Search the Community
Showing results for tags 'monero mining virus'.
Hi, I have a problem in my windows pc with a site "monerohash.com", which I never visited and didn't know its existence before now (I apologize for my bad english, I'm from Italy🇮🇹 ). Every 30 seconds malwarebytes blocks a connection to that site (that I didn't asked for) telling me that the infected path is located in system32 (I will attach the notification here). Can someone please tell me how to fix this? I am really afraid about it. Thanks.
Dear Malwarebytes Team, My 2y old Laptop is totally overheating for no easy to discover reason. (I carefully opened, cleaned and reassembled my laptop to make sure ventilator and heatsink are in 100% clean condition.) I believe i have a nasty malware on my system. My Laptop HP Pavillion Corei5 4200 ULT bought in Oct. 2015 with preinstalled Windows 8 upgraded to 10, 1709, mechanical drive swapped to SSD with 555MB/s R+W. Using Core Temp v1.1 to analyze my system in idle and under heavy load I could find the temperature of both cores rising up to 100°C as soon as I start any application. The CPU maximum load was capped at 50% and dropping to 30-45% by breaching TPoint 100C every couple of seconds. I used the rootkit scanner GMER and could see my hard drive showing an unknown Master boot record entry. (No fixes done) I found another post here which recommended to use RogueKiller which could help me to detect and delete some Malware. RogueKiller found 1 folder and three executable files of an already uninstalled Bitcoin Mining Software. (Minergate, classified as Malware) I used RogueKillers function to disinfect me system. Odd seems to me that me having a BTC Mining Software trial is already about a month ago and also the creation time stamps of the folder and the .exe showed up dating accordingly about a month ago, yet I actually had no performance issues in that time since - until a couple of days ago the overheating issue came down on me while gaming. Sadly me laptop still tends to overheat and it seems to be disinfected only partially. I found "Windows Modules Installer Worker" service causing some 30% load to me CPU in idle and causing it to run 96-97C nearly meeting TPoint (100C) whenever I run any application. Manually ending the Windows Modules Installer Worker via Taskmanager made the core values return to normal. Another time at the same day after I had already used RogueKiller for disinfecting, I found the "comsurrogate" service running twice by checking on the Taskmanager during gaming "Warcraft III" Manually closing the service improved the games performance - restoring normal conditions to the game operation. Of the two comsurrogate services only one had the signficant CPU load and 50% of memory consumption, the other showed permanent idle and 0% memory consumption. The initial overheat issue occurred out of nowhere while gaming online. While gaming online a very old game title "Warcraft 3" (min req. PII-233MHz MMX, 16MB 3D) me laptop unusually started the fans on high speed and the game showed extremely low frame rates. Me laptop got a dedicated grafix card Nvidia GeForce 840M 2GB GDDR5 which I use for hardware acceleration by standard. The game uses TCP and UDP ports 6126 and is known to enable malicious players to somewhat hijack other players systems, usually to manipulate games to their favor. Mostly the aim is to force others to disconnect from the game, or slow the connection of players over the game time (by redirecting their game network packages with some altered addressing) in order to gain an advantage in ingame resource flow. (RTS game, similar to LOL and DOTA) As a player with a huge lack in coding and understanding in depth network technologies I have to live with a certain percentage of manipulated games and frequently rebooting the game, but there has never been such a persisting thermal issue ever so far. Nowadays intentions and motivations may have changed, I just read an article about a Monero Mining Virus and I am now trying to bring things together. Ironically another player told me that he believes that his pc had been hijacked for crypto mining just minutes before my laptop started showing thermal issues and a massive lack of computing performance. Can someone here please help me and guide me through how to further identify possible threads and clean my Laptop again, like i've seen you were about to help another member called Kevin, having similar problems in another post? I could manage to run FRST64.exe and I am ready to send you the two files it created as scan result (running the app standard settings). Thank you for your attention and also - Thank you already in advance for your advice. I do highly appreciate your help. With best regards from Australia, Thomas