Jump to content

Bitcoin miner virus removal, MWB failed to detect


Recommended Posts

I downloaded a fairly unassuming torrent a few days ago for a major game release, and installed it as normal. 2.5 days later, I start up my PC and immediately notice on MSI Afterburner that both my GPUs are running at 99% load, when I have no games running at all.  I closed all background programs, including Steam, and looked through my task manager for suspicious processes.  Sure enough, I found a steam.exe running, and when I closed it, my GPU load dropped to zero on both cards. This was obviously a bitcoin miner.

 

After a quick Google search, I found that this is a pretty common practice.  The fake steam.exe hides in C:\Users\<username>\AppData\ somewhere.  I found it in ...\AppData\zombies\Reversed\.  The "Last Modified" date was the same time as I had installed the pirated game.

 

I deleted the folder entirely, as I did with the scheduled task in C:\Windows\System32\Tasks\ that began with "Steam-" that it had created to start itself.

 

However, before I did so, I scanned this folder with both MalwareBytes and Microsoft Security essentials directly using the right-click menu option, and each time they said that no malicious items had been found.  So naturally, I have a few questions.

 

(1) Have I done enough to remove the miner?

(2) Why did neither MWB nor MSE catch this when it was (a) loading up my GPU, or (b) when I told both programs to scan the folder in AppData?

(3) Is it possible that a keylogger was implemented in this program, or that my passwords for Steam, LastPass, etc. have been captured somehow?

Link to post
Share on other sites

  • 3 months later...
  • Root Admin

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.

Thank you and sorry we missed your topic.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.