Bitcoin Miner Virus - How to Detect and Remove It (Update ...
Bitcoin Miner malware, detected with Malware Bytes but I believe it's still hidden somewhere.
so a few days ago I did something stupid and tried to torrent a game for the first time and ended up installing a Bitcoin Miner onto my PC :/ It was very obvious that it was malware as it quickly seemed to hijack Google Chrome. I scanned with Windows Defender but nothing was found so I checked out the sticky post on here and got a trial of Malware Bytes, which detected the malware and quarantined it, then I removed it. I really thought it was that simple but I think it's still there. I had Spotify playing music on idle and got curious, did CTRL + ALT + DELETE to open up Task Manager and quickly saw my CPU % shoot down from 100% to 2% - %5, which is what it's been sitting at when I'm using it right now. Other than that, there are a couple of weird things that make me think the virus is still there:
Programs keep getting Suspended status in Task Manager (this is happening to Malware Bytes and Google Chrome), which never used to happen before. This a brand new PC I built in January so it shouldn't be doing this that often. I tried to open Malware Bytes now to scan again and it just froze on "Not Responding" and I can't seem to close it...
There is a strange "Suspended" background process in Task Manager that uses up 3.6MB of memory. Here's a screenshot of what it looks like: http://prntscr.com/lchp1w :(
When I right click ^ "open file location" on the suspended process and the 2 others below it, the location I get is C:\Windows\SysWOW64 and it's titled svchost.exe, which I read is a normal Windows process but there are A LOT of them running in my Task Manager right now
All the other svchost.exes are under C:\Windows\System32, which I read is fine. Does this mean that the one in SysWOW64 is malware/infected?
As per the stickied thread, I ran rkill.com and turned on "scan for rootkits" in my Malware Bytes trial, and also ran the ADWCleaner. I did all of the above after I had originally removed the malware with Malware Bytes, so all these second scans didn't detect anything. Is there anything else I could do to actually detect the malware and remove it? EDIT: Google Chrome keeps not responding, same with Malware Bytes. Can't uninstall Malware Bytes and Firefox stopped responding too. Writing this on my phone since I turned everything off briefly after writing this post, since my mouse started moving extremely slow and a repetitive beeping sound started coming out of my speakers. I swear it was like whatever infected me detected whenever I looked up information on malware removal and visited this subreddit ...
So I have at least one virus on my computer. The one I know of is some sort of bitcoin miner, I know this because my gpu usage is constantly at 100% and the fan goes crazy as well as hitmanpro categorizing files with names like bitcoinminer. I have managed to remove every suspicious file I could find and ran antivirus and antimalware until they couldn't detect anything else but the virus keeps coming back. The main places I think the virus is focused around are the ~C:\Users\Tony\AppData\Local\Temp~ and ~C:\Users\Tony\AppData\Local\WinSXS~ folders. I have booted into safe mode, deleted everything in the temp folder, and gave myself permission to delete the WinSXS folder. Every time I boot normally the WinSXS folder just comes back. I know something is up with this folder because rkill always terminates it as well as the other antimalware not liking it. When I normally boot there is a folder in the temp folder with a name that's just random strings of numbers and letters that I can't delete. It says it's open in another program. I searched the folder name is the resource monitor cpu tab and it was associated with svchost.exe and a couple other things. I'm wondering is the virus is somehow tied to svchost. So here's a rundown of the steps I've been taking (repeatedly) to try to take care of this.
Boot into safe mode (by switching my psu off then on to get to the boot menu)
Show hidden files and folders
Delete everything from the local\temp folder
Delete unknown files from C:\\ProgramData and C:\Users\User\AppData\Roaming
Remove any weird keys from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
At full speeds my fans make a lot of noise. Am I the only one? How to fix?
My PC surpasses all the recommended requirements by a large margin, but when I set the full speed (5) it starts making as much noise as an airplane turbine. I have to say that some time ago I suspected having a bitcoin miner on my pc and proceeded to remove it, and sometimes after svchost.exe gave me cpu problems, but it should be fine by now.
[BitCoin Miner Virus] Need assistance in it's removal.
Hi All, I am a fully qualified Support Tech and have managed to download myself a BitCoin Miner Virus (or what I believe to be) on my Personal/Gaming computer. How: Torrented FIFA 15, Installed It, Issues Ensued. What: There are 2 processes that start up on boot, they are disguised as system processes: svchost.exe lsass.exe They are located in the C:\Windows\Temp folder. I can kill the processes without issue and remove the .exe files, but they return on boot. What Do They Do: svchost.exe = runs CPU at 75% lsass.exe = run GPU at 100% I disconnected the internet to see if it was a BitCoin miner but they stayed @ 100%. Possibly disguising what they actually are.
What Have I Done So Far
Killed Processes, Deleted .EXE
Processes die without issue and .EXE's delete immediately, but they return on Reboot.
Ran Malwarebytes... twice
Located the problem .EXE files and removed them, also located some more versions located in IExplore/Temp directory and deleted but issue is persistant
Found and Removed Suspect Registry Entries
There werent many but I search for SVCHOST and LSASS and located afew registry entries attached to FIFA15 installation keys and removed them
More info on Suspected Bitcoin miner virus RECOMMENDED: Click here to fix Windows errors and optimize system performance. I've tried both with latest Firefox version 45.0.2 with the source of the infection. -3 minutes of video playback without other input. Hello, I suspect a possible very crafty Bitcoin miner. As the title says, i have a little problem with svchost.exe (which could also be the bitcoin miner). Kaspersky found something in C:\Windows\temp\svchost.exe around one month ago. I tried to fix it but it came back after every restart. As it did nothing to my pc and as it was called svchost.exe i thought that it is a mistake of Kaspersky. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01 Ran by DisPak (administrator) on DISPAK-PC on 26-01-2014 01:08:07 In case the crypto-coin miner infiltrated your PC system together with another Trojan or backdoor, restart the computer in Safe Mode and run a full scan with your anti-virus to find hidden trojan components. In case you are dealing with a browser-based infection, regular CoinMiner removal steps might not be effective. How to Remove BitCoinMiner from the Windows Registry ^. The Windows registry stores important system information such as system preferences, user settings and installed programs details as well as the information about the applications that are automatically run at start-up.
How to Find and Remove a Hidden Miner Virus on Your PC 🐛🛡️🖥️
BitcoinMiner is a Malware created with the intent to force your computer to mine crypto-currency called Bitcoin. After Bitcoins have been mined in your system, the cyber currency is then sent to ... Bitcoin Miners can tax your CPU and use up your system resources without you even knowing. When you open task manger to investigate, the malware process stea... 👍 Watch how to remove a hidden Bitcoin mining virus from your computer. If you noticed that your computer – while you’re not using it - still behaves as if i... this video show you how to remove and prevent CPU rig miner or Bitcoin cpu virus. CPU rig miner is the type of virus which made your computer slow and always is full processor. This video is unavailable. Watch Queue Queue. Watch Queue Queue