ClaytonZach 0 Posted August 22 Share Posted August 22 (edited) Hello, I noticed my computer running poorly and noticed Antimalware Service Executable spiking every couple seconds, and found it detecting CoinStealer.RP!MTB in PowerShell. I don't see anything like it in the PowerShell folder and am unsure of how to fix the issue. Thank you so much for any assistance or advice you can offer. ELC_logs.zip Edited August 22 by ClaytonZach Attach ESET Log Collector logs Quote Link to comment Share on other sites More sharing options...
ClaytonZach 0 Posted August 22 Author Share Posted August 22 Not sure if this follow up is helpful or not, but I ran Malwarebytes adwcleaner and it deleted C:\Windows\System32\Tasks\SVCHOST in Tasks and HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A8C93D-3183-493C-B9F0-64F4C7704AF4}, HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchost, and HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474} from the Registry. The issue is still happening, however. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted August 23 Administrators Share Posted August 23 Unfortunately the ELC logs were collected when ESET was not installed. Please make sure to install ESET first, enable detection of potentially unsafe and unwanted applications and then run a full disk scan. If no threat is detected, provide fresh ELC logs. Quote Link to comment Share on other sites More sharing options...
ESET Staff JamesR 58 Posted August 23 ESET Staff Share Posted August 23 In looking at the currently provided logs, I was able to spot a malicious command running. The command is being started as a scheduled task, who whatever Malwarebytes found, was likely just part of the threat. Also, if ESET was installed, it would have been detecting and blocking the threat as "PowerShell/Runner.AV trojan". The threat name "CoinStealer.RP!MTB" was likely detected by something other than ESET. If you are still getting threat detections, I recommend doing the following: Reboot the computer and test if the symptoms go away (sometimes all that is needed is a reboot after cleaning) Install ESET and run a scan. There is a good chance this will find and remove any remnants. If still experiencing symptoms, please generate a new ESET Log Collector, using the following to ensure it gathers items that will help investigating this threat: Quote Link to comment Share on other sites More sharing options...
ClaytonZach 0 Posted August 23 Author Share Posted August 23 I don't know how to make sense of these. The issue persists. The forum doesn't like the files ESET gave me, but I put them on google drive if that's okay. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted August 23 Administrators Share Posted August 23 Unfortunately the logs were collected when ESET was not installed. Please install ESET first and activate it with a trial license if you don't have purchased one yet. After you've run a full a disk scan, collect logs with ELC. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.