Search the Community
Showing results for tags 'bitcoin'.
Found 21 results
-
So I've been having this problem for the last few days, my PC was pretty slow so I ran malwarebytes and it found a lot of stuff, then got rid of it but they came back with every reboot so I started looking into solutions online, I guess I've managed to get rid of a few of them by running a lot of different cleaning tools but "conhost.exe" always comes back after reboot. There was also some exes called lsmose and mysa1 mysa2 and mysa3 which I found out online that are bitcoin miners. I can stop the conhost manually by stopping some processes but it comes back after every reboot so I would really appreciate some help. I already ran FRST and attached the files, also not sure if this changes anything but these are the cleaning tools I used: malwarebytes, hitmanpro, roguekiller, mbamantirootkit and combofix FRST.txt Addition.txt
-
hi everyone i am Rodolfo Gilliland. i am new on here...guys let's introduce with each other
-
I have recurring problem during transacting bitcoin from one wallet address to another wallet. My problem is i cant copy the exact address that i have and when i copy paste to all platforms like ie messenger, notepad, word the same wallet address will always puff up. I tried to do some testing by copying partial of the wallet address and then paste again another portion which it was successful in notepad. After that I tried to copy and paste the address many times on the same notepad without any problem. But when i tried to copy and paste in the messenger, the first attempt of pasting it, it give me blank- i cant paste it. But on second attempt the same wallet address puff up again. I tried to do some research and they told me to have virus scan using malwarebytes to which i have a premuim subscription. I tried to scan using malwarebytes but it always gave me zero detection. I even bought Kaspersky total security and have a full scan still no detection. I tried to restart my laptop but still the problem persist. Pls do help because this matter gave me headaches. Thank you. -
Hi, I get this famous RiskWare.BitCoinMiner on my server Windows 2016. I don't now how cause it was a fresh installation. fresh installation because the first one was infected with the same malware. it's a poison i don't know what i can do... I take Malwarebytes, so i make a first scan on the server, he find RiskWare.BitCoinMiner, and remove it. good for now... But the riskware back again, and now, malwarebytes find nothing. The place of rundll32.exe who use processor : C:\Windows\Microsoft.NET\rundll32.exe This malware kill my server, i try lots of thing for remove that and i don't find useful tips. Thanks for your time and your help. Sorry for my english, i'm french. Addition.txt FRST.txt malwarebytes_scan.txt -
Hello there, new to the forums for Malwarebytes. Above is a picture of the recurring problem that has been happening for the past few weeks now. This started when my younger brother installed many freeware and software for video games (including shady websites for hacking video games). Now the laptop (A Razer Blade GTX970M) has been sluggish for quite some time now. Scanning with the anti-malware kept finding this program which could not be removed simply. Quarantining it doesn't keep it quarantined, instead it changes its file name to something else. My father and I have been trying methods to get rid of the virus but to no avail, we couldn't. I am now simply asking help on how to get rid of this virus. Thank you to those who will help. -
Hello! When i start my computer and check task manager then i see that something called vgost or something with tools picture takes the most cpu. I end task always and find the location first and delete it, but it always come back! Can anyone help me with this? Last time i deleted 5 of those with malwarebytes, but they come back after restart. Can anyone help?
-
FWIW if it helps someone. Sorry I can't find the string(s) I was in originally. Had a problem with the coinhive mess, but I didn't know it. Machine slowed to a crawl and task manager showed chrome using more than 80% of CPU. Used adw, FRST, eset, malwarebytes, CC, researched for eons. Tried everything written on this subject here and everywhere else. Nothing. Only a problem in chrome. So bit the bullet and removed all addons, etc from chrome... went away. Started adding things back. Turned out, AdRemover FOR chrome was the culprit. Would never have known the miner was there if not for malwarebytes warning me of the problem. It couldn't remove it I suppose since it's a "legitimate"? program? At any rate, my i7 with 32 gigs of ram and an nvidea 930 once again runs like an i7 with 32 gigs of ram and an nvidia 930.
-
PC got infected with an extremely hard to remove malware. It keeps creating a fake conhost.exe file in Windows/SysWOW64, as well as fake Adobe folders in AppData/Local. No rootkit/AV/Anti Malware program has been able to detect it. It starts up shortly after the PC boots, and its presence is known as soon as MalwareBytes blocks the RiskWare.BitCoinMiner process while doing live scans. The source of this process still cannot be found/cleaned, only the BitCoinMiner process it starts up every hour or so. It will close a majority of programs that run with cmd prompt, will close the browser when trying to search for specific keywords, and tries to blue screen if the user attempts to close or restart the PC. It doesn't seem to run in safe mode. After the malware "starts", FRST keeps getting closed whenever I try to launch it. Should I try to get the logs as soon as my PC boots (before the malware has a chance to start up), or should I get the logs in safe mode? Any help is appreciated! -
Hi, I managed to download a bitcoin miner while downloading mods for GTAV, and no matter how many times I scan using malwarebytes it won't go. After the system restart it persists and slows my PC down so much that it struggles with even CS:GO. I can't download FRST or RogueKiller because as soon as I type it in any browser, the browser closes as if the malware is closing it before I can use either tool to kill it. Please end my suffering lol
-
Hi guys. I recently started to notice that whenever I play a game, any game, I get a smooth 120 fps but then after a couple of minutes it drops to about 20 to 10 fps. I found out after some time what the problem was. When I opened task manager I could see that 2 processes are using like 90% of my gpu. They were called csrss.exe (Client Server Runtime Progress) and Desktop Window Manager. I did some research as to why they are doing this and some stuff I read said that it could be a bitcoin generator or something like that. It happens with every game I play. Csgo, Fallout4, you name it. The funny thing is when I am in game, I guickly alt tab to task manager and then for a good 2 seconds I can see these 2 processes use like 90% of my gpu, but then it immediately goes down to 1% after these 2 seconds. Can someone please tell me what the problem is and if it a malware?
-
Hello, I scanned my computer with the free version of malwarebytes and the scan came up with a few infections. I deleted these files and the registry entry in both regular and safe modes but it seems that they are being created each time the system is booted up. Attached is a screenshot of the scan results and the infected files. I'm running Windows 7 Home Premium 64-bit. Any help on how to get rid of these? Thanks! -
For quite some time I had CPU usage issues that appeared to be coming from the WMI service. I figured out a workaround which was to shut down the service called "WMI" but this wasn't ideal as it would need to happen on each reboot. I have also discovered a service called NVU which claims to be NVIDIA driver updater but I suspect it is also fake. Today I figured out that WMI was a Bitcoin Miner virus and I was able to find the associated files. I could have removed them manually but I got Malwarebytes to scan and remove them for me. On reboot now, my CPU is back to normal and those questionable files are gone. However, the WMI and NVU "services" still appear in the list of local services. I can no longer start or stop them (just get an error) I'm just wondering how to remove the fake services.
-
Now many Hacker targetting Bitcoin / Cryptocurrency. as it can make Big money Some try to Install malware in our computer such as https://www.cylance.com/en_us/blog/threat-spotlight-cryptocurrency-malware.html I hope malwarebytes pay more attention to this kind of malware
-
Need help on removing this virus on my laptop. I think there are still other viruses so I need all the help I can get. Since I already ran malware bytes the only persisting problem is the riskware.bitcoinminer. For some reason it can't be removed and it also clogs up the quarantine on malware bytes. Addition.txt FRST.txt -
Hello, My name is Ethan and I'd like to request help with malware/rootkit/ad/etc removal. To give you some background, I recently got infected with THIS file. It changed my browser, redirected pages to "eatyellowmango. com", changed file names to ".bat", installed bitcoin miners, 100% CPU usage, and much worse. After 10+ hours of running every AV program I knew, it's mostly gone; but I'm still having issues with what I believe is "Adware.Yelloader" and rootkit(s). I've also gotten a BSOD message three times, saying "irql_not_less_or_equal", but that stopped now. So far, I've ran the following programs: Rkill, Malwarebytes, Chameleon, Zemana, AdwCleaner, HitmanPro, SUPERAntiSpyware, Webroot SecureAnywhere, AVG, Avast, ESET Online Scanner, Sophos, EmsisoftEmergencyKit, Defogger, MiniToolBox, FRST (Logs), and FixTDSS (Unsuccessful) - and I plan to run TronScript soon. (I also ran these programs in SafeMode w/ Network) Everything seems to be normal now, except that I'm having problems running TDSSkiller, JRT, ComboFix, Malwarebytes Anti-Rootkit (Missing DDA driver + "The system inaccessible seems inaccessible or encrypted. Scan cant continue"), BitDefender, and some other normal programs such as Razer Synapse. They ask for admin privileges, but they never open afterwords. While I'm not very experienced on this topic, I believe it may be a program/virus denying me access. I'm willing to simply wipe my drives (SSD w/ win10, HDD for storage), but that's the last resort. If you could help, I'd greatly appreciate it. Thank you to anyone who reads/replies to my thread! Addition.txt FRST.txt MB Scan.txt -
Hello. I seem to be unable to remove the riskware.bitcoinminer. It comes up as WindowsUpdate.exe. I try to remove it using malwarebytes but it won't go away. I scanned, quarantined it and removed it but I still kept getting notifications every minute that it was being quarantined. It picked up one time on scan, but once I removed it after I did a scan, it won't pop up on a scan again. it just shows the notification of riskware being quarantined every minute no matter what i do.
-
Hello, before all, sorry if my english is bad. I've downloaded antimalwarebytes to find something wrong in my notebook because i'm having problems in some games and in web surfing. the scan showed me four malwares but i can't remove them and i'm scared to remove important files from my pc for error. i've followed the instructions of the topic "I'm infected - What do I do now?" and i'm now posting the results of the scans FRST and Additions. I hope you can help me, thank you. Addition.txt FRST.txt
-
Hi everyone in the forum, i installed a package which contained virus as when the installation process was starting..... application were installed out of nowhere ( no intention), so i went to safe mode and ""threat scanned"" with Mbam and with mcaffee virus (normal mode) i discovered yesterday which i did not see before, that lux.exe is bitcoin mining the GPU and using lot of CPU, another thing i saw is that a bunch of scripts unknown to me are hidden in my C/....Appdata ...../Roaming directory. How do i remove all these, thinking deleting the files wont help at all.. ( windows 10 home, 64-bit OS) i firewalled torrentz and followed these steps... < https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ > Addition.txt FRST.txt Mbam log1.txt
-
DON'T PAY RUSSIAN CRYAKL RANSOM - YOU WON'T GET YOUR FILES BACK If you pay the typically demanded 3 btc (US$12,000) then they'll say "Pay full price 5 btc", US$20,000 and even if you pay that you still won't get your files back. CL 1.3.1.0.id-@@@@@7491-11C2.randomname Above is the latest version from Russian criminals which changes your file names and starts with the email to contact them. Typically the email is from aol.com (eg email-magna_bellator@aol.com) or india.com (eg zaloha@india.com). They will ask for 3 bitcoin today and 5 tomorrow. What do you think happens when you pay 5 bitcoins ..... the price goes up again. I encourage you to contact the FBI to track them down and your state Senator in the US and put pressure on AOL to stop assisting these criminals.
-
I am kind of seriously frustrated. I did report false positive IP addresses before for Geth.exe (Ethereum) and Parity Technologies ( https://parity.io/ ) I can't just report a couple of Ips that I added to the exclusion list... because I think that the applications calls a lot of different Ips. Since it's P2P.... I am doing Blockchain development with ETH and when I'm in my powershell I keep seeing Blocked Ips every single sec. So I have to quit Malwarebytes to continue my work. It's so so so so so so annoying. I added the applications to the exclusion list, VIA folder. It still gives those annoying popups. I hope someone investigate what Ethereum is. Do you care?
-
I was trying to create a Jaxx bitcoin wallet using the Jaxx Chrome extension and Malwarebytes blocked its access to btc.blockr.io Everything I have read leads me to believe this is a false positive. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/8/17 Protection Event Time: 11:41 AM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.103 Update Package Version: 1.0.2111 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: btc.blockr.io IP Address: 104.16.148.172 Port: [63085] Type: Outbound File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (end)
