• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

System Infected: Miner.BitcoinMiner Activity 7 and 9

Hello,

First of all, sorry for my bad english in some cases.

Last few days, I am getting a warning messages about blocking some pc that is trying to attack my PC with certain IP adresses. Usually I solve PC problems myself, but this issue is beyond my knowledge, so I am going to as you about my issues. I also read here on forum about bitcoin websites, but I use only certified websites and error shows with / without turned on web browser.. Better be safe, than sorry..

So: I am constantly getting 2 notifications that 2  IP adresses were blocked with text "System Infected: Miner.Bitcoinminer Activity 7" and "System Infected: Miner.Bitcoinminer Activity 9". When I open mentioned message from Norton, it shows under Attaking computer: "log2.cloudtool.com" for both cases and what I observed is, that those 2 IP adresses are always same. I am attaching Recent History.txt file that should contain additional info about my issue.

Also, I tried to "blacklist" those 2 IP in hope that my modem will block them ("attacking IP", port 452, TCP) but unfortunately it didn't work and in addition i tried it with Norton Power Eraser, but it found nothing and block warning keep frequently showing.

Is there any chance to ban those attacking IP, or remove something from my PC to stop this things happening (without new clear windows installation)? And also I am getting a message (see "screen1.png"), can this also be connected to bitcoiner activities (mentioned above)? -> when I run Norton Power Eraser, it find only Riched32.dll (placed in C:\Windows\SysWOW64\XPSViewer\S-1-4-32\Riched32.dll), but when i let Eraser remove it and PC restarts, it shows again in my PC..

Modem: Asus DSL-AC52U

Using web browser - Mozilla Firefox

OS - Windows 10 Home

p.s.: my CPU GPU, SSD and SSHD load is in normal values (CPU idle mode around 1-2%, 1.2GHz, GPU 0-1%, neither in load it is totally ok, temperatures same, both SSD and SSHD load in idle is on 0%)

p.s.2.: Block start especially when my PC start and then keep showing every 30 min +- , if I am using or not web browser. (for example it shows when I have open only Facebook, or when PC is in idle mode.)

Thank you for your replies!

Kind regards

Martin Kralinsky

Replies

Kudos1 Stats

Re: System Infected: Miner.BitcoinMiner Activity 7 and 9

I shared this with the engineering team. We may ask for more details to help understand what's going on here.

Similar thread:

https://community.norton.com/en/comment/7978941

Kudos0

Re: System Infected: Miner.BitcoinMiner Activity 7 and 9

Hello Martin. This tool Rkill is from a very reputable site. Download it to your desktop and right click, select "Run as Administrator". Allow the tool to stop any malware processes it finds. You then can download and run Malwarebytes. Since malware processes should be disabled by Rkill MBAM may find and remediate them for you. Please let us know if this helps.

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.253 / NSBU 22.16.3.21 / Norton Core v.270 on Android
Kudos0

Re: System Infected: Miner.BitcoinMiner Activity 7 and 9

Hello,

thank you for your replies!


I've tried those applications, checked both hard drives, but it did not help, everything looks clear - warnings keep showing.

Also, I suppose, autoblock automatically add attacking IP, (etc) to Adress list? (screen on right below) - (I changed autoblock value to 48h from 30min), because warning pop-ups started to be a little bit annoying.

Kudos0

Re: System Infected: Miner.BitcoinMiner Activity 7 and 9

The first IP traces to Berlin, Germany at this link. The second is Berlin as well at this link. Have you cleared browser caches and cookies for all your browsers AND delete system cookies? Suggest doing that as these are the most likely source of the alerts. I would also consider blocking the entire domain set within your router settings, that will not allow the connection attempts to your network.

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.253 / NSBU 22.16.3.21 / Norton Core v.270 on Android
Kudos0

Re: System Infected: Miner.BitcoinMiner Activity 7 and 9

Yep. Cache + cookies are removed. I did it manually from browsers and also downloaded CCleaner app and removed it with it. It seemed for a while to be fixed (nothing showed up for 40min), but then it was here again: activity 7 and 9...

Neither setting up my modem Firewall and AiProtection (antivirus tool integrated in my modem) didnt help with blacklisted IP in Network Services Filter (maybe I am doing it wrong, internet is not my strong point)

I setup it by info from Norton warning message, which gave me IP, Protocol, Destination IP is *.*.*.* so it should cover all IP under my modem (I hope)

But.. warning window keep showing. I am now considering Windows factory reset.

Kudos0

Re: System Infected: Miner.BitcoinMiner Activity 7 and 9

Go to this site and ask these guys for assistance in cleaning up your system. They are quite professional. Do stay with them and follow up. Let us know how you make out with their assistance.

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.253 / NSBU 22.16.3.21 / Norton Core v.270 on Android

This thread is closed from further comment. Please visit the forum to start a new thread.