Jump to content

I think I have a Trojan - Crypto Miner Virus running on my computer


Go to solution Solved by AdvancedSetup,

Recommended Posts

This issue began happening today, where I noticed that my computer was running unusually slow and my programs opened up with a 1-2 minute delay. 

I opened TaskManager to see if I could spot any issues, and sure enough, my CPU was hovering at 96%. After 30 seconds or so, however, this number went down to it's normal level, 30-40% with minimal programs open (only chrome with 2 tabs). To test, I kept opening and reopening the TaskManager and sure enough, the CPU usage went down every, single, time, and always went down from 96%. I did some research and I'm extremely sure that I've downloaded crypto-mining software that mines in the background. 

I downloaded Malwarebytes, Avast, and ran full scans on both programs and had no luck. No issues detected at all. Also, I don't think I have the technological background to manually find this virus, so at this point I don't know what to do. 

If anyone has suggestion on what I can do, I would be super happy, because I have school and my zoom meetings have crashed numerous times because of this issue. 

 

 

malware.jpg

Link to post
Share on other sites

I appreciate the response, but no suspicious programs are in my task manager. I've looked through 4-5 times, and there's nothing out of the ordinary.

What pisses me off, is how quickly the virus works. My task manager will be hovering at a constant 96% and as soon as I open the task manager, it goes down to 40% within half a second. 

 

I

Link to post
Share on other sites

I was also reading through, and ran the Farbar recovery system as mentioned by the forum introduction. 

I've ran malwarebytes twice, and it's detected no issues at all from the system. Nothing quarantined, nothing deleted, nothing. 

This is insane, I disconnected from my zoom class during the exam, and it's happened 2-3 times before that. Everything is really slow and apps like discord and steam take 4-5 minutes to open. 

Addition.txt FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello @Riley23945

Please go to Control Panel, Programs, Uninstall and uninstall the following software

Bonjour
Java 8 Update 141

 

What exactly is mDNSResponder.exe? (Bonjour)

https://www.groovypost.com/howto/howto/what-is-mdnsresponder-exe-and-why-is-it-running/

MDNSResponder, also known as Bonjour, is Apple’s native zero-configuration networking process for Mac that was ported over to Windows and associated with MDNSNSP.DLL.  On a Mac or iOS device, this program is used for networking nearly everything.  On Windows, this process is only necessary for sharing libraries via iTunes and other Mac applications like the Apple TV that were ported to Windows.  Bonjour allows different computers running iTunes to communicate with each other regardless of network configuration, this is because it enables automatic network discovery.

What Is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?
https://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 

The FRST scan actually did not complete fully - probably due to Avast stopping it is my guess. Once done with the above removals please restart the computer again and disable Avast temporarily and run FRST scans again. Make sure to place a check mark in the Additions.txt checkbox and attach both new logs.

Thanks

 

Link to post
Share on other sites

Did some more research and asked an immediate relative, apparently the 96-100% Task Manager reading is a graphical error and something completely normal when opening up new applications on a 3-4 year old, though top of the line laptop. 

 

Got carried away and became worried over a non-existent issue. 

Thanks for the response anyways. 

Link to post
Share on other sites

  • Root Admin

No harm in checking though, just to make sure @Riley23945

STEP 1

Let me have you run a different scanner to double-check. I don't expect it to find anything, but no harm in checking.

I would suggest a free scan with the ESET Online Scanner

Go to https://download.eset.com/com/eset/tools/online_scanner/latest/esetonlinescanner.exe

  • It will start a download of "esetonlinescanner.exe"
  • Save the file to your system, such as the Downloads folder, or else to the Desktop.
  • Go to the saved file, and double click it to get it started. 
  • When presented with the initial ESET options, click on "Computer Scan".
  • Next, when prompted by Windows, allow it to start by clicking Yes 
  • When prompted for scan type, Click on Full scan 
  • Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.
  • Have patience.  The entire process may take an hour or more. There is an initial update download.
  • There is a progress window display.
  • You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
  • When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
  • Click The blue “Save scan log” to save the log.
  • If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
  • Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

STEP 2

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

Please let me know the results of this scan.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your next reply.

 

Thanks

 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin
  • Solution

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.