Looking to kill a Trojan

[Pipsmom]

Somehow day before yesterday I have picked a up a trojan. I noticed it first when in PS select and mask the lag delay was horrible and external hard drive ran all the time even when while not in use...... I knew something was amiss.
I have inspected everything I know how to do, typed in the location, researched endlessly and still can't find where the little bugger is hiding.
I believe its in the start up procedure somewhere, everytime I do a restart it appears again, AVG identifies it and I quarantines it, so every tiime i start up I have to do a scan before even checking emails,
I have installed Malwarebytes and it never picks it up only AVG. I have written a report to AVG identifying it but yet to get a response. It cant be a false positive because of the behaviour it causes. Its something to do with bitcoin and they hijack your computer to scam people
The scan identifies the file as .
JS:Cryptonight[TRI]
private-var-db-7B
then a long file number

Yet I cant not locate the file number by search.....
There are many kinds so I have read of this cryponight trojan...anyone got any idea's how to hunt this thing down and kill it for good?

 

[gedstar]

Hi Crystal

Try running these two
https://www.malwarebytes.com/adwcleaner/

And this free edition
http://www.superantispyware.com/download.html

I'll have a look around see what I can find

 

[Pipsmom]

Thank you for helping Ged,
I tried the malwarebytad cleaner download (your first link last night) its for windows and Im using a Mac, Sadly the second link is for windows too

 

[gedstar]

Ah bugger, sorry I forgot you use a MAC

Not 100% sure but it looks like it could be BitCoin Miner trojan

I'm not sure that I'll be able to help as I don't use a MAC, but you could check out this forum, not sure if they have MAC users there but worth a try
https://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Do you have Timeline setup on the MAC

 

[Pipsmom]

Yeah I do, I was wondering should I restore from a earlier backup or not

 

[gedstar]

Yeah I do, I was wondering should I restore from a earlier backup or not

I'd recommend you do!

 

[Pipsmom]

Applied a restore and running a fresh scan, fingers crossed it will be gone when finished, Thanks for the suggestions Ged

 

[gedstar]

No worries, hope you get it sorted

 

[TheColorizer]

As a last resort if you can't get rid of it - ComboFix

This a very powerful fix, and usually gets rid of malware that other software can't.

http://combofix.org/

 

[fredfish]

As a last resort if you can't get rid of it - ComboFix

This a very powerful fix, and usually gets rid of malware that other software can't.

http://combofix.org/

I agree that combo fix is a very useful tool. Unfortunately it is a little outdated now and also doesn’t work on the Mac.

Cheers

John

 

[Pipsmom]

Happy to say I'm Trojan free again, but it did take a few restores to work myself back to a clean copy in September that wasn't infected. Enough cant be said about backing up your computer on a regular basis. I have been on a schedule of backing up to the time machine and also to LaCie external HD on a bi-weekly basis. Thanks you every one for your suggestions and help

 

[gedstar]

Hey Crystal check out this article
https://www.howtogeek.com/334018/how-to-block-cryptocurrency-miners-in-your-web-browser/

There's an Addon you can install called No Coin, not sure what browser you use but worth a read

 

[Pipsmom]

Using Google, just installed it....... thank you
Great find Ged