Jump to content

Search the Community

Showing results for tags 'Bitcoin'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. DON'T PAY RUSSIAN CRYAKL RANSOM - YOU WON'T GET YOUR FILES BACK If you pay the typically demanded 3 btc (US$12,000) then they'll say "Pay full price 5 btc", US$20,000 and even if you pay that you still won't get your files back. CL Above is the latest version from Russian criminals which changes your file names and starts with the email to contact them. Typically the email is from aol.com (eg email-magna_bellator@aol.com) or india.com (eg zaloha@india.com). They will ask for 3 bitcoin today and 5 tomorrow. What do you think happens when you pay 5 bitcoins ..... the price goes up again. I encourage you to contact the FBI to track them down and your state Senator in the US and put pressure on AOL to stop assisting these criminals.
  2. I am kind of seriously frustrated. I did report false positive IP addresses before for Geth.exe (Ethereum) and Parity Technologies ( https://parity.io/ ) I can't just report a couple of Ips that I added to the exclusion list... because I think that the applications calls a lot of different Ips. Since it's P2P.... I am doing Blockchain development with ETH and when I'm in my powershell I keep seeing Blocked Ips every single sec. So I have to quit Malwarebytes to continue my work. It's so so so so so so annoying. I added the applications to the exclusion list, VIA folder. It still gives those annoying popups. I hope someone investigate what Ethereum is. Do you care?
  3. I was trying to create a Jaxx bitcoin wallet using the Jaxx Chrome extension and Malwarebytes blocked its access to btc.blockr.io Everything I have read leads me to believe this is a false positive. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/8/17 Protection Event Time: 11:41 AM Logfile: Administrator: Yes -Software Information- Version: Components Version: 1.0.103 Update Package Version: 1.0.2111 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: btc.blockr.io IP Address: Port: [63085] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
  4. If an application is bitcoin-mining your PC which could cause potential hardware damage, will Malwarebytes detect it and eliminate the threat?
  5. Hello hard working malwarebytes community, as the thread title states I've caught a bitcoin virus which masquerades as the Java Update Scheduler (jusched.exe) and which starts by itself (even after killing the process several times) and makes my graphics card run at maximum power (as expected). I'd guess the other one in the task manager (Java Update Scheduler (32 bit)) is the original. Now I've read a couple of posts on this in this forum about the virus and the cleaning process and have already run Malwarebytes Anti-Rootkit with no findings and ESET Online Scan found the threat under: Now I am unsure whether simply deleting the files will fix my problem or if other actions on my part would be advisable. I figured this would be the best place to ask for help. Thanks in advance! Best
  6. Hi, I've found a Bitcoin miner trojan in my PC, as the title says. It is located in svchost.exe and it opens a process that uses 50% of my CPU and 90-100% of my GPU. Even if I kill the process, the GPU keeps getting hot and being used at 100%. I've tried to remove the malware with MBAR, but it crashes when scanning registers and directories, so it isn't able to start the cleanup process. I've also tried using MBAM, but after it eliminates it and I reboot my PC, the malware is still there. I don't know what to do, please help me. I have attached to this post both the results of the Farbar scan. Addition.txt FRST.txt
  7. Hello, I've recently found through malwarebytes that I have two bitcoin miners, called SVChost. Malwarebytes cleaned everything else up, but couldn't remove these two. I found a thread where the issue had been resolved for someone else here: https://forums.malwarebytes.org/index.php?/topic/125534-cant-remove-bitcoin-miner-and-svchostexe-virus/ Unfortunately, the part where MrCharlie tells him what to delete with Roguekiller, I can't quite make out what he means. I'm running windows 7 x64. Please help! Thanks! PS: I've attached my RogueKiller report! RKreport_SCN_07052015_221650.log
  8. Hey there, some updates made to ESEA CSGO Anti-cheat making it always running on your computer, it can read + analyse data and memory on your pc and send it to ESEA servers. ESEA is ''trusted'' and the worlds best anti-cheating system for PC. But my question is this, in 2013 a ''rogue employe'' injected malware into the anticheat that made it mine bitcoins and destroy a lot of ppls computers and this was when they made it running fulltime and they then changed it to only running when playing CSGO ESEA. They did get sued for a million dollars tho and had to pay that Now they are gonna make it running fulltime on your PC and like the question is should I trust them? I play CSGO competively and I do it on ESEA because I dont like cheaters. And will MBAM detect any ''behaviour'' which is malicious if that occurs? They literally have 100% full acess to your computer with their anti-cheat its not like usual ones, so yeh its a bit scary! Thats the price you pay to play without cheaters. Also one last question, did MBAM detect it back in 2013 when a rogue employe added malware bitcoin miner into it?? Just curious!
  9. I get the following in my protection log: Detection, 5/9/2015 9:29:26 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, c.icolor19495344.com, 49253, Outbound, C:\Windows\System32\wscript.exe, Detection, 5/9/2015 9:29:26 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, c.icolor19495344.com, 49253, Outbound, C:\Windows\System32\wscript.exe, Protection, 5/9/2015 9:34:40 AM, SYSTEM, ENCHILADA, Protection, Malware Protection, Starting, Protection, 5/9/2015 9:34:40 AM, SYSTEM, ENCHILADA, Protection, Malware Protection, Started, Protection, 5/9/2015 9:34:40 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, Starting, Protection, 5/9/2015 9:34:41 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, Started, Detection, 5/9/2015 9:34:44 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, cryptexplorer.us, 49173, Outbound, C:\Windows\System32\wscript.exe, Detection, 5/9/2015 9:34:44 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, cryptexplorer.us, 49173, Outbound, C:\Windows\System32\wscript.exe, Detection, 5/9/2015 9:34:47 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, cryptexplorer.us, 49195, Outbound, C:\Windows\System32\wscript.exe, Detection, 5/9/2015 9:34:47 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, cryptexplorer.us, 49196, Outbound, C:\Windows\System32\wscript.exe, Detection, 5/9/2015 9:34:47 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, cryptexplorer.us, 49197, Outbound, C:\Windows\System32\wscript.exe, Detection, 5/9/2015 9:34:47 AM, SYSTEM, ENCHILADA, Protection, Malicious Website Protection, IP,, cryptexplorer.us, 49199, Outbound, C:\Windows\System32\wscript.exe, I've run farbar and attached the frst and addtion files. Please help -- thanks in advance!Addition.txt FRST.txt
  10. Everytime i turn on the PC my antivirus tells me that there is a virus called Isass.exe, I didn't really care until i opened the task manager and found out that there was an other program called svchost that was using up to 90% of my CPU, I don't know if thees 2 issue are related to each other, i looked up on google and found a lot of threads about this but i couldn't really make them disappear, thanks to a topic from this website ( https://forums.malwarebytes.org/index.php?/topic/125534-cant-remove-bitcoin-miner-and-svchostexe-virus/) I am now able to remove thees problems but every time i reboot the system i have to repeat the process because the programs are there again. I would appreciate some help from someone that knows how to deal with this stuff also because I'm italian and it is kind of hard to explain everything in a proper way..I hope i've been clear. i'm attaching a screen of the warning i got from the antivirus.
  11. Hello, The problem suddenly occured earlier today when I started my computer. GPU usage and temperatures are normal few seconds after I log into the windows, but afterwards they start raising very quicly. Currently on idle, GPU usage is 99% and temperatures around 60-70c. Any ideas? - Juha
  12. over the past month, I've noticed my computer overheating a lot, freezing, crashing, and getting the blue screen of death. Could anyone help me find out if I have a virus or not? because im pretty sure I do, my computer overheats so easily. It takes less than an hour to overheat to the point that my computer screen freezes and crashes.
  13. Hi, I am running Malwarebytes Pro (up to date) and when ever I start up my Bitcoin-qt desktop wallet (Windows x64 and latest version of wallet) Malwarebytes Pro will block an Inbound request from When I run a Whois on that address it comes up with a company called Voxility.com. If I attempt to Google for Voxility (only the name Voxility, and not Voxility.com) it will block an Outgoing request for that site. (as shown in attached image) Is this site a known bad actor, and why would my Bitcoin-qt wallet be a target. (apart from the obvious) Are they specifically known for targeting Bitcoin wallets? Regards, Richard
  14. My GPU usage shoots up to over 90% when idle, however it drops immediately to 0% if I open up task manager or process explorer. Here's the results from my most recent scan. Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 10/21/2014Scan Time: 6:54:33 PMLogfile: Administrator: Yes Version: Database: v2014.10.21.11Rootkit Database: v2014.10.21.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows Vista Service Pack 2CPU: x64File System: NTFSUser: Talha Scan Type: Threat ScanResult: CompletedObjects Scanned: 315530Time Elapsed: 7 min, 42 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 1PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-573855463-500972957-3789785844-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [421dc651b2ca3402a3342b255ea521df], Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end)
  15. i see a couple of saspsus programs and i have run both kaspersky and malwarebytes and nothing comes up i have also googled on program and it says bitmine virus so help plz thank you for your time FRST.txt Addition.txt
  16. Hi, Using Catalyst Control Center, and MSI Afterburner it has come to my attention that while idleing, my GPU usage is maxed out a 99%, but is done so in such a way that the card is not overheating which would increase the fan speed and make the issue more noticeable. I concluded that this was a mining malware using my card for hashing, most likely either for litecoin or bitcoin. I ran a full scan with Malwarebytes anti malware Pro and mbar.exe but I found nothing. Any help is greatly appreciated. This will be my first time requesting malware removal assisstance. Ellis
  17. Hello all. I am using regulary MalwareBytes Anti-Malware PRO. It was working amazing, but these late days erm.. maybe not. I have seen some notifications of Malwarebytes that the anti-malware is blocking some malicious websites. This was so annoying and I updated & full scanned my pc, it found 4 threats. The threats are; PUP.Optional.PrimeMiner - located in C:\WINDOWS\hev.exe (quarantined successfully) Trojan.Miner - located in C:\WINDOWS\system32\libcurl-4.dll (quarantined successfully) Trojan.Miner - located in C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\Cache\libcurl.dll (quarantined succesfully) PUP.BitcoinMiner - located in C:\WINDOWS\system32\winlen.exe (quarantined succesfully) However, I'm still getting notifications that the anti-malware is blocking malicious websites. Common blocked IPs are: and Like shown in photo: and Is this False Positive or not? I am infected? Sincerely, TheVaLo
  18. Firstly, I would like to thank everyone for any help I can get. The issue started off when I noticed some strange behavior whereby my graphics cards seems to be working at 99% load all the time. I have download Malwarebytes and performed a scan on my PC. It seems that my PC has been infected with some sort of Bitcoin mining malware disguised as svchost.exe and has been utilizing my GPU at full capacity for the past weeks. The good news is Malwarebytes was able to quarantine and have everything under control (well done I must say, Kaspersky is not very useful since it could not find the malware), the bad news is that the malware is still on my PC. It comes back to haunt my GPU everytime I turn on my PC. Attached are the files from the Farbar recovery scans. Any assistance will be greatly appreciated Addition.txt FRST.txt
  19. Hello, Almost all my files got decrypt by malwarebytes and it requires me to pay 1 BTC in order to decrpyt all the files in my PC. But my problem is i do not know how to use buy or use BTC. can i pay using paypal instead of using BTC? here's the problem that i am getting: http://screencast.com/t/H2Kstwvilbz Please help because i want this to FIX ASAP!
  20. Hi! The air vents of my laptop release hot air all the time, videos lag after a while until I move the mouse and my laptop overheats (it even shut down a few times due to overheating). I researched a bit and I reckon this is a bitcoin miner virus. I have no antivirus (sorry). I also download a lot of torrents but I check other users comments to make sure that there is no virus (sorry, again). Previously videos only lagged but the laptop didn't overheat, now it does. This is my only computer and is infected. I am using MouseController to keep the mouse moving and avoid overheating. Please help. Thanks.
  21. Hi, For almost a month I've had a problem that many people seem to have: my GPU would go to 99% activity in Idle. Uninstalling and installing drivers doesn't change anything. I've "solved" this by disabling and re-enabling my graphic card from the "device management" every time I start my PC, but I know it's not a solution. I've run Malwarebytes Anti-Malware and it found 5 miner that were quarantined, including svchost, but after the restart it started like nothing had happened and again 99% activity. I've run the DDS and this is what I've got: attach.txt dds.txt Thanks for any reply, I really don't want to format and re-install everything, so any help will be really appreciated. Pietro
  22. Trojan.Bitcoinminer has infected my pc which i suspect came when i tried to download adobe reader. Except MBAM, no other software is able to detect it. Once it is deleted, it comes back. Tried MBAM antirootkit with no success. I think the infected files are Phatk121016.cl, poclbm130302.cl, scrypt130511.cl, diablo130302.cl, diakcgn121016.cl along with zlib1.dll and some other files. All are located in windows/temp. I would have attached the dds logs but i am not able to run it. It says "cannot run in compatibility mode. dds will exit now." Your help is appreciated Thank you.
  23. I have long awaited this to happen and already purchased a pro licence. Many thanks for accepting bitcoin and I really hope that it will boost your sales in the future. Keep up the good work. theweirdguy
  24. Hi - I had an infection that continually put a bitcoin miner exe file in my C:\Windows folder and it started up randomly. Some of these were caught by Malwarebytes but most were not, but even after deleting them, new ones reappeared, always with a different name (e.g. moy.exe). Tried everything, went through all the advice on this forum, nothing worked. I tried a competing software programme (not sure if I'm allowed to mention the name here) and it was found. Details: C:\Windows\System32\wensrSvc.dll Size . . . . . . . : 1,688,064 bytes Age . . . . . . . : 10.9 days (2014-01-06 22:34:18) Entropy . . . . . : 7.9 SHA-256 . . . . . : A519FA9B9E916959EF9751DBB3AECAE561D20BD67C60791363DB14FFBFBB68C3 Service . . . . . : wensrSvc Fuzzy . . . . . . : 26.0 Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Starts automatically as a service during system bootup. Authors name is missing in version info. This is not common to most programs. Version control is missing. This file is probably created by an individual. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Time indicates that the file appeared recently on this computer. Startup HKLM\SYSTEM\CurrentControlSet\Services\wensrSvc\ Anyway, it's totally fixed now (thank goodness!) and I wanted to warn other users of this. Simple to remove, just delete this file and any similar ones (there was also a wensrSvc.ocx file). Best of luck!!
  25. Hi has been blocked today, and I was wondering why, since it is the premier bitcoin discussion board. I don't want to white list it yet if there is good reason. thank you.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.