How to clean a virus/trojan BitCoinMiner/BtcMine

Follow these steps to clean a virus/trojan BitCoinMiner/BtcMine

1. Disconnect the network / internet.
2. Perform cleaning trojan on mode "safe mode".

Perform the following steps:

1. Restart the computer (if it is off just press the power button)


2. When will boot press the F8 key on the keyboard continuously until the screen appears "Safe Mode"


3. Select the mode "Safe Mode", and click [Enter]


4. Let it run until it snaps Login menu of Windows.

* Turn off and remove the trojan BitCoinMiner / BtcMine.

Perform the following steps:

1. Download removal tools (on a clean computer) to clean the trojan BitCoinMiner / BtcMine on computers that have not been infected on the following link:



http://www.freedrweb.com/download+cureit/?nc=t&lng=en










Norman Malware Cleaner




http://normanasa.vo.llnwd.net/o29/public/Norman_Malware_Cleaner.exe




2. When finished, compress the file to a zip file.


3. Copy the file and place it anywhere on the infected computer.


4. Right-click the zip file, then click explore.


5. Double click the file that has been in-explore in order to operate, and then click Run.


6. If  Dr.Web CureIt window already appears, click OK to run in a mode of EPM (Enhanced Protection Mode).


7. Click Start to begin the scan, and click Yes to start.


8. Allow it to scan process is complete.

* Repair the registry that has been modified.

Perform the following steps:

• Copy the script below to notepad:

[Version]
Signature="$Chicago$"
Provider=VaksincomOyee
[DefaultInstall]
AddReg=UnhookRegKey
DelReg=del
[UnhookRegKey]
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,ShowSuperHidden,0x00010001,1
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,SuperHidden,0x00010001,1
HKCU,Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced,HideFileExt,0x00010001,0
HKLM,SOFTWARE\CLASSES\batfile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\comfile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\exefile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\piffile\shell\open\command,,,"""%1""%*"
HKLM,SOFTWARE\CLASSES\regfile\shell\open\command,,,"regedit.exe"%1""
HKLM,SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon,Shell,0,"Explorer.exe
HKLM,SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon,Userinit,0,C:\WINDOWS\System32\userinit.exe
[Del]
HKCU,Software\Microsoft\Windows\CurrentVersion\Run,MSConfig
HKCU,Software\WinRARSFX

• Save the file with the name "repair.inf". Use the Save As Type option to All Files to avoid mistakes.

• Right-click the file "repair.inf", then select "install".

• Restart the computer.

• Clean up temporary files from the trail trojan BitCoinMiner / BtcMine.

Perform the following steps:

1. Click the Start Menu -> Run


2. Type the command on the open box: cleanmgr, and then click OK.


3. On the drive system (C) click OK, let it scan the drive.


4. Once the Disk Cleanup window appears, mark the files to be deleted (especially the Temporary Files), then click OK.


5. Wait until the finish.

• Install security patches MS10-046 according to the version of Windows you have. Please download the following links:

http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx

• For optimal cleaning and prevent re-infection, you should use an updated antivirus and trojan recognize BitCoinMiner / BtcMine well.