[SOLVED] i might have a bitcoin miner (hidden as windows explorer) screenshot in description

[NuKe_Volticity]

pls help

pic:
https://cdn.discordapp.com/attachments/690521607638351892/737906811562098768/unknown.png

 

[mdd1963]

Try a restore point (if they still exist) from before the date you picked up this unwanted guest....

you can also try MS Security (formerly known as Defender) full scan, and a full scan with both Malwarebytes AntiMalware and/or HitmanPro64....

 

[NuKe_Volticity]

anti virus did nothing

 

[Deleted member 2720853]

Which AV? Elaborate. Defender?

Download Malwarebytes and run a custom scan on all drives.

 

[NuKe_Volticity]

i use malware bytes ,totalav,rkill,process hacker,windows defender and still no detection

 

[NuKe_Volticity]

i went to process hacker and found this
C:\WINDOWS\explorer.exe --donate-level=4 -B --coin=monero --url=xmr.pool.minergate.com:45700 --user=okazyon000@gmail.com --pass= --cpu-max-threads-hint=50 --cuda-bfactor-hint=12 --cuda-bsleep-hint=100 --cuda-loader="C:\Users\Ahil Rajan\AppData\Roaming\WinCFG\Libs\ddb64.dll"

thats what it shows for explorer.exe

 

[dreamteam]

Yes it's the typical miner virus.
Hitman Pro should detect it and delete the unwanted file it can also scan the computer on startup before you see the Windows logo.
https://www.hitmanpro.com/en-us.aspx

 

[NuKe_Volticity]

Yes it's the typical miner virus.
Hitman Pro should detect it and delete the unwanted file it can also scan the computer on startup before you see the Windows logo.
https://www.hitmanpro.com/en-us.aspx

no but the miner virus starts around 4 hours after startup

 

[dreamteam]

no but the miner virus starts around 4 hours after startup

doesn't matter when it starts. the Hitman Pro will just delete that file.

when the virus is running just try to suspend or stop that process with process hacker and then run the Hitman Pro

 

[Ralston18]

If Hitman Pro does not work then there another thing you can do.

Look in Task Scheduler.

Look at the Names, Status, and Triggers.

Anything with a "4 hour" trigger should be further investigated.

An any names that you cannot identify should also be investigated further.

 

[mdd1963]

I'd look at Freefixer as well if the AVs do not help, you might be able to delete the entry that starts the miner... (Alas, many will start the miner, then delete themselves to evade detection, but, recreate the entry at shutdown, making finding it problematic at best)

 

[NuKe_Volticity]

ok