Has anyone come across the tinyburner.exe at startup?

PHJAMT

I suspect that this executable file is a trojan, ransomware, malware etc…, or some sort. It has been installed on my computer for the past few months until I finally got kicked out from my own computer without me doing anything. I got hacked and large sum of money was withdrawn from my Binance Exchange crypto account.

I found four another TR/Trojan software on my computer with Surfshark Antivirus software(I can share more about them if the community is interested in knowing more about them).

A colleague recommended using Bitdefender. Well, here I am sharing for the first time online in a community like this. I bought a new Notebook, had Bitdefender installed on it. Then I created a test Gmail account, share the Bitdefender link to this Email. I brought the infected Notebook online, downloaded Bitdefender to the infected Notebook and also added it into Bitdefender Central for monitoring.

Immediately several remote access attempts were made to the infected Notebook, which were caught and immediately block by Bitdefender. I found these executable files that are automatically activated at startup.

1)Client32.exe and 2)tinyburner.exe. I found a lot of information online about Client32.exe that were confirmed as Trojan. I unfortunately, did not find anything about tinyburner.exe. I will be so happy if someone know more about tinyburner.exe. These two were not able to be identified by the Surfshark Antivirus software.

Note: I am not able to uninstall or remove these two files as I do not have superuser rights to treat or remove them.

Below are screenshots of the two:

Thank you for sharing in advance. Cheers!

Flexx

https://community.bitdefender.com/en/discussion/103184/has-anyone-come-across-the-tinyburner-exe-at-startup

TinyBurner is actually a legitimate freeware CD/DVD burning software developed by Softland. However, if you encounter an executable file named tinyburner.exe in unusual locations on your system or if it runs automatically at startup without your installation or consent, it might be a disguise for malware.

Both of the mentioned IP addresses have been identified as malicious, as confirmed by the provided VirusTotal links. Additionally, the "Relations" section on VirusTotal highlights the malware files associated with these IP addresses.

https://www.virustotal.com/gui/ip-address/45.88.79.237/detection

https://www.virustotal.com/gui/ip-address/91.212.166.91/detection

Check out the procedure in the link below to see if it helps you.

https://malwaretips.com/blogs/malware-removal-guide-for-windows/

If the issue persists, kindly contact Bitdefender support by visiting https://www.bitdefender.com/consumer/support/help/

Select, How to's & Troubleshooting Bitdefender products→Troubleshooting→I don't know→Contact Support→ You will get the option of chat, call or email.

To get immediate update, make use of the chat option.

Also, ensure you do not have any ad-blocker or privacy-blocker extensions enabled, as they might prevent the chat window from appearing.

Regards

PHJAMT

Thank you for confirming those two IP addresses @Flexx. I assume the two other IP addresses shown(highlighted in yellow below) fall into the same category of malware as you explained.

I will go ahead using these screenshots to file a case and forward it to the authorities and my insurance for the lose of money in connection to these executable malware. They all share the same date of activities on the infected computer, the same day and hours money went missing on my Binance exchange account.

I will try to follow those guides you shared in collecting more data from the infected computer. Any further advice is heartily welcomed. Thank you.