I found this website through a Google search and you folks seem knowledgeable about this so I'm hoping someone can help me.
A few days ago I noticed that my avast! had sandboxed a program called "shell.exe" on system startup, but did no action to it since they couldn't figure out of if it was malicious or not. I ran a full avast! virus scan and nothing was found.
Then I ran a full MalwareBytes scan and it picked up 3 items and deleted them :
Files Detected: 3
C:\Users\Phoenixx\vbufodveesr.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phoenixx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\a3df3e1-265a265e (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Phoenixx\AppData\Roaming\WindowsPED\miner.dll (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
I thought all was done, however, upon system startup today, avast! once again found shell.exe and sandboxed it, doing no action to it. When I hit close, I got a message along the lines of "shell.exe cannot run because miner.dll was deleted, please reinstall the program and try again."
I ran another MalwareBytes scan and nothing was picked up, then I ran another full avast! scan and again, nothing was picked up.
I'm running out of ideas here and I don't know how to remove this worm.
If anyone could help me out in removing this pesky program I would really appreciate it. I have the topic followed and I will be checking back soon!