Jump to content
elementaos

Extremely Bad Virus or something

Recommended Posts

Uses 100% of my CPU and can't be detected as process on Windows 10 task manager. It autodeactivates when task manager is opened. Can be detected as connection using Proxifier or as process or command line using Procmon.

miner type virus probably.jpg

Share this post


Link to post
Share on other sites
https://minergate.com/

"Cryptocurrency GUI miner 8.1 & Mining Pool"

Share this post


Link to post
Share on other sites

Hi elementaos :)

Do you need help in removing the infection from your system as well?

Share this post


Link to post
Share on other sites

Screenshot was taken before removing it. It reappeared in some other app later so i removed it again. Comes in various software, most commonly with warez.

Share this post


Link to post
Share on other sites

Hello @elementaos

Let me have you run the following please.

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Well, I removed that mining virus manually from temp folder long time ago, and few processes from startup. But few days ago i tried to illegally activate windows 10 using kmspico from google search results, and all such software was fake. Removed it but looks like it left something. Later I found original kmspico on mydigitallife forum. I quarantined these files now.

summary.txt

Share this post


Link to post
Share on other sites

It is/was not a virus.

All viruses are malware but not all malware are viruses.  If you had malware, they are trojans.

 

Share this post


Link to post
Share on other sites

Okay I'll go ahead then and close your topic since you don't appear to want further assistance and discussions of stealing software are not permitted here.

kmspico has 1 purpose only. Theft of software from Microsoft.

Thank you

 

Share this post


Link to post
Share on other sites

Since this issue is resolved the topic will now be closed to prevent others from posting here.

If you need assistance please start your own new topic and someone will be happy to assist you.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.