Bitcoin miner malware - Please Help!

drogon · 27 Jan 2018 at 13:11

Hi all, I'm looking for some advice. Recently I had noticed intermittent drops in performance on my computer. Stuttering in applications etc. At first I had assumed something was running in the background but I couldnt find anything suspicious in taking manager. So last night I ran malwarebytes and it found around 12 separate instances miners installed on my pc. In different locations. And disguised as other applications.

So I ask you. Am I safe after a clean sweep? Or do I need a format.... Are the files I have clean... Andy

drogon · 27 Jan 2018 at 13:33

Well the bitcoin miners were trojans installed in lots of different locations on my computer. There was even one in my Nvidia folder. I'll post the exact log when I get home.

drogon · 27 Jan 2018 at 13:40

I'll install that for browser use. But the miners I have are not in the browser. They were actually on my hard drive.

drogon · 27 Jan 2018 at 15:18

So you guys don't think it worth a format for now? I just worry that I've been compromised and how effective is malwarebytes?

drogon · 27 Jan 2018 at 17:02

Thanks for the replies guys.

I was wondering what applications you would recommend th0nt. I don't mind anything I have to pay for. I just want effective tools.

Using something like glasswire sounds like a good idea.

Thanks.

drogon · 27 Jan 2018 at 18:00

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 12:48 PM
Log File: 34cc8a29-0297-11e8-bcf0-50e549404d04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.212
Update Package Version: 1.0.3791
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: ANDY\Andrew

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 552809
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 2 hr, 48 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\NVIDIASETP0STATE.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\ELEVATE.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\SETCPUAFF.EXE, Quarantined, [81], [482078],1.0.3791

Physical Sector: 0
(No malicious items detected)

(end)

drogon · 27 Jan 2018 at 18:01

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 12:43 PM
Log File: 7c1aa064-0296-11e8-af3c-50e549404d04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.212
Update Package Version: 1.0.3791
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: ANDY\Andrew

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288592
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 0 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\ROAMING\NHM2\BIN\EXCAVATOR_SERVER\EXCAVATOR.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\ROAMING\NHM2\BIN\XMR-STAK-CPU\XMR-STAK-CPU.EXE, Quarantined, [81], [482078],1.0.3791

Physical Sector: 0
(No malicious items detected)

(end)

drogon · 27 Jan 2018 at 18:04

So here are the reports - I think after all this it might be a false positive. I think I installed Nicehash a long time ago. But didn't use it. And Malwarebytes has reported a false positive?