Jump to content

abandonedface

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by abandonedface

  1. I downloaded a fairly unassuming torrent a few days ago for a major game release, and installed it as normal. 2.5 days later, I start up my PC and immediately notice on MSI Afterburner that both my GPUs are running at 99% load, when I have no games running at all. I closed all background programs, including Steam, and looked through my task manager for suspicious processes. Sure enough, I found a steam.exe running, and when I closed it, my GPU load dropped to zero on both cards. This was obviously a bitcoin miner. After a quick Google search, I found that this is a pretty common practice. The fake steam.exe hides in C:\Users\<username>\AppData\ somewhere. I found it in ...\AppData\zombies\Reversed\. The "Last Modified" date was the same time as I had installed the pirated game. I deleted the folder entirely, as I did with the scheduled task in C:\Windows\System32\Tasks\ that began with "Steam-" that it had created to start itself. However, before I did so, I scanned this folder with both MalwareBytes and Microsoft Security essentials directly using the right-click menu option, and each time they said that no malicious items had been found. So naturally, I have a few questions. (1) Have I done enough to remove the miner? (2) Why did neither MWB nor MSE catch this when it was (a) loading up my GPU, or (b) when I told both programs to scan the folder in AppData? (3) Is it possible that a keylogger was implemented in this program, or that my passwords for Steam, LastPass, etc. have been captured somehow?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.