Search the Community
Showing results for tags 'coinhive'.
Found 4 results
My cp usage will randomly spike to 15-20 per cent usage while idle, help me please thanks in advance
Greetings, I believe it started somewhere during this week or last, i'm not completely sure. At first i noticed that some of the tabs i was visiting didn't have the page title but the url between quotes. I was busy with work so i ignored it off as a chrome bug or something. Since i work as a webdeveloper, it's normal for me to sometimes go F12 and check JS console, then i noticed... Sometimes, when i load a website, the website gets loaded on a frameset, with a cryptojacking on the header. Check attached image. Thankfully, this alone doesn't do jack to me since i use Minerblock, plus i also have a lot of 0.0.0.0 redirection to known coin miners websites on my hosts file. At first i thought the obvious: Somehow i've got a rogue extension or cookie, easy. I cleared up chrome using google own instructions. But then i noticed it still happened. Also happens on firefox, IE, every single browser, even steam in-game browser is suffering from this issue. It IS a problem for mainly 2 reasons: 1) Even if i have the miner blocked, how can i be sure it's not doing something else to my computer, like tracking data before messing with the source code? 2) It's problematic and disruptive. Sometimes, every single connection i make, on a browser, on a game, gets randomly denied. i try again and it works. It's making me unable to do my work correctly; I tried running Malwarebytes, ADWCleaner, Hitman Pro... Nothing seems to stop this. Then i proceeded to my router, as it seems to be a networkwide issue; My ISP uses two DNSs: One of theirs and one from google. I proceeded to remove theirs and use only the google ones. Then i restarted router and PC. Same. i disabled uPnP, i shut down every port forward i had. i made sure both router and windows firewall were enabled. I made sure there were no Remote access enabled. I checked if there were rogue users on my router. Nothing. I have no idea what else to do. I've searched on google, didn't find any results related to what i'm facing specifically. I usually don't go out on forums asking for stuff like this, but honestly, i need help. I have lots of honest work to do and this thing is causing me a hassle bigger than it should. Extra things to add: - No, i dont have another computer to test under this network. Later today i'll ask my neighboor to connect to my wi-fi and see if the issue happens in there. - It seems to happen with every connection, even inside a game or when i'm making an ajax call, it just DIES randomly due to this stupid malware changing the header information; - SOME websites seem to be "immune" of this: Facebook, Google and Youtube. And no, it's not because https, i've seen it happening with some https websites too. - Before this happened, i remember my internet having random disconnects, i called my ISP and they said they were making maintenance. i wonder if it is possible for an ISP to do such a thing? And yes, trust me they could easily do it without consequences due it being a local town ISP where most people don't care about security issues. But i dont want to accuse them before being completely sure; - Everytime i turn on my computer, the connection icon says it's "without internet access" while it clearly works. Then after a few minutes it becomes normal. This wasn't a behaviour i've seen before this issue existed; - I tried loading my windows on safe mode with network. Same issue happens in there. One extra fun thing: NOW my router admin showed 2 connections on DHCP., Mine and an "Unknown" one. I disabled DHCP. The malware still works. - Before you ask for my FRST.txt, i'd rather not to. But if it's REALLY necessary, please provide me somewhere i can post it only for admins. It contains a lot of customer files that were trusted to me and i cannot even let people see their titles. There are too many for me to edit them out too. But if possible, i'd like to not post that. I believe that's all. Please give something for me to work here. I have no idea what to do.
FWIW if it helps someone. Sorry I can't find the string(s) I was in originally. Had a problem with the coinhive mess, but I didn't know it. Machine slowed to a crawl and task manager showed chrome using more than 80% of CPU. Used adw, FRST, eset, malwarebytes, CC, researched for eons. Tried everything written on this subject here and everywhere else. Nothing. Only a problem in chrome. So bit the bullet and removed all addons, etc from chrome... went away. Started adding things back. Turned out, AdRemover FOR chrome was the culprit. Would never have known the miner was there if not for malwarebytes warning me of the problem. It couldn't remove it I suppose since it's a "legitimate"? program? At any rate, my i7 with 32 gigs of ram and an nvidea 930 once again runs like an i7 with 32 gigs of ram and an nvidia 930.
As requested on https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/ find attached the FRST and Additons logs. I'm not attaching a Malware Threat Scan log since the software says there are no threats, however, every time I open Google Chrome, Malwarebytes detects this "coinhive". Thank you in advance for all your help. Addition.txt FRST.txt