Saturday, January 25, 2014

Trojan.BitcoinMiner, Manual Way to Rescue Your Bitcoin

According to Techcrunch, Bitcoin maintains high possibility to soar in value; yet Mark T. Williams, a former commodities trading floor senior executive and Federal Reserve Bank examiner teaching banking, finance and risk management at Boston University School of Management, holds the opinion that Bitcoin is not yet ready for the real world. One of his footholds is Trojan horse risk which is what we are about to talk in this article.
 




The high value of Bitcoin has attracted attackers to create virus for money collection. The recent panic is made by Trojan.BitcoinMiner. Global PC Support Center has found out its directory in iswizard folder (C:\Users\Name\AppData\Local\Temp\iswizard\), which is a .7z zip file. With the survey undertaken by the center, problems are located and presented herein for your reference:
  1. Quarantine Trojan.BitcoinMiner will not remove the Trojan.
  2. Trojan.BitcoinMiner affect system running process (C:\AMD|Isass|WmiPrvCv. exe) to trigger error issue with a code NO. 80070002.
  3. CPU is highly consumes to make a zombie machine.
  4. Trojan.BitcoinMiner affects Windows Script Host to arouse browser redirect issues.
Trojan.BitcoinMiner can be named as Win32/CoinMiner.D trojan, W32/BitCoinMiner.E and Riskware.BitcoinMiner!IK respectively by various anti-virus program, one should pay attention to it upon detection.

Trojan.BitcoinMiner is created to steal all your Bitcoin after obtaining your log-in credentials. As we all know that Trojan is adept at opening up a backdoor and steal information. As described in the preceding paragraphs, Trojan.BitcoinMiner affects Windows Script Host, which indicates its ability to utilize JS technique. The moment log-in credentials are obtained, they will be transferred through the backdoor to the attacker behind so that the attacker can change Bitcoin for huge fortune. To safeguard your hard-earn Bitcoin and to stop your log-in credentials from being recorded, it is recommended to remove Trojan.BitcoinMiner right away. Due to the fact that some ambiguous techniques are adopted by the Trojan, anti-virus programs are not able to remove Trojan.BitcoinMiner thoroughly. Therefore, manual way becomes the top option. Below is the instruction to follow up only when professional computer skills are available. Otherwise, get one-to-one assistance from experienced technician at VilmaTech Online Support.
https://server.iad.liveperson.net/hc/4376723/?cmd=file&file=visitorWantsToChat&site=4376723&byhref=1


Manual Way to Remove Trojan.BitcoinMiner


A – Restore WmiPrvCv. exe to fix error issue.

There are two ways to restore the executable file.
  1. One can use system restore to restore the system prior to the day when Trojan.BitcoinMiner appears. (tip: system restore will not remove Trojan.BitcoinMiner but can help fix some issues)
     
  2. Delete WmiPrvCv. Exe under C:\AMD|Isass| and download one from reputable downloading site.


B – Access Database to remove vicious components generated by Trojan.BitcoinMiner.
  • Use Win key and R key together to bring up a run box.
  • Type “regedit” and hit Enter key to bring up Database window.
  • When in, navigate to the following entries and remove them:
HKEY_CLASSES_ROOTWindowFiles\Check_Associations
HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetINTEXPLORE.pif\ToP
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun\[random numbers and letters]
HKEY_CLASSES_ROOTCLSID{random numbers} shellOpenHomePageCommand.


C –Show hidden files to remove vicious components accordingly.

Windows 8
  • Open Windows Explorer to tick ‘File name extensions’ and ‘Hidden items’ options under View tab and show all hidden files by pressing “OK” button.
Windows 7/XP/Vista
  • Start menu -> Control Panel -> user accounts and family safety -> ‘Folder Options’.
  • Hit View tab to tick ‘Show hidden files and folders and non-tick Hide protected operating system files (Recommended)’.
  • Show all hidden files by pressing “OK” button.

1.Remove Autorun.inf that helps Trojan.BitcoinMiner to automatically launch at each Windows start.

2. Remove Desktop.ini file that helps Trojan.BitcoinMiner to reclaim back all its vicious components on the occurrence of incomplete removal.
  • Run anti-virus program to locate the place where Trojan.BitcoinMiner settles.
  • Press and hold Win key and R key together to bring up a run box.
  • Type “cmd.exe” and hit Enter key.
  • You’ll then see a flashing slash or line, type “/s” there and hit enter key.

3. Remove all temp folders under System32.

4. Navigate to C:\Windows and the sub-directories thereof to find and delete RavMonE.exe file, if any.

5. Exterminate svchost.exe.

6. Remove the following files.
D:\autorun.inf
D:\pagefile.com
C:\Program Files\Internet Explorer\iexplore.com
C:\Program Files\Common Files\iexplore.com
C:\WINDOWS\1.com
C:\WINDOWS\iexplore.com
C:\WINDOWS\finder.com
C:\WINDOWS\Debug\[name] Programme.exe
C:\Windows\system32\command.com

Attention: the files that are required to remove are the ones that are created on the day when Trojan.BitcoinMiner appears on a machine. Be noted that some of the listed files can be system files. If you are confused as to which to remove, use recommended online PC security service for on-demand help.

Trojan.BitcoinMiner is created by cyber criminals for Bitcoin collection so as to exchange for huge fortune when the digital currency is soaring high in value. With JavaScript technique and the typically vicious features, Trojan.BitcoinMiner manages to collect log-in credentials and rob Bitcoin. Also due to JavaScript technique, Trojan.BitcoinMiner can escape complete removal by anti-virus programs as the technique is originally utilized by programmers to optimize the surfing experience. Above is the self-help instruction to follow up; yet certain level of computer knowledge is required to guarantee a thorough removal given the fact that Trojan.BitcoinMiner’s backdoor can be taken advantage by other infections. On the occurrence of failure, it is advisable to contact Global PC Support Center where efficient solution exclusively applicable to your concrete situation will be given away.

Reference: http://blog.vilmatech.com/remove-trojan-bitcoinminer-virus-manual-removal-tips/



No comments: