Bitcoin miner malware - Please Help!

drogon

drogon

drogon

Associate
Joined
10 Dec 2009
Posts
236
Location
Scotland, Edinburgh
Hi all, I'm looking for some advice. Recently I had noticed intermittent drops in performance on my computer. Stuttering in applications etc. At first I had assumed something was running in the background but I couldnt find anything suspicious in taking manager. So last night I ran malwarebytes and it found around 12 separate instances miners installed on my pc. In different locations. And disguised as other applications.

So I ask you. Am I safe after a clean sweep? Or do I need a format.... Are the files I have clean... Andy
 
Well the bitcoin miners were trojans installed in lots of different locations on my computer. There was even one in my Nvidia folder. I'll post the exact log when I get home.
 
I'll install that for browser use. But the miners I have are not in the browser. They were actually on my hard drive.
 
x-st said:
I don't mine myself, so have a limited understanding of it, but I recently installed No Coin for fear of similar issues
https://github.com/keraf/NoCoin
Click to expand...
Alternative option is to add the filter list for your ad blocker of choice: https://github.com/hoshsadiq/adblock-nocoin-list

Both will do the same thing.

drogon said:
I'll install that for browser use. But the miners I have are not in the browser. They were actually on my hard drive.
Click to expand...

Use AdwCleaner as well to do a scan.

They could have come from anywhere, maybe even an infected ad so it's very hard to pinpoint where it came from. If it comes back again, then I would be tempted to do a fresh install.
 
So you guys don't think it worth a format for now? I just worry that I've been compromised and how effective is malwarebytes?
 
If you are adamant that its infected then I would install something like glasswire so that I could see what is happening traffic wise. It will tell you and help lock anything down. As to malwarebytes, although I think its a geat tool I would not use it for my weapon of choice as a malware solution.

Yes its great at catching crud but its really an accompanyment to other products or to compliment a sweep whenb you want a second opinion.
 
Thanks for the replies guys.

I was wondering what applications you would recommend th0nt. I don't mind anything I have to pay for. I just want effective tools.

Using something like glasswire sounds like a good idea.

Thanks.
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 12:48 PM
Log File: 34cc8a29-0297-11e8-bcf0-50e549404d04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.212
Update Package Version: 1.0.3791
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: ANDY\Andrew

-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 552809
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 2 hr, 48 min, 21 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\NVIDIASETP0STATE.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\ELEVATE.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\LOCAL\PROGRAMS\NICEHASH MINER 2\UTILS\SETCPUAFF.EXE, Quarantined, [81], [482078],1.0.3791

Physical Sector: 0
(No malicious items detected)


(end)
 
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/26/18
Scan Time: 12:43 PM
Log File: 7c1aa064-0296-11e8-af3c-50e549404d04.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.212
Update Package Version: 1.0.3791
License: Free

-System Information-
OS: Windows 10 (Build 16299.192)
CPU: x64
File System: NTFS
User: ANDY\Andrew

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 288592
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 0 min, 57 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\ROAMING\NHM2\BIN\EXCAVATOR_SERVER\EXCAVATOR.EXE, Quarantined, [81], [482078],1.0.3791
RiskWare.BitCoinMiner, C:\USERS\ANDREW\APPDATA\ROAMING\NHM2\BIN\XMR-STAK-CPU\XMR-STAK-CPU.EXE, Quarantined, [81], [482078],1.0.3791

Physical Sector: 0
(No malicious items detected)


(end)
 
So here are the reports - I think after all this it might be a false positive. I think I installed Nicehash a long time ago. But didn't use it. And Malwarebytes has reported a false positive?
 
I wouldnt call it a false positive, as in if it got onto your system it is grading the threat as high. However as you recall installing it, and lots of AV products regularly flag up mining files as malware I would rest comfortably and keep glasswire running for a couple of weeks.

This will show you what is talking online and you can click a thing in it and it will scan the file for you if your looking for rogue apps.
 
You must log in or register to reply here.
Back
Top Bottom