Bitmining Virus

wazza300 · 8 Jul 2013 at 13:11

I think ive got one of these bitcoin/mining viruses,if I leave my pc alone for 15-20 minutes the gpu starts to run at full clocks and cpu temp hits 65c

so far ive tried malwarebytes and its got rid of a few things but its still doing it

anyone have any idea's on how to get rid?

InertProtocol · 8 Jul 2013 at 13:18

Tried combofix & adwcleaner?.

wazza300 · 8 Jul 2013 at 13:38

no ill try those thanks,only tried malwarebytes so far

InertProtocol · 8 Jul 2013 at 13:39

Needs a bit more oomph for this than Malwarebytes can provide.

Good luck!.

KIA · 8 Jul 2013 at 16:40

Boot from https://support.kaspersky.com/viruses/rescuedisk - update definitions & perform a scan.

wazza300 · 8 Jul 2013 at 16:48

tried adwcleaner and its still doing it

doing a full scan now with avg pro

I wonder if its anything else? soon as I move the mouse it stops so I can't get in task manager fast enough to see what process it is

66c is pretty high load

nutsnut · 8 Jul 2013 at 23:32

turn of task manager, disable turn monitor off, wait to see that the processes say?

Energize · 9 Jul 2013 at 00:16

Why not leave task manager open, order by cpu usage and wait till it starts?

mogwai · 9 Jul 2013 at 07:00

Have you tried checking the items set to run at startup by using MSCONFIG?

Mik3 · 9 Jul 2013 at 12:30

Find some software that will take a screenshot every few minutes and leave taskman open. I had something similar and thats how I found out what it was, I cant remember what software I used.

wazza300 · 9 Jul 2013 at 13:51

ive left it open,it opens three things and cpu shoots up to 75% and gpu to full clocks,its definatly a mining virus

if you leave the pc untouched and don't move the mouse for 20 minutes it does it,soon as you move the mouse it stops

and its proving a real pain to get rid of,so far ive done full virus scan,system restore to last week and various adware/spyware scans and its still there

CliffyG · 9 Jul 2013 at 13:54

Combofix in safe mode is usually pretty good at removing most stuff.

wazza300 · 9 Jul 2013 at 14:08

I can boot up from my other ssd/os think that will be better than safe mode? and scan the infected hdd/os

CliffyG · 9 Jul 2013 at 14:12

Not sure how combofix works in that scenario to be honest, you don't point it at a hard drive.

dave28 · 9 Jul 2013 at 14:15

I use anti-root kit also because I find that they can pick some things up that all my other security missed, even eset which is a paid for software

Frozennova · 9 Jul 2013 at 14:32

What are the three entries in task manager that show up.

Have you tried doing a windows files search for them to see if you can find the offending exes

wazza300 · 9 Jul 2013 at 15:31

I forget what they are

ocl.exe I think one of them is another is remote desktop console and cant remember the other

ill post them up when this scans done

Frozennova · 9 Jul 2013 at 16:21

Try doing a search for those files on the drive for any instances that are either in a strange directory or causing the problem.

Personally I wouldn't bother trying to remove it.

Reinstalling windows is far more productive for me.

KIA · 9 Jul 2013 at 17:11

wazza300 said:
and its proving a real pain to get rid of,so far ive done full virus scan,system restore to last week and various adware/spyware scans and its still there

See post #5.

tom_e · 9 Jul 2013 at 17:27

Frozennova said:
Personally I wouldn't bother trying to remove it.

Reinstalling windows is far more productive for me.

This, there comes a point where it's no longer really worth messing about and hoping you've got it all.