Trojan.BitCoinMiner - Malwarebytes Labs Malwarebytes ...

Got Bitcoin Miner from SIMPLEX. I Got proof I took a picture with my phone from the Microsoft Safety Scanner log as you can see here. The Trojan was SIMPLEX.EXE as you can see here it was contained in a rar folder and safety scanner wasn't able to delete it and I found about it now.

Got Bitcoin Miner from SIMPLEX. I Got proof I took a picture with my phone from the Microsoft Safety Scanner log as you can see here. The Trojan was SIMPLEX.EXE as you can see here it was contained in a rar folder and safety scanner wasn't able to delete it and I found about it now. submitted by ivbp to PiratedGames [link] [comments]

Launcher_08.exe Trojan Bitcoin Miner

Hello, this past week I've been getting this quarantined and deleted yet it comes back, it says it's in appdata% roaming% and my CPU temp has been going up . What is causing it to return over and over? Thank you.
submitted by PunkRockBeezy to Malwarebytes [link] [comments]

Malwerebytes blocks notepad.exe from connecting to many IPs (Bitcoin Miner)

Hello, I have this bitcoin mining virus that may be disguising as dllHost.exe and opening notepad.exe to connect to (that site is just a text saying "Mining Pool Online") and many french IPs. This virus is not that bad, by that I mean that I can just open Process Explorer and just kill the dllHost.exe -> notepad.exe tree and the issue is solved, but obviously its not good to keep a trojan on your pc even if you can manually contain it. I have done some research and many people have this processes called dllHost.exe*32 that use 100% of the CPU and RAM, but mine doesn't thanks to Malwerebytes blocking it. Process Explorer can't see the directory of the bitcoin miner because the acces is denied. I also have done some system scans but nothing really seems to pop up. Later I will do a full system scan (with rootkit scanning enabled) and hopefully it detects it. If not, any help would be brilliant.
submitted by XxF1RExX to pcmasterrace [link] [comments]

At my wit's end with virus removal

So I have at least one virus on my computer. The one I know of is some sort of bitcoin miner, I know this because my gpu usage is constantly at 100% and the fan goes crazy as well as hitmanpro categorizing files with names like bitcoinminer.
I have managed to remove every suspicious file I could find and ran antivirus and antimalware until they couldn't detect anything else but the virus keeps coming back.
The main places I think the virus is focused around are the ~C:\Users\Tony\AppData\Local\Temp~ and ~C:\Users\Tony\AppData\Local\WinSXS~ folders.
I have booted into safe mode, deleted everything in the temp folder, and gave myself permission to delete the WinSXS folder. Every time I boot normally the WinSXS folder just comes back. I know something is up with this folder because rkill always terminates it as well as the other antimalware not liking it.
When I normally boot there is a folder in the temp folder with a name that's just random strings of numbers and letters that I can't delete. It says it's open in another program. I searched the folder name is the resource monitor cpu tab and it was associated with svchost.exe and a couple other things. I'm wondering is the virus is somehow tied to svchost.
So here's a rundown of the steps I've been taking (repeatedly) to try to take care of this.
  1. Boot into safe mode (by switching my psu off then on to get to the boot menu)
  2. Show hidden files and folders
  3. Delete everything from the local\temp folder
  4. Delete unknown files from C:\\ProgramData and C:\Users\User\AppData\Roaming
  5. Remove any weird keys from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  6. Empty Recycle Bin
  7. Run rkill
  8. Run adwcleaner
  9. Run malwarebytes (with rootkit checker)
  10. Run Hitmanpro
  11. Run combofix
  12. Run the trojan remover from
  13. Reboot computer normally
  14. Run malwarebytes, watch as it finds the same walwares as a million times before
  15. Listen to my fan speed fluctuate like crazy
  16. Run rkill, it kills a WinSXS process, which does nothing
  17. Cry uncontrollably
So uh, what the hell should I do?
OS: Windows 7
submitted by Froggyfrogger to techsupport [link] [comments]

Possible to customize SCCM Malware Alert email with Service Manager?

Currently, when a machine gets an infection, or infection is found, SCCM creates an alert, which in turn creates a ticket in Service Manager. Problem is, when the tickets are created, if say 2 or more machines get infected at the same time, SCCM/Service manager is combining the data into a single ticket.
System Center Endpoint Protection has detected malware on one or more computers in your organization Collection name: All Workstations and Laptops in Collection w/Excludes Malware Name: PUA:Win32/Spigot Number of infections: 1 Last detection time(UTC time): 1/28/2018 11:17:36 PM These are the infections of this malware: 1. Computer name: Domain: domain Detection time(UTC time): 1/28/2018 11:17:36 PM Malware file path: containerfile:_C:\Users\xxxxx\Downloads\Setup_FLVConverter.exe;file:_C:\Users\xxxxx\Downloads\Setup_FLVConverter.exe->(nsis-6-€);webfile:_c:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{81F1022F-868B-4027-ABDA-28910ED23F34}-Setup_FLVConverter.exe|;webfile:_C:\Users\dgreen3\Downloads\Setup_FLVConverter.exe| Remediation action: NoAction Action status: Succeeded Malware Name: Trojan:Win32/Detplock Number of infections: 1 Last detection time(UTC time): 1/28/2018 11:13:50 AM These are the infections of this malware: 1. Computer name: Domain: domain Detection time(UTC time): 1/28/2018 11:13:50 AM Malware file path: file:_C:\Users\xxxxxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\144O4U18\jquery.themepunch.revolution.min[1].js Remediation action: Remove Action status: Succeeded Malware Name: Trojan:Win32/Skeeyah.A!bit Number of infections: 1 Last detection time(UTC time): 1/28/2018 7:20:45 AM These are the infections of this malware: 1. Computer name: Domain: domain Detection time(UTC time): 1/28/2018 7:20:45 AM Malware file path: file:_C:\Users\xxxxxxx\AppData\Local\Google\Chrome\User Data\Default\Cache\f_008f76 Remediation action: Remove Action status: Succeeded To view further information about malware activity in your organization, run Malware Details Report. Note: No additional Malware Detection alerts will be generated for these computers if no new infections are found in the next 24 hours. 
Even later, if a 4th PC comes in as infected, it will take this current information and append the newest PC to the top of the list. Almost like it's trying to fill up the allowed character space in the Description text box for the ticket.
In some instances, if only one machine comes through that has an infection, the ticket will have only information related to that machine.
System Center Endpoint Protection has detected malware on one or more computers in your organization Collection name: All Workstations and Laptops in Collection w/Excludes Malware Name: Trojan:Win32/Dynamer!rfn Number of infections: 1 Last detection time(UTC time): 1/2/2018 2:20:54 AM These are the infections of this malware: 1. Computer name: Domain: domain Detection time(UTC time): 1/2/2018 2:20:54 AM Malware file path: file:_C:\Users\xxxxxx\Desktop\MEDIA\BitCoin PD\Bitcoin Mega Pack [July - Aug 2017]\Simple Mining Calculator.exe Remediation action: Remove Action status: Succeeded To view further information about malware activity in your organization, run Malware Details Report. Note: No additional Malware Detection alerts will be generated for these computers if no new infections are found in the next 24 hours. 
Even in some instances, if multiple infections are found on the same machine, the ticket will reflect only that. As it's the only one to come through at the time.
System Center Endpoint Protection has detected malware on one or more computers in your organization Collection name: All Workstations and Laptops in Collection w/Excludes These are the infections of this malware: 1. Computer name: Domain: domain Detection time(UTC time): 9/23/2018 4:28:42 PM Malware file path: containerfile:_C:\Users\xxxxxx\Desktop\MASTERY\TECH MASTERY\BlockChain_BitCoin Ebooks\NiceHashMiner_v1.7.5.12.rar;file:_C:\Users\xxxxxx\Desktop\MASTERY\TECH MASTERY\BlockChain_BitCoin Ebooks\NiceHashMiner_v1.7.5.12.rar->NiceHashMiner_v1.7.5.12\cpuid.dll;file:_C:\Users\xxxxxx\Desktop\MASTERY\TECH MASTERY\BlockChain_BitCoin Ebooks\NiceHashMiner_v1.7.5.12.rar->NiceHashMiner_v1.7.5.12\CudaDeviceDetection.exe;file:_C:\Users\xxxxxx\Desktop\MASTERY\TECH MASTERY\BlockChain_BitCoin Ebooks\NiceHashMiner_v1.7.5.12 Remediation action: NoAction Action status: Succeeded Malware Name: Trojan:Win32/Tiggre!rfn Number of infections: 1 Last detection time(UTC time): 9/23/2018 4:28:12 PM These are the infections of this malware: 1. Computer name: Domain: domain Detection time(UTC time): 9/23/2018 4:28:12 PM Malware file path: containerfile:_C:\Users\xxxxxx\Desktop\MASTERY\TECH MASTERY\BlockChain_BitCoin Ebooks\NiceHashMiner_v1.7.5.12.rar;file:_C:\Users\xxxxxx\Desktop\MASTERY\TECH MASTERY\BlockChain_BitCoin Ebooks\NiceHashMiner_v1.7.5.12.rar->NiceHashMiner_v1.7.5.12\NiceHashMiner.exe Remediation action: NoAction Action status: Succeeded To view further information about malware activity in your organization, run Malware Details Report. 
What I am looking to get is one ticket PER computer that comes through as infected or having an infection. The only time they should be grouped is if it's the same computer with multiple instances, as in the last example.
I was advised that SCOM would handle this. However when I reached out to our Server Ops team, the manager there said that it was SCCM that creates the alerts and triggers the emails to Service Manager. So with that being said, is it possible to configure SCCM and/or Service manager in combination to create one ticket per machine without appending the data for another machine into it?
submitted by outerlimtz to SCCM [link] [comments]

New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website

New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website
Twitter user and malware researcher Fumik0_ has discovered a new website that spreads cryptocurrency malware, according to a report by Bleeping Computer on June 5.

According to the report, the host for transmitting these viruses is a website that imitates the website for Cryptohopper, a website where users can program tools to perform automatic cryptocurrency trading.

When the scam site is visited, it reportedly automatically downloads a setup.exe installer, which will infect the computer once it runs. The setup panel will also display the logo of Cryptohopper in another attempt to trick the user.

Running the installer is said to install the Vidar information-stealing Trojan, which further installs two Qulab trojans for mining and clipboard hijacking. The clipper and miners are then deployed once every minute in order to continuously collect data.

The Vidar information-stealing trojan itself will attempt to scrape user data such as browser cookies, browser history, browser payment information, saved login credentials, and cryptocurrency wallets. The information is periodically compiled and sent to a remote server, after which the compilation is deleted.

The Qulab clipboard hijacker will attempt to substitute its own addresses in the clipboard when it recognizes that a user has copied a string that looks like a wallet address. This allows cryptocurrency transactions initiated by the user to get redirected to the attacker’s address instead.

Trade Bitcoin and other cryptocurrencies with up to 100x leverage. Fast execution, low fees,available only on Bitseven
submitted by Bitcoin_Exchange7 to u/Bitcoin_Exchange7 [link] [comments]

Trojan lurking in Claymore Dual Miner?

I'd like to try out the Claymore miner because they advertise dual mining. When I browse to the GitHub site to download I get the big red warning message in the edge browser saying the site is unsafe.
Digging a little more is says that win64\svcminer.A is a file included that is causing the alert.
The symptoms to look out for are the files below in the drive windows is installed on. %SystemDrive%\winddk\tmp-1.bin %SystemDrive%\winddk\winddk.exe
Has anyone who installed claymore gotten any virus alerts? I'm wary of trying this now, I understand you pay 1% or so of whatever you mine by using claymore. The MS site says that Trojan is typically used to mine bitcoin slowing down your own mining
Here's the link to the claymore download on GitHub (proceed with caution)
Here's the link to MS security site that gives details on the Trojan
The technical information and symptoms tab have the details.
submitted by bender_rodrig to EtherMining [link] [comments]

Should I just reformart in this case ? (mbam log inside)

After many years of not installing random shit, I was not paying attention and something probably came with this trojan/bitcoin miner. I noticed it after 1-2 hours since I installed a game.
Should I reinstall windows 7 ? Also will it be less secure if I recover a windows 7 image with clonezilla instead,that I have configured for faster reformatint to not bother with drivers,programs etc.(that is some minutes after a clean install)
Mbam results :
Malwarebytes -Log Details- Scan Date: 3/8/18 Scan Time: 9:03 PM Log File: 74bc1e82-2303-11e8-8cf9-902b3434572f.json Administrator: Yes -Software Information- Version: Components Version: 1.0.262 Update Package Version: 1.0.4260 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ComfyBro\Thanos -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 239225 Threats Detected: 7 Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 6 min, 19 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 1 Trojan.Agent, C:\USERS\THANOS\APPDATA\ROAMING\MICROSOFT\TASKMGR\TASKMGR.EXE, No Action By User, [17], [373571],1.0.4260 Module: 1 Trojan.Agent, C:\USERS\THANOS\APPDATA\ROAMING\MICROSOFT\TASKMGR\TASKMGR.EXE, No Action By User, [17], [373571],1.0.4260 Registry Key: 0 (No malicious items detected) Registry Value: 1 Hijack.ShellA.Gen, HKU\S-1-5-21-2704255019-2560119109-2495872843-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, No Action By User, [11564], [187664],1.0.4260 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 4 Trojan.Agent, C:\USERS\THANOS\APPDATA\ROAMING\MICROSOFT\TASKMGR\TASKMGR.EXE, No Action By User, [17], [373571],1.0.4260 RiskWare.BitCoinMiner, C:\USERS\THANOS\APPDATA\ROAMING\MICROSOFT\TASKMGR\CX1\X86\DATA01.VJI, No Action By User, [84], [479764],1.0.4260 Generic.Malware/Suspicious, C:\USERS\THANOS\APPDATA\ROAMING\MICROSOFT\TASKMGR\AX1.F3K, No Action By User, [0], [392686],1.0.4260 RiskWare.BitCoinMiner, C:\USERS\THANOS\APPDATA\ROAMING\M.FJK, No Action By User, [84], [479764],1.0.4260 Physical Sector: 0 (No malicious items detected) (end) 
submitted by Petabyte_zero to AskNetsec [link] [comments]

Bitcoin Mining Malware removal?

Hey guys! I'm new here, and I really need help. So I downloaded an infected program, that contained Bitcoin Miners. Malwarebytes quarantined them, but 5 mins later quarentine was empty. So I searched one by one of the contamined .exe files (winnetsvces.exe and mswinlib.exe), and deleted them from Registry (before I came to this, I tried all antivirus possible). I'm an absolute noob when it comes to computers, and Reddit always saves me, but I found nothing this time. My PC is not running any weird services that slows it down, but it is overheating, so I guess I'm not safe yet. I think malwarebytes missed a couple of other infected .exe files and I have no clue on how to get mt PC back to normal! Apart from that, malwarebytes found "Trojan.Agent" on HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SysLinkMapper. This also disappeared from quarantine, but i have no idea what it is or how to clean it up. Please, help!
Thank you :)
PS: this is my first post, sorry if I did anything wrong
submitted by IrineiaRed to techsupport [link] [comments]

[Update]: Fug, I was hacked.

The result of my malware scan, in particular the lines below, was very interesting. Obviously I can't tell if MalwareBytes is correct in flagging these. Some of them indicated "PUP.BitcoinMiner" which seems valid but others were marked as "Trojan.BitMiner.TS" or "PUP.Proxy.BCM" ... those may very well be valid downloads but I do know that MalwareBytes did not indicate ALL of the Bitcoin miners I had downloaded...
M:\Bitcoin\ (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\ (PUP.Optional.BitCoinMiner) -> No action taken. M:\Bitcoin\stratum_proxy.exe (PUP.Proxy.BCM) -> No action taken. M:\Bitcoin\ (PUP.Optional.Cgminer) -> No action taken. M:\Bitcoin\stratum_proxy(1).exe (PUP.Proxy.BCM) -> No action taken. M:\Bitcoin\ (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\cgminer\cgminer-3.1.0-windows.7z (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\cgminer\cgminer-3.1.0-windows\cgminer.exe (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\phoenix-2.0.0\phoenix.exe (PUP.Optional.BitCoinMiner) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.03\poclbm.exe (Trojan.BtcMiner.TS) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.03\cgminer\cgminer.exe (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.03\stratumproxy\mining_proxy.exe (PUP.Proxy.BCM) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.03-2\poclbm.exe (Trojan.BtcMiner.TS) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.03-2\cgminer\cgminer.exe (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.03-2\stratumproxy\mining_proxy.exe (PUP.Proxy.BCM) -> No action taken. M:\Bitcoin\cgminer-3.8.2-windows\cgminer-3.8.2-windows\cgminer.exe (PUP.Optional.Cgminer) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.04\poclbm.exe (Trojan.BtcMiner.TS) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.04\cgminer\cgminer.exe (PUP.BitCoinMiner) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.04\cudaminer\cudaminer.exe (Trojan.BitcoinMiner) -> No action taken. M:\Bitcoin\guiminer-scrypt_win32_binaries_v0.04\stratumproxy\mining_proxy.exe (PUP.Proxy.BCM) -> No action taken.
submitted by whodkne to Bitcoin [link] [comments]

Trojan.bitcoinminer keeps coming back.

Edit2:No,still fucked Edit:I deleted a bunch of shady shit in my D drive aaaaaaand bam no trojans
Everytime i turn on windows 10 malwarebytes detects and quarintines Trojan.BitcoinMiner That it found in C/windows/System32/diskdriver.exe.I deleted it in the quarantine tab,but it the problem came back instantly after restarting windows. I have tried: Running Rkill and Running scan in malwarebytes,avast,Zemana AntiMalware. This doesn't really matter but sidebar says so: system specs Ryzen 3 1200 OC 3.8 ghz Arctic freezer 33TR (under 50c at all times)(not counting prime 95) MSI B350 Gaming plus 2X4gb Patriot Signature ddr4 2400mhz Asus Dual Gtx 1050 +100mhz on core,+500mhz on memory 120gb Kingston Uv400 120 gb ssd 1tb Seagate Barracuda Drive
submitted by suprduprkrkmania to techsupport [link] [comments]

Mystery file process running my CPU high

SOLUTION: I opted to just do a clean installation of Windows to avoid any chance of the malicious process remaining in effect.
A file was either added or modified on my PC yesterday as of this writing, asp.exe (in details also labelled aspy.exe) in a Microsoft .NET library folder. (C:\Windows\Microsoft.NET\Framework64\v4.0.30319)
It has been running my CPU at half load anytime it appears and it only seems to appear when connected online. It labels itself as Windows Antispyware Service in Task Manager, but Googling the name leads me nowhere near answers. There was also a log file I unfortunately hastily deleted alongside the .exe in a panic, as a Malwarebytes scan run recently revealed a Trojan dropper and a bitcoin miner in my Windows directory, labelling themselves as Windows and Defender Update services respectively.
Before I deleted the files, I scanned them with VirusTotal to the tune of mostly negative results with two notable positives listing it as "high confidence" in it being malicious and another calling it a "variant of Win64/BitcoinMiner.CS" []
Any suggestions on what this is? I already quarantined the existing threats and deleted this suspicious file so I think I'm alright for now, I just need to know if I deleted something important in a panic or if I stumbled upon a newer kind of malware.
UPDATE: the log file returned, so probably not related to the process itself, labelled as "ngen.log"
UPDATE 2: asp.exe returned to the same directory. Doing a clean install anyway, but any advice about this file and how it's appearing would be helpful.
submitted by MarioFreek01 to techsupport [link] [comments]

Marlin detected as a Trojan by antivirus?

I went to boot up Marlin today after not having used it for a couple days, and found that it wasn't booting as usual, and was in fact just coming up with a few lines about the name of my miner and the intensity. I tried to open it a couple more times, assuming that my computer might be just running slow, when suddenly my antivirus pops up and marks the marlin.exe file as a specific type of Trojan (Win32.LocalInfect.2) and deletes it after also classifying it as a Trojan.Dropper.
I also keep Bitcoin private keys on this computer. Should I be worried about any of this?
submitted by vertical_miner to siacoin [link] [comments]

Just the weirdest, most inexplicable sht I've ever dealt with in a rig. [PC, blackscreening, semi-random]

Hi all.
I'm utterly, utterly baffled. Stumped. Bemused. Befuddled. Bamboozled. I cannot explain this. At all.
I crash on my desktop, often (but not always) while opening Chrome. Crash can be 1m after boot, or 4 hours after boot. Machine blackscreens, stops responding, doesn't send anything to the monitor or respond to scroll lock or capslock.
Fairly standard - but I do NOT crash if there's a game running. Literally can run GW2 for as long as I need to, or warframe, or Titanfall, and it's solid as a rock.
I've arranged an RMA for my GPU as it's the most recent addition to the sytem (25 Feb 2014) and it was blackscreening on wake (but with a responsive PC/keyboard and the media server was still up), but I'm stumped. I've never seen anything like this.
What causes a rig to blackscreen when browsing or opening explorer, but doesn't have ANY problems when it's running high end games at max rez?
2500k @ 4.5GHz
R9 290 4GB Factory OC
700W Seasoninc PSU
1 SSD (OS + Games)
2 HDD (Stuff)
Midrange Gigabyte mobo, nothign special
8GB DDR3 @ 1600MHz
Win 8 64 Bit
etc etc.
EDIT: Memtest results are in. No problems found. Ran for 8 hours, zero errors.
Ran MS Defender, no viruses found.
Instaleld Avast, turned off MS Defender, full scan, no viruses found.
Files Detected: 11 D:\Media\Downloads\cgminer-3.8.5-windows.7z (PUP.Optional.Cgminer) -> Quarantined and deleted successfully. D:\Media\Downloads\DuplicateCleaner_setup (1).exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. D:\Media\Downloads\DuplicateCleaner_setup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. D:\Media\Downloads\FileBot-setup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. D:\Media\Downloads\ (PUP.BitCoinMiner) -> Quarantined and deleted successfully. D:\Media\Downloads\ (Riskware.BitcoinMiner) -> Quarantined and deleted successfully. D:\Media\Downloads\cgminer-3.8.5-windows\cgminer.exe (PUP.Optional.Cgminer) -> Quarantined and deleted successfully. D:\Media\Downloads\cpuminer\minerd.exe (Riskware.BitcoinMiner) -> Quarantined and deleted successfully. D:\Media\Downloads\LTC_minerz\poclbm.exe (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully. D:\Media\Downloads\LTC_minerz\cgminer\cgminer.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully. D:\Media\Downloads\LTC_minerz\stratumproxy\mining_proxy.exe (PUP.Proxy.BCM) -> Quarantined and deleted successfully.
Nuked 'em.
Wonder if I have (or hopefully had) a malware issue. GW2 is running in the background and it's still not crashed...
Ideas anyone? Am thinking about ordering a new CPU/Mobo and seeing if that fixes it - next on the list (after another crash) is going to be a W8 re-install.
OS re-installed and BIOS updated, still crashes. Definitely hardware. Definitely not RAM, definitely not storage (SSD or HDD). Crashes still independent of load - but most common when clicking on something (Firefox, Chrome or Evernote for example).
So the candicate list as far as I can work out is:
CPU (moderately likely, though stressing with linpack or OCCT or prime does not cause crashes, and it's happy while playing GW2) mobo (happy while gaming, unhappy when asked to execute a crappy little prgraom like Chrome. Weird? gotta be unlikely) PSU - Feeling like this is a likely candidate. GPU - but doesn't crash when rendering ~100 players at max res in GW2.
Soooooo.... can anyone think of a thing to test next?
Final edit: running on the onboard GPU on mah telly. Flawless, no crashes at all. I think it's the GPU, the 2D processing chip or whatever must've been borked.
Recap: new GPU, no crashes. All is now good!
submitted by SupahSpankeh to techsupport [link] [comments]

Adfly automatic download! Question about a zip file.

I opened adfly link and before i could click "skip this" it automatic downloaded a file "file4org", my first reaction was going to the tranfer folder and shift+delete the file. (I did not opened it). After i googled i found people having this same issue with automatic downloads from adfly however they always download .exe file not .zip. Then i downloaded the file again and run my antivirus (Avast) and it didnt detect nothing, then i ran malwarebytes and detected "trojan.bitcoinMiner". My question is the following i did not opened the zip file and i removed it with malwarebytes aswell "shift+delete" is my pc infected?
I leave here the link from here the file was downloaded if someone wants to see it
submitted by LoLDekuNuts to computerviruses [link] [comments]

What's going on with my PC?

I've been playing a variety of games recently, and until tonight I've had no problem running pretty much anything I could ever want on high or max settings. As of around 10:00 tonight, all of my games, no matter their graphical intensity, and many regular PC apps and programs, have absolutely tanked in performance. Where I was getting 1080p, 60fps in nearly every game maxed out JUST THIS AFTERNOON, I'm now struggling to get 30. I've gotten the error "Nvidia display driver stopped responding and has recovered" once, while benchmarking Forza 6 Apex. I did the same benchmark around 3 PM on May 8, and it clocked 55fps stable on Ultra. Later (around 11PM May 8), it struggled to hold down a stable 30fps. Same thing in Rocket League, which yesterday (May 7) I played at 60fps maxed out, tonight had framerates all over the place, with no stable FPS ever manifesting, at any graphical settings. What could be causing this?
Here's my rig specs: CPU: Intel Core i7 4870HQ @2.5Ghz idle, Turbo up to 3.9Ghz GPU: NVIDIA Geforce GTX 970M 6GB RAM: 16GB DDR3 HDD: 2TB (at around 42% capacity, most of my games are stored here) SSD: 120GB (at around 95% capacity, which didn't happen until recently. Much of the occupied space I can't seem to account for.)
I looked in Task Manager, and System and Compressed Memory has gobbled up a full 33% of my RAM and a chunk of my CPU as well (it varies widely). Opening the file location for the process takes me to System32, the program is ntoskrnl.exe, which is as far as I can tell a system app. There's apparently a memory leak issue with that executable, but I have no way of resolving it.
Google searches have revealed that I may be looking at a BitcoinMiner Trojan, but 3 separate antivirus apps (MalwareBytes, McAffee, and HitmanPro) all came up empty. I've thought about manually going through my system but I'm not sure where to look for something like that. I did find 7 or 8 .tmp files in my Temp folder in AppData/Local, all created at exactly the same time (8:12 PM on May 7, right after I stopped playing to go to the gym), which is apparently a marker of such a Trojan.
The March/April 2016 Windows 10 Update devastated my file system. I lost almost all my device drivers, including Wi-Fi Adapter and GPU. I've recovered all of what I lost since that happened, and I haven't had any noticeable issues from that.
submitted by grahamdalf to pcmasterrace [link] [comments]

Computer randomly turning off/on

Hi Reddit, so I have been having a problem with my computer for about 9 months or so where it will randomly turn off. I have noticed that it also turns itself on randomly as well. Sometimes it turns off and then turns back on again and is fine, however other times it will turn off, turn itself on, then turn off again after a couple of seconds and then repeat this process indefinitely until I unplug it. I built the PC myself just over a year ago with the following hardware:
CPU: Intel I7-4770K MoBo: Asus Z87I-Pro GPU: Nvidia Geforce GTX 780TI Classified RAM: 2 x 8 GB Crucial DDR3 SSHD: Crucial M500 240 gb HDD: WD Caviar Blue 1TB PSU: Seasonic m12II Bronze 620W CPU Cooler: Coolermaster Hyper 212X Case: Coolermaster N400 Mid
There is also an asus dvd drive in there as well but I am unsure of the exact model. So when I first build the computer it worked fine for about 6 months, then I moved into a new house. Shortly after this I replaced the CPU cooler with an Intel Thermal Solution TS13X. I cant remember if I was already having issues or it happened after this replacement but around this time I started experiencing the issues. The computer would randomly shut down (most infuriating when gaming) and reboot all by itself. There was no event in the event logs to say why it shut down, just the usual ones when the computer boots up.
About 3 months ago I decided to change my motherboard out, and replaced the Asus Z87 with an ASUS Maximus VII Hero, however the problem still persists. A couple of weeks ago I decided to change out my PSU for a Seasonic 80 Plus Platinum 1050W, however the issues are still there. A few days ago I changed the CPU cooler back to the original one, and I also disconnected the optical drive but these had no effect and it is still happening
With all of these changes all of the cables in the computer have been changed, the hardware has been taken out and cleaned and placed back in. I have tried plugging the computer into different power sockets to no avail. I have scanned the computer with AVG free and malwarebytes but nothing is detected.
It might be worth noting that a month or so ago I realised I had a bitcoin miner trojan on my computer masquerading as a steam exe but I deleted that and haven't seen any recurrence.
Sorry for the long post, but I am at a loss as to what it might be. I guess my next step is to take all the parts out of the case and see if they will run, to eliminate the possibility of a short circuit. If anybody has any ideas about what could be causing this, or if there are any tests which can be done then please let me know.
Thanks in advance for any help.
submitted by electroWINNING to computers [link] [comments]

Constant Malware problems recently despite (what I thought was) solid defense measures. Also, suggestions for security suites.

Firstly, I should point out that I am by no means any sort of computer expert so even though I think I am practicing some pretty safe internet usage there is the possibility I am very wrong.
Over the last month or so, I have been having a lot of problems with malware. At first, my laptop's fan starting running at top speed and it sounded like it would take off like a helicopter. I found that there was a bitcoin miner in my system. Removed that and now Malwarebytes keeps finding a trojan in the Firefox.exe which is sucking up all the cpu usage. I remove the problem then in a day or two it comes back again. Needless to say, my internet and laptop in general is running extremely slowly and is crashing a lot. I have no idea how or why.
Let me explain my current practices to keep my laptop safe:
On top of these programs I RARELY use P2P programs, I don't open attachments from people I don't know (I rarely open them even when I do know them) and I don't use porn websites (I know it's hard to believe but am lucky enough to have an amazing girlfriend!).
My laptop is only 1.5 years old. I keep Windows 10 and all my programs up to date.
I really have no idea what I am doing wrong or why this problem has only just come up recently after have no problems whatsoever for over a year.
Also, am not sure if this is connected or not, but in the last couple of days, have been having some problem with my battery. It is plugged in but the system is saying it is not charging, however, the percentage isn't going down. It has been stuck on 98% for the last few hours now. Not going down, not going up.
I am starting to think that I will dish out some money and grab a proper internet security suite. So advice of which is best? Was thinking Bitdefender Total Security 2016 for anti-virus, Malwarebytes for Anti-malware. Any suggestions for the firewall?
So yeah, sorry for the very long post but I would really appreciate any advice.
submitted by Matt_Ee to techsupport [link] [comments]

Possible Bitcoin-mining malware connected to steam

Whenever I open steam, my GPU clock jumps from ~135 MHz to a steady 1011MHz and the temp goes up to ~50c (40c with aggressive fan curve). This is just with steam open, no games running. As soon as I exit out of steam everything goes back to normal. I read about a bitcoin miner trojan disguised as steam.exe but I haven't been able to find anything suspicious like that in my processes and malwarebytes didn't detect anything. I also checked C:\windows\system32\tasks and \AppData\Roaming but I didn't see anything there either, of course I could be overlooking it.
I'm definitely not an expert on this kind of stuff but I'm starting to wonder if its actually a miner. Most of the cases I've read about had the GPU running at 95%+ which is more than mine is running. Could it just be a problem with steam or my GPU driver? My driver version is 353.30 and I made sure I am not opted into steam beta. Here are my specs without steam running. Here are GPU specs right after starting up steam. Not sure if it matters but I've also tried reinstalling Precision X before I noticed it was only happening when steam was open. Its also worth mentioning that I've been away from my computer for a week and a half and this was not happening before.
Any help would be appreciated, I would really like steam to not do this.
submitted by Plotze to techsupport [link] [comments] legit?
This link has a patch which claims to fix the ACU.exe crash bugs. I am having particular trouble with the crash after Sequence 2 (can't find any fixes at the moment). Anyone know if this site is legit? The fact that it asks for my GFX card makes me wonder if it's a bitcoin miner trojan. Thanks for any input.
submitted by Sjcolian27 to assassinscreed [link] [comments]

So, my "good guy" cousin knows how to download viruses with 1 hour.

apparently yesterday when i went to sleep and he used my pc, he managed to infect it, with various viruses.
Looking through the browser history he downloaded some torrents on TPB which on comments clearly says "VIRUS" and the torrent is some unknowm shit, god damnit im so mad... He's asleep right now and i need your help.
When i start up i get errors of some "Coinz.exe" and i cant open any programs, it doesnt allow me, immidiately closes it. What can i do right now other than format my HDD?
Edit: Somehow i managed to download a program called "Rkill", which terminated the virus softwares aka bitcoin miner and some various backdootrojan/spyware combo and i did a malwarebyte scan, this is what it got .
Am i good to just delete those or what else you suggest me?
submitted by tidder_reverof to techsupport [link] [comments]

Remove bitcoin miner trojan Virus (Virus Removal Guide ... Remove Program:Win32/CoinMiner How to remove Trojan.BitCoinMiner Virus - YouTube Bitcoin Miner Malware  Incredibly Stealthy! - YouTube How to Remove BitcoinMiner

Double-click MBSetup.exe and follow the prompts to install the program. When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen. Click on the Get started button. Click Scan to start a Threat Scan. Click Quarantine to remove the found threats. Reboot the system if prompted to complete the removal process. Business remediation How to ... When Trojan.BitcoinMiner is detected with a scan of Malwarebytes Anti-Malware your computer is infected with a Trojan horse. Once the Trojan.BitcoinMiner infected the target PC, it will use various ways to protect itself from being removed. This malware is designed by cybercriminals to use the GPU and CPU power to mine bitcoins on the infected system without your knowledge. A Trojan.BitCoinMiner is a computer infection that silently runs on your computer while using your CPU or GPU resources to mine for digital currencies. As the value of cryptocurrencies, such as ... Trojan.BitcoinMiner Toolbar aus Browser entfernen. Trojan.BitcoinMiner aus Firefox löschen: Entfernen Sie Trojan.BitcoinMiner über »Add-ons Erweiterungen« aus dem Add-on-Verzeichnis. Tippen Sie in der Adresszeile "about:config" und bestätigen Sie, dass sich sicher sind, was Sie tun. Page 1 of 2 - Bitcoin.Miner Trojan? - posted in Virus, Trojan, Spyware, and Malware Removal Help: Hope you can help as you appear to have helped another. Heres the previous post describing issue ...

[index] [44968] [36653] [11670] [42908] [24983] [46824] [16606] [10597] [49202] [3575]

Remove bitcoin miner trojan Virus (Virus Removal Guide ...

bitcoin miner exe MLM leaders. Loading... Unsubscribe from MLM leaders? ... How to diagnose and remove a bitcoin miner trojan - Duration: 4:57. EZOVERDOSE Recommended for you. 4:57 . What if you ... How to Mine Bitcoins Using Your Own Computer - Duration: 3:36. 99Bitcoins Recommended for you. 3:36. How to diagnose and remove a bitcoin miner trojan - Duration: 4:57. EZOVERDOSE 191,913 views. 4 ... Bitcoin Miners can tax your CPU and use up your system resources without you even knowing. When you open task manger to investigate, the malware process stea... How to diagnose and remove a bitcoin miner trojan - Duration: 4:57. EZOVERDOSE 183,712 views. 4:57 . How To Remove Virus Without Using Antivirus Program - Duration: 7:28. M H 3,052,821 views. 7:28 ... BitCoin Miner Virus - How to Detect and Remove It (January 2018) Trojan.BitcoinMiner is a heuristic detection designed to generically detect a Trojan Horse. ...