[Win64/Coinminer.QG] file root is C \ intel \ update \ update.exe

[Kgold 0]

Dear,

Recently, I got the pop up from Eset - I am using Smart Security Premium version. It shows one unwanted application (win64/Coinminer.QG). the file is from C:\intel\update\update.exe

I click CLEAN button and try to delete the folder [Intel], it will show up again after I restart my computer.

I would like to have a solution for this problem. I am afraid my computer has virus. 

Thank you all

[Marcos 5,074]

Please provide logs collected with ESET Log Collector for a start.

[Kgold 0]

Hello Marcos,

I uploaded the logs collected file.

Please check and thanks for your reply.

 

Edited June 17, 2021 by Kgold
re-upload again

[Kgold 0]

sorry for up another post. I uploaded again the file with all data as I follow the tutorial in eset web.

688160463_essp_logs-all.zip

[Marcos 5,074]

As you can see also in the screen shot above, the PUA is re-created by the application C:\Program Files\Portable Devices\manager.exe.  What is the purpose of the app? Can you temporarily uninstall it?

[Kgold 0]

I don't know what is the purpose of this app. When I open Uninstall, I can not see the name of this app. I also tried to delete the folder and restart my computer. No pop up again. But is it okay now ? do I need to scan or do something to make sure my computer has no virus now ?

[Marcos 5,074]

1 hour ago, Kgold said:

 No pop up again. But is it okay now ?

The machine should be clean then.

[Kgold 0]

Oh so thank you so much for your support. I am appreaciated

[itman 1,659]

As far as manager.exe goes, as long as it's located in this directory, C:\Program Files\Portable Devices\, it should be legit; ref.: https://www.file.net/process/manager.exe.html . Further evidenced by the fact the file is Microsoft signed.