Bitcoin miner malware - Please Help!

Associate
Joined
10 Dec 2009
Posts
236
Location
Scotland, Edinburgh
Hi all, I'm looking for some advice. Recently I had noticed intermittent drops in performance on my computer. Stuttering in applications etc. At first I had assumed something was running in the background but I couldnt find anything suspicious in taking manager. So last night I ran malwarebytes and it found around 12 separate instances miners installed on my pc. In different locations. And disguised as other applications.

So I ask you. Am I safe after a clean sweep? Or do I need a format.... Are the files I have clean... Andy
 
Well the bitcoin miners were trojans installed in lots of different locations on my computer. There was even one in my Nvidia folder. I'll post the exact log when I get home.
 
I'll install that for browser use. But the miners I have are not in the browser. They were actually on my hard drive.
 
So you guys don't think it worth a format for now? I just worry that I've been compromised and how effective is malwarebytes?
 
Thanks for the replies guys.

I was wondering what applications you would recommend th0nt. I don't mind anything I have to pay for. I just want effective tools.

Using something like glasswire sounds like a good idea.

Thanks.
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 12:48 PM
Log File: 34cc8a29-0297-11e8-bcf0-50e549404d04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.212
Update Package Version: 1.0.3791
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: ANDY\Andrew

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 552809
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 2 hr, 48 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\NVIDIASETP0STATE.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\ELEVATE.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\SETCPUAFF.EXE, Quarantined, [81], [482078],1.0.3791

Physical Sector: 0
(No malicious items detected)


(end)
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 12:43 PM
Log File: 7c1aa064-0296-11e8-af3c-50e549404d04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.212
Update Package Version: 1.0.3791
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: ANDY\Andrew

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288592
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 0 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\ROAMING\NHM2\BIN\EXCAVATOR_SERVER\EXCAVATOR.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\ROAMING\NHM2\BIN\XMR-STAK-CPU\XMR-STAK-CPU.EXE, Quarantined, [81], [482078],1.0.3791

Physical Sector: 0
(No malicious items detected)


(end)
 
So here are the reports - I think after all this it might be a false positive. I think I installed Nicehash a long time ago. But didn't use it. And Malwarebytes has reported a false positive?
 
Back
Top Bottom