

 

But even after trying everything I noticed, two remnants of the malware one registry item called MSDLLHelper under HKUS-1-5-21-2376670492-3024356693-3209832367-1001SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN|MSDllHelper and a program call DLLHost.exe under C:/User/admin/Appdata/Roaming/DLL/Dllhost.exe. I downloaded AutoRuns and tied deleting both entries but every time I boot up my PC this 2 malware will show up again and I had to delete them again.

I get want to get rid f the Folder named DLL from roaming one and for all. So is there any way to remove them for good and prevent them from spawning again? I understand I need to attach some logs and the fix scripts from other posts are user specific, please assist me with the process, thanks. 

 

One more thing when I boot my pc I found the DLL folder in roaming shows as empty, after say about 2 minutes a file named WinRing0x64.sys show up, a minuite later a rar named VS_files.rar shows up it auto converts to dllhost.exe. Once’s the file named dllhost.exe show up, a regidit entrée named MSDllHelper gets created. 

 

This is the log file of hitmanpro 

 C:UsersadminAppDataRoamingDlldlIhost.exe -> Deleted

      Size . . . . . . . : 4,701,696 bytes

      Age  . . . . . . . : 37.4 days (2021-01-29 14:43:38)

      Entropy  . . . . . : 6.6

      SHA-256  . . . . . : 43A3A0A88FB16141277CFA3E4E81B38E10A98C4ACBDF6B9D468286875746156E

      Product  . . . . . : Microsoft® Windows® Operating System

      Publisher  . . . . : Microsoft Corporation

      Description  . . . : COM Surrogate

      Version  . . . . . : 10.0.18362.1

      LanguageID . . . . : 0

    > Bitdefender  . . . : Gen:Variant.Application.Miner.24

    > SurfRight  . . . . : Generic PUA BC (PUA)

      Fuzzy  . . . . . . : 105.0

      Startup

         HKUS-1-5-21-1239942033-284190520-1076797345-1002SOFTWAREMicrosoftWindowsCurrentVersionRunMSDllHelper

Edited by IndiaBulls, Yesterday, 11:12 AM.



LEAVE A REPLY

Please enter your comment!
Please enter your name here