Jump to content

Bitcoin Miner virus


Recommended Posts

Hello, everyone.


As the title suggests I've caught up one of these. They're the ones that utilize your GPU at almost 100% when the computer is idle to mine for coins for someone else over the internet. I've gotten not too small a number of these up until this point and always used Malwarebytes to clean them up quite effectively (I believe the category was something along the lines of Heuristics/Shuriken). Not this time, though. Malwarebytes (latest stable version 1.75 + latest virus definitions) seems to pick up nothing - it would usually detect the culprit file, its memory process and a registry key, but this time around it doesn't detect anything ("No malicious items were detected"). I can see the process of the file in Task Manager (its name is gog.exe (32 bit)) and that it also has a startup entry with the same name. I also right-click on the file and choose "Open file location" and see it's been nested under Appdata/Roaming. How do I effectively remove it? I can probably delete it manually but how can I be sure it won't get back, how can I be sure it doesn't have a back-up file somewhere else? It's quite a mystery to me why Malwarebytes won't detect and delete it - never happened before...

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.



Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)



Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Sorry I'm replying so late, but I actually managed to get rid of it by using Emsisoft's Emergency Kit. It contained a portable scanner which removed the bitcoin miner.


I'm really surprised Malwarebytes couldn't detect it. In all my previous run-ins with those miners it'd usually eat them for breakfast. But, I'll definitely continue on using Malwarebytes - it has performed quite well so far and one minor hick-up such as this one doesn't mean anything. :)

Link to post
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.