Jump to content

Search the Community

Showing results for tags 'bitcoin'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. So I got this email The attached HTM is this <frameset onload="document.location.href=window.atob('aHR0cHM6Ly90cmFja2VyMjAyMS5tZS81aDl3eWg/MTU2MzIxMTgzNDcyMTM0MTI0IA==');" /> That is a base64 string that decodes to https://tracker2021.me/5h9wyh?156321183472134124 I did request this through Postman and noted it's a page with text about Elon Musk helping you get rich or something, basic elonscam give me 0.0005 bitcoin i'll give you 0.05 bitcoin but I'm unconfortable with how basic this seems, I'm thinking there's more to it, can someone help? I see some google analytics scripts and some other tracking scripts such as facebook's, is there anything else here? I did accidentally open the thing on my browser but closed it right away
  2. hello everyone, i want to keep this short so i have the same problem as this guy AdwCleaner[S01].txtAddition.txtFRST.txtSCAN.txt i downloaded IDM (internet download manager) from a shady website...etc...etc, so just like kevinf80 asked in this topic, i will attach the txt files here, thanks in advance!
  3. Hi. I've been noticing high CPU temperatures and fan speeds on my laptop (which I recently cleaned and reapplied thermal paste to). Every time I open the Task Manager, the CPU usage is on 50 - 90% for a moment but immediately drops down to 5 - 10%. I'm suspecting this is a bitcoin miner virus, mainly because the symptoms are identical to what was described in this thread. Should I follow the same steps given to the person in that post? Thanks in advance for any replies. (My system is an XPS 15 9560, Intel i7 7700HQ, Nvidia GTX 1050, 8Gb RAM, Windows 10 Version 2004)
  4. When I open up my task manager it shows my cpu running at upwards of 50 percent and I am not doing anything on my computer I have run a custom scan using malwarebytes and scanned for rookits and gone through archives it found 12 detections but the problem still ensues. I am not sure what to do to resolve the problem.
  5. Everything was working fine until a few days ago i copy and pasted my BTC address but it came out different and sent some phisher like 5 bucks i thought i was being stupid and copied a random address so i didnt worry about it until today i found out its a real problem and i need help fixing it
  6. I just built my new PC a few days ago and i went out of my way to buy all new components except my GPU which is second-hand. I scanned my system with malwarebytes and got a lot of adware and two Trojan bitcoin miners that are located in my registry. My problem is that after every scan i get the same malware so it seems that quarantine doesn't help. I tried locating them manually with RegEdit but i cant find anything. I watched a lot of videos on my issue and all of them suggest using Task manager and MSconfig (for startups) but there is nothing out of the ordinary. If anybody can help i i would be really grateful. Thanks in advance! -Strahinja I have provided pictures of my search history.
  7. I have a problem. Today I have noticed that my CPU runs at 100% until I open task manager. I know, there were similar topics on this forum but unlike these virus didn't go away. Malwarebytes detected the virus and it says it has removed it but it's still happening. I tried using system restore and went back 8 days but it's still there. (Kinda impressive) I really hope you can help me.
  8. So I've been having this problem for the last few days, my PC was pretty slow so I ran malwarebytes and it found a lot of stuff, then got rid of it but they came back with every reboot so I started looking into solutions online, I guess I've managed to get rid of a few of them by running a lot of different cleaning tools but "conhost.exe" always comes back after reboot. There was also some exes called lsmose and mysa1 mysa2 and mysa3 which I found out online that are bitcoin miners. I can stop the conhost manually by stopping some processes but it comes back after every reboot so I would really appreciate some help. I already ran FRST and attached the files, also not sure if this changes anything but these are the cleaning tools I used: malwarebytes, hitmanpro, roguekiller, mbamantirootkit and combofix FRST.txt Addition.txt
  9. hi everyone i am Rodolfo Gilliland. i am new on here...guys let's introduce with each other
  10. I have recurring problem during transacting bitcoin from one wallet address to another wallet. My problem is i cant copy the exact address that i have and when i copy paste to all platforms like ie messenger, notepad, word the same wallet address will always puff up. I tried to do some testing by copying partial of the wallet address and then paste again another portion which it was successful in notepad. After that I tried to copy and paste the address many times on the same notepad without any problem. But when i tried to copy and paste in the messenger, the first attempt of pasting it, it give me blank- i cant paste it. But on second attempt the same wallet address puff up again. I tried to do some research and they told me to have virus scan using malwarebytes to which i have a premuim subscription. I tried to scan using malwarebytes but it always gave me zero detection. I even bought Kaspersky total security and have a full scan still no detection. I tried to restart my laptop but still the problem persist. Pls do help because this matter gave me headaches. Thank you.
  11. Hi, I get this famous RiskWare.BitCoinMiner on my server Windows 2016. I don't now how cause it was a fresh installation. fresh installation because the first one was infected with the same malware. it's a poison i don't know what i can do... I take Malwarebytes, so i make a first scan on the server, he find RiskWare.BitCoinMiner, and remove it. good for now... But the riskware back again, and now, malwarebytes find nothing. The place of rundll32.exe who use processor : C:\Windows\Microsoft.NET\rundll32.exe This malware kill my server, i try lots of thing for remove that and i don't find useful tips. Thanks for your time and your help. Sorry for my english, i'm french. Addition.txt FRST.txt malwarebytes_scan.txt
  12. Hello there, new to the forums for Malwarebytes. Above is a picture of the recurring problem that has been happening for the past few weeks now. This started when my younger brother installed many freeware and software for video games (including shady websites for hacking video games). Now the laptop (A Razer Blade GTX970M) has been sluggish for quite some time now. Scanning with the anti-malware kept finding this program which could not be removed simply. Quarantining it doesn't keep it quarantined, instead it changes its file name to something else. My father and I have been trying methods to get rid of the virus but to no avail, we couldn't. I am now simply asking help on how to get rid of this virus. Thank you to those who will help.
  13. Hello! When i start my computer and check task manager then i see that something called vgost or something with tools picture takes the most cpu. I end task always and find the location first and delete it, but it always come back! Can anyone help me with this? Last time i deleted 5 of those with malwarebytes, but they come back after restart. Can anyone help?
  14. FWIW if it helps someone. Sorry I can't find the string(s) I was in originally. Had a problem with the coinhive mess, but I didn't know it. Machine slowed to a crawl and task manager showed chrome using more than 80% of CPU. Used adw, FRST, eset, malwarebytes, CC, researched for eons. Tried everything written on this subject here and everywhere else. Nothing. Only a problem in chrome. So bit the bullet and removed all addons, etc from chrome... went away. Started adding things back. Turned out, AdRemover FOR chrome was the culprit. Would never have known the miner was there if not for malwarebytes warning me of the problem. It couldn't remove it I suppose since it's a "legitimate"? program? At any rate, my i7 with 32 gigs of ram and an nvidea 930 once again runs like an i7 with 32 gigs of ram and an nvidia 930.
  15. PC got infected with an extremely hard to remove malware. It keeps creating a fake conhost.exe file in Windows/SysWOW64, as well as fake Adobe folders in AppData/Local. No rootkit/AV/Anti Malware program has been able to detect it. It starts up shortly after the PC boots, and its presence is known as soon as MalwareBytes blocks the RiskWare.BitCoinMiner process while doing live scans. The source of this process still cannot be found/cleaned, only the BitCoinMiner process it starts up every hour or so. It will close a majority of programs that run with cmd prompt, will close the browser when trying to search for specific keywords, and tries to blue screen if the user attempts to close or restart the PC. It doesn't seem to run in safe mode. After the malware "starts", FRST keeps getting closed whenever I try to launch it. Should I try to get the logs as soon as my PC boots (before the malware has a chance to start up), or should I get the logs in safe mode? Any help is appreciated!
  16. Hi, I managed to download a bitcoin miner while downloading mods for GTAV, and no matter how many times I scan using malwarebytes it won't go. After the system restart it persists and slows my PC down so much that it struggles with even CS:GO. I can't download FRST or RogueKiller because as soon as I type it in any browser, the browser closes as if the malware is closing it before I can use either tool to kill it. Please end my suffering lol
  17. Hi guys. I recently started to notice that whenever I play a game, any game, I get a smooth 120 fps but then after a couple of minutes it drops to about 20 to 10 fps. I found out after some time what the problem was. When I opened task manager I could see that 2 processes are using like 90% of my gpu. They were called csrss.exe (Client Server Runtime Progress) and Desktop Window Manager. I did some research as to why they are doing this and some stuff I read said that it could be a bitcoin generator or something like that. It happens with every game I play. Csgo, Fallout4, you name it. The funny thing is when I am in game, I guickly alt tab to task manager and then for a good 2 seconds I can see these 2 processes use like 90% of my gpu, but then it immediately goes down to 1% after these 2 seconds. Can someone please tell me what the problem is and if it a malware?
  18. Hello, I scanned my computer with the free version of malwarebytes and the scan came up with a few infections. I deleted these files and the registry entry in both regular and safe modes but it seems that they are being created each time the system is booted up. Attached is a screenshot of the scan results and the infected files. I'm running Windows 7 Home Premium 64-bit. Any help on how to get rid of these? Thanks!
  19. For quite some time I had CPU usage issues that appeared to be coming from the WMI service. I figured out a workaround which was to shut down the service called "WMI" but this wasn't ideal as it would need to happen on each reboot. I have also discovered a service called NVU which claims to be NVIDIA driver updater but I suspect it is also fake. Today I figured out that WMI was a Bitcoin Miner virus and I was able to find the associated files. I could have removed them manually but I got Malwarebytes to scan and remove them for me. On reboot now, my CPU is back to normal and those questionable files are gone. However, the WMI and NVU "services" still appear in the list of local services. I can no longer start or stop them (just get an error) I'm just wondering how to remove the fake services.
  20. Now many Hacker targetting Bitcoin / Cryptocurrency. as it can make Big money Some try to Install malware in our computer such as https://www.cylance.com/en_us/blog/threat-spotlight-cryptocurrency-malware.html I hope malwarebytes pay more attention to this kind of malware
  21. Need help on removing this virus on my laptop. I think there are still other viruses so I need all the help I can get. Since I already ran malware bytes the only persisting problem is the riskware.bitcoinminer. For some reason it can't be removed and it also clogs up the quarantine on malware bytes. Addition.txt FRST.txt
  22. Hello, My name is Ethan and I'd like to request help with malware/rootkit/ad/etc removal. To give you some background, I recently got infected with THIS file. It changed my browser, redirected pages to "eatyellowmango. com", changed file names to ".bat", installed bitcoin miners, 100% CPU usage, and much worse. After 10+ hours of running every AV program I knew, it's mostly gone; but I'm still having issues with what I believe is "Adware.Yelloader" and rootkit(s). I've also gotten a BSOD message three times, saying "irql_not_less_or_equal", but that stopped now. So far, I've ran the following programs: Rkill, Malwarebytes, Chameleon, Zemana, AdwCleaner, HitmanPro, SUPERAntiSpyware, Webroot SecureAnywhere, AVG, Avast, ESET Online Scanner, Sophos, EmsisoftEmergencyKit, Defogger, MiniToolBox, FRST (Logs), and FixTDSS (Unsuccessful) - and I plan to run TronScript soon. (I also ran these programs in SafeMode w/ Network) Everything seems to be normal now, except that I'm having problems running TDSSkiller, JRT, ComboFix, Malwarebytes Anti-Rootkit (Missing DDA driver + "The system inaccessible seems inaccessible or encrypted. Scan cant continue"), BitDefender, and some other normal programs such as Razer Synapse. They ask for admin privileges, but they never open afterwords. While I'm not very experienced on this topic, I believe it may be a program/virus denying me access. I'm willing to simply wipe my drives (SSD w/ win10, HDD for storage), but that's the last resort. If you could help, I'd greatly appreciate it. Thank you to anyone who reads/replies to my thread! Addition.txt FRST.txt MB Scan.txt
  23. Hello. I seem to be unable to remove the riskware.bitcoinminer. It comes up as WindowsUpdate.exe. I try to remove it using malwarebytes but it won't go away. I scanned, quarantined it and removed it but I still kept getting notifications every minute that it was being quarantined. It picked up one time on scan, but once I removed it after I did a scan, it won't pop up on a scan again. it just shows the notification of riskware being quarantined every minute no matter what i do.
  24. Hello, before all, sorry if my english is bad. I've downloaded antimalwarebytes to find something wrong in my notebook because i'm having problems in some games and in web surfing. the scan showed me four malwares but i can't remove them and i'm scared to remove important files from my pc for error. i've followed the instructions of the topic "I'm infected - What do I do now?" and i'm now posting the results of the scans FRST and Additions. I hope you can help me, thank you. Addition.txt FRST.txt
  25. Hi everyone in the forum, i installed a package which contained virus as when the installation process was starting..... application were installed out of nowhere ( no intention), so i went to safe mode and ""threat scanned"" with Mbam and with mcaffee virus (normal mode) i discovered yesterday which i did not see before, that lux.exe is bitcoin mining the GPU and using lot of CPU, another thing i saw is that a bunch of scripts unknown to me are hidden in my C/....Appdata ...../Roaming directory. How do i remove all these, thinking deleting the files wont help at all.. ( windows 10 home, 64-bit OS) i firewalled torrentz and followed these steps... < https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ > Addition.txt FRST.txt Mbam log1.txt
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.