[SOLVED] I have a miner that is not detected by any scanner programs

Toggle sidebar Toggle sidebar
A

asb1n

Feb 4, 2022
8
0
10
I recently did a scan on my pc after a large group of downloads using malwarebytes, it detected and deleted a couple miners, although my GPU is still 100% busy when task manager is not open, i tried downloading process hacker, but this miner seems to dodge it as well
Please help
My hardware:
Processor: AMD Ryzen 5 3600(3,6GHz)
GPU: RX 5700
16 GB RAM
Software:
Windows 10 Pro, ver. 21H1, build:19043.1466
 
Last edited:
Solution
USAFRet
Drive space is cheap, software is free and easy.
There is NO reason to lose data from something like this.

Not much different than if that physical drive had died yesterday. They do that.
Sort by date Sort by votes
Ralston18 said:
Update your post to include full system hardware specs and OS information.,

= = = =

Also look in Resource Monitor to see what else may be going on....

Try Process Explorer (Microsoft, free).

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

Process Explorer may be able to reveal what is running.
Click to expand...
Ok, just updated my post and downloaded Process Explorer, it seems that Process Explorer CAN actually detect it, i'll attach a couple of screenshots below
It is named powershell.exe and has a child process named conhost.exe
Howerer, i can't do anything with it, as it has absolutely no information on it's directory whatsoever when i try to inspect it through Process Explorer
How can i get to it?


Screenshot
 
Upvote 0 Downvote
asb1n said:
Ok, just updated my post and downloaded Process Explorer, it seems that Process Explorer CAN actually detect it, i'll attach a couple of screenshots below
It is named powershell.exe and has a child process named conhost.exe
Howerer, i can't do anything with it, as it has absolutely no information on it's directory whatsoever when i try to inspect it through Process Explorer
How can i get to it?


Screenshot
Click to expand...
powershell and conhost.exe are not necessarily bad. They are a part of Windows.

Now....they may have been hijacked by whatever malware you installed.
 
Upvote 1 Downvote
USAFRet said:
powershell and conhost.exe are not necessarily bad. They are a part of Windows.

Now....they may have been hijacked by whatever malware you installed.
Click to expand...
Yeah, i just know it's them because when i open Process Hacker and my GPU is at 100%, these two processes are rapidly closed, and then GPU is down to normal again
The miner seems to be detected only by Process Explorer(By that i mean that these two processes don't exterminate themselves when it is opened)
 
Upvote 0 Downvote
Given that, your best option might be to revert to a previous Restore point, or whatever full drive backup method you use.
Sometime before this download and infection.
Or, a full wipe and reinstall.

Since your AV and MWB found some things and 'cleaned', and you still have this process acting up....what else might be in there, currently undiscovered?
 
Upvote 0 Downvote
USAFRet said:
Given that, your best option might be to revert to a previous Restore point, or whatever full drive backup method you use.
Sometime before this download and infection.
Or, a full wipe and reinstall.

Since your AV and MWB found some things and 'cleaned', and you still have this process acting up....what else might be in there, currently undiscovered?
Click to expand...
I'm afraid that if i dont find a solution for this, a reset is the only thing i will be able to do, which is quite problematic because of the number of files that i will be forced to lose 🙁
 
Upvote 0 Downvote
asb1n said:
I'm afraid that if i dont find a solution for this, a reset is the only thing i will be able to do, which is quite problematic because of the number of files that i will be forced to lose 🙁
Click to expand...
A reinstall, or whatever, should never ever result in loss of data.

Backups are your friend.

I have 6x physical drives in my current system.
Right now, if any of them were to fail, or I have to do a full wipe and reinstall (actually a recovery), of ALL of them...The most I might lose is whatever I did between midnight and Now().
 
Upvote 0 Downvote
USAFRet said:
A reinstall, or whatever, should never ever result in loss of data.

Backups are your friend.

I have 6x physical drives in my current system.
Right now, if any of them were to fail, or I have to do a full wipe and reinstall (actually a recovery), of ALL of them...The most I might lose is whatever I did between midnight and Now().
Click to expand...
Good for you, because i've never ever done a backup in my life, well, i guess i'll learn from my mistakes, but for now, my current data is a lost cause for sure, lmao
 
Upvote 0 Downvote
USAFRet said:
Why not start NOW?
Instead of before this potential wipe and reinstall.

Just don't bring in any of those "files" you downloaded recently.
Click to expand...
The thing is, i don't actually know where this malware could sit, so i'm kinda suspicious of bringing any of my recent data to a copy
 
Upvote 0 Downvote
USAFRet said:
Drive space is cheap, software is free and easy.
There is NO reason to lose data from something like this.

Not much different than if that physical drive had died yesterday. They do that.
Click to expand...
By the way, would you reccomend me to reinstall windows completely, or do a system reset in this situation?
 
Upvote 0 Downvote
asb1n said:
By the way, would you reccomend me to reinstall windows completely, or do a system reset in this situation?
Click to expand...
Full wipe and reinstall.

How To - Windows 10 clean install tutorial

If you are looking for the Windows 11 Clean install tutorial, you can find that here: Windows 11 Clean install tutorial (Click here) Otherwise, welcome to the Windows 10 Clean install tutorial This tutorial is intended to help you, step by step, to perform a clean install of Windows...
forums.tomshardware.com forums.tomshardware.com
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom