HELP please. Infected pc.

[slavo]

Hi everyone.

3 days ago I was trapped here like a noob by a post about pts gpu miner. I downloaded it; and now I'm infected.

I have a process running (a fake jhproto process i assume) which can't be killed without killing the session and make the pc hard reboot.

I made a malwarebyte and antivirus scan without success.

I have disconnected that pc since I installed this shit. I would like to avoid reinstalling the 40000000 wallets on it so if it could be cleared without reinstalling that'd be great.

Could someone help me with this ? Thanks.

Slavo

[Snard]

I played with that. It was an autoit script. If I remember correctly this was installed in %appdata% but could be wrong.

Go visit the people at http://www.bleepingcomputer.com. They rock and can help you with this easily.

[slavo]

Yes that's an autoit.

I'll check bleepingcomputer thanks.

[PyroTekNeks]

Check your /appdata or your /temp files. Look for anything weird. Does it show on your process explorer?

[slavo]

yes it's on the process explorer, but i have a bsod if i try to close it

[Snard]

Find its path from procexp. Reboot into safe mode with networking. Rename the folder. Reboot