[DotNet MSIL / Injector.VGR]

I am absolutely not interested in mining. What are mining software? I do not know. I have never used it. There was no problem with CPU and GPU statistics. But the important thing is that problem has been solved. I am very grateful.

[DotNet MSIL / Injector.VGR]

52 minutes ago, Marcos said:

You can scan the content of the folder that you supplied to me. If not detected yet, reboot the machine to enforce update of the LiveGrid blacklist.

I see the warning text has changed after restarting the computer. I scanned again and saw it deleted two spyware. You got him, Sir. The alert is no longer displayed. Thank you so much!

[DotNet MSIL / Injector.VGR]

19 minutes ago, Marcos said:

We've nailed it down. A legit tool was backdoored and loads a malicious dll with zero detection at VT which loads the following encrypted payload:

I expect the detection to be available momentarily via streamed/pico updates.

Also please confirm that you have enabled the LiveGrid Feedback system for maximum protection.

LiveGrid Feedback system is active. Should I format to Windows 10? Will this problem take a long time to resolve?  

[DotNet MSIL / Injector.VGR]

I sent the MD5 folder as a private message. 

I followed the steps here about Procmon. 

https://support.eset.com/en/kb6308-using-process-monitor-to-create-log-files

[DotNet MSIL / Injector.VGR]

22 minutes ago, itman said:

Note that only Eset moderators can access forum attachments.

For starters, what you are looking for are entries flagged by VirusTotal. You can ignore the 1/71 or like low detections since those are usually false positive detection's.

-EDIT- Also make sure you run the right Autoruns version. For 64 bit OS, run autoruns64.exe.

I'm not familiar with these jobs. 64 bit Log here you can check this?

 

https://www.mediafire.com/file/nhj8nz96kqjj6xy/Logfile.rar/file

[DotNet MSIL / Injector.VGR]

5 dakika önce itman şunları söyledi:

Otomatik çalıştırmalar hakkında bilgi sahibi misiniz: https://docs.microsoft.com/en-us/sysinternals/downloads/autoruns ? Eğer öyleyse, şüpheli herhangi bir Win başlangıç öğesinin olup olmadığını öğrenmek için çalıştırdınız mı?

I have attached the log file.

MASAÜSTÜ-4TQL8LV.rar

[DotNet MSIL / Injector.VGR]

the file is too big 969 MB I upload here

https://www.mediafire.com/file/453gp7c9d3dhxmg/Bootlog.pml/file

[DotNet MSIL / Injector.VGR]

17 minutes ago, Marcos said:

Please provide a Procmon boot log for perusal.

Which internet address should I upload this Bootlog file to? mediafire or zippyshare? That file 969 MB

[DotNet MSIL / Injector.VGR]

10 minutes ago, itman said:

With that confirmed, it may be that an attacker may be using you device to coin mine.

Referring to the Eset logs shown in the linked Eset Russian web site posting, they show that multiple coin miners had been found on the poster's device previously. You may want to start manually monitoring for unusual CPU activity on this device.

Mining is happening with the graphics card? If so I can understand from the fan noise of my graphics card. My graphics card is working steady. 

 

[DotNet MSIL / Injector.VGR]

4 hours ago, Marcos said:

Did you create a SysRescue medium and ran a scan as suggested?

I scanned deep from here Eset SysRescue

[DotNet MSIL / Injector.VGR]

I am not a miner. I'm so sorry the deep scan took a little long. Log file is attached.

 

ScanLog_2021-05-23_01-35.txt

[DotNet MSIL / Injector.VGR]

As an administrator, I scanned the entire system from top to bottom. I could not find a virus. I turned off .Net Framework in the open or close windows features menu. The problem is still the same. I am getting a "Threat Removed" warning in 25-30 seconds. it started to be annoying. When I click on the DotNet text, the My Computer menu opens. 

[DotNet MSIL / Injector.VGR]

A threat (MSIL / Injector.VGR) was found in a file that the DotNet application tried to access. I get this alert every 25 seconds. I scanned the system could not find any virus. What should I do?