Jump to content

KHRZ

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by KHRZ

  1. Ok so this is the guy I'm looking for... Credits: Sunny King for the original Primecoin client&miner
  2. Amazingly, I good old notepad might have solved the mystery. Near the end of the large program body is this: DeregisterEventSource ・ReportEventW }RegisterEventSourceW ADVAPI32.dll 6 WSAIoctl WS2_32.dll ・HeapAlloc 1TerminateProcess BUnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent ・RtlVirtualUnwind ・RtlLookupFunctionEntry ・RtlCaptureContext OGetSystemTimeAsFileTime HeapFree HeapReAlloc ~WideCharToMultiByte ・GetConsoleCP ・GetConsoleMode pGetCommandLineA TRaiseException ・RtlPcToFileHeader ・RtlUnwindEx EncodePointer DecodePointer ?FlsGetValue @FlsSetValue >FlsFree ・SetLastError =FlsAlloc HeapSize \GetCPInfo SGetACP GetOEMCP IsValidCodePage ・GetModuleFileNameA HeapSetInformation ・HeapCreate LCMapStringA LCMapStringW ・SetHandleCount 9GetStartupInfoA DeleteCriticalSection SetStdHandle #GetProcessHeap ・WriteConsoleA ・GetConsoleOutputCP ・WriteConsoleW KFreeEnvironmentStringsA GetEnvironmentStrings LFreeEnvironmentStringsW GetEnvironmentStringsW GetCurrentProcessId ・LoadLibraryA InitializeCriticalSectionAndSpinCount kGetTimeZoneInformation =GetStringTypeA @GetStringTypeW ・GetLocaleInfoA R CompareStringA U CompareStringW SetEnvironmentVariableA ⅷQ bz Xz \z `z sz jhPrimeminer.exe OPENSSL_Applink Apparently it was mining primecoins... not sure if I should be relieved, could also have been doing naughtier things?
  3. I noticed my laptop fans were loud when it shouldn't be heavily loaded, I checked task manager and there was an svchost at 25% CPU (a full core). I checked it's location, which wasn't system32 but user\AppData\Roaming\Microsoft\Windows\svchost.exe. Also the file size is 619kB, not 27kB like in system32. I checked online and people are saying windows doesn't have any svchost outside sistem32, it must be malware. But both malwarebytes and spybot says it's clean when I scan it. Though malwarebyes found a registry entry called something PUP.iminient that I removed. I still have the svchost file though. Is it just harmless without the registry entries? Can I find out what it does?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.