svchost.exe bitcoin miner - Resolved Malware Removal Logs ...

Bitcoin Miner malware, detected with Malware Bytes but I believe it's still hidden somewhere.

so a few days ago I did something stupid and tried to torrent a game for the first time and ended up installing a Bitcoin Miner onto my PC :/ It was very obvious that it was malware as it quickly seemed to hijack Google Chrome. I scanned with Windows Defender but nothing was found so I checked out the sticky post on here and got a trial of Malware Bytes, which detected the malware and quarantined it, then I removed it. I really thought it was that simple but I think it's still there. I had Spotify playing music on idle and got curious, did CTRL + ALT + DELETE to open up Task Manager and quickly saw my CPU % shoot down from 100% to 2% - %5, which is what it's been sitting at when I'm using it right now.
Other than that, there are a couple of weird things that make me think the virus is still there:
  1. Programs keep getting Suspended status in Task Manager (this is happening to Malware Bytes and Google Chrome), which never used to happen before. This a brand new PC I built in January so it shouldn't be doing this that often. I tried to open Malware Bytes now to scan again and it just froze on "Not Responding" and I can't seem to close it...
  2. There is a strange "Suspended" background process in Task Manager that uses up 3.6MB of memory. Here's a screenshot of what it looks like: http://prntscr.com/lchp1w :(
  3. When I right click ^ "open file location" on the suspended process and the 2 others below it, the location I get is C:\Windows\SysWOW64 and it's titled svchost.exe, which I read is a normal Windows process but there are A LOT of them running in my Task Manager right now
  4. All the other svchost.exes are under C:\Windows\System32, which I read is fine. Does this mean that the one in SysWOW64 is malware/infected?
As per the stickied thread, I ran rkill.com and turned on "scan for rootkits" in my Malware Bytes trial, and also ran the ADWCleaner. I did all of the above after I had originally removed the malware with Malware Bytes, so all these second scans didn't detect anything. Is there anything else I could do to actually detect the malware and remove it?
EDIT: Google Chrome keeps not responding, same with Malware Bytes. Can't uninstall Malware Bytes and Firefox stopped responding too. Writing this on my phone since I turned everything off briefly after writing this post, since my mouse started moving extremely slow and a repetitive beeping sound started coming out of my speakers. I swear it was like whatever infected me detected whenever I looked up information on malware removal and visited this subreddit ...
submitted by rsarector to techsupport [link] [comments]

At my wit's end with virus removal

So I have at least one virus on my computer. The one I know of is some sort of bitcoin miner, I know this because my gpu usage is constantly at 100% and the fan goes crazy as well as hitmanpro categorizing files with names like bitcoinminer.
I have managed to remove every suspicious file I could find and ran antivirus and antimalware until they couldn't detect anything else but the virus keeps coming back.
The main places I think the virus is focused around are the ~C:\Users\Tony\AppData\Local\Temp~ and ~C:\Users\Tony\AppData\Local\WinSXS~ folders.
I have booted into safe mode, deleted everything in the temp folder, and gave myself permission to delete the WinSXS folder. Every time I boot normally the WinSXS folder just comes back. I know something is up with this folder because rkill always terminates it as well as the other antimalware not liking it.
When I normally boot there is a folder in the temp folder with a name that's just random strings of numbers and letters that I can't delete. It says it's open in another program. I searched the folder name is the resource monitor cpu tab and it was associated with svchost.exe and a couple other things. I'm wondering is the virus is somehow tied to svchost.
So here's a rundown of the steps I've been taking (repeatedly) to try to take care of this.
  1. Boot into safe mode (by switching my psu off then on to get to the boot menu)
  2. Show hidden files and folders
  3. Delete everything from the local\temp folder
  4. Delete unknown files from C:\\ProgramData and C:\Users\User\AppData\Roaming
  5. Remove any weird keys from HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  6. Empty Recycle Bin
  7. Run rkill
  8. Run adwcleaner
  9. Run malwarebytes (with rootkit checker)
  10. Run Hitmanpro
  11. Run combofix
  12. Run the trojan remover from https://www.simplysup.com/
  13. Reboot computer normally
  14. Run malwarebytes, watch as it finds the same walwares as a million times before
  15. Listen to my fan speed fluctuate like crazy
  16. Run rkill, it kills a WinSXS process, which does nothing
  17. Cry uncontrollably
So uh, what the hell should I do?
OS: Windows 7
submitted by Froggyfrogger to techsupport [link] [comments]

At full speeds my fans make a lot of noise. Am I the only one? How to fix?

My PC surpasses all the recommended requirements by a large margin, but when I set the full speed (5) it starts making as much noise as an airplane turbine. I have to say that some time ago I suspected having a bitcoin miner on my pc and proceeded to remove it, and sometimes after svchost.exe gave me cpu problems, but it should be fine by now.
submitted by granmaestro01 to hoi4 [link] [comments]

[BitCoin Miner Virus] Need assistance in it's removal.

Hi All,
I am a fully qualified Support Tech and have managed to download myself a BitCoin Miner Virus (or what I believe to be) on my Personal/Gaming computer.
How: Torrented FIFA 15, Installed It, Issues Ensued.
What: There are 2 processes that start up on boot, they are disguised as system processes:
svchost.exe
lsass.exe
They are located in the C:\Windows\Temp folder. I can kill the processes without issue and remove the .exe files, but they return on boot.
What Do They Do:
svchost.exe = runs CPU at 75%
lsass.exe = run GPU at 100%
I disconnected the internet to see if it was a BitCoin miner but they stayed @ 100%. Possibly disguising what they actually are.
What Have I Done So Far Result
Killed Processes, Deleted .EXE Processes die without issue and .EXE's delete immediately, but they return on Reboot.
Ran Malwarebytes... twice Located the problem .EXE files and removed them, also located some more versions located in IExplore/Temp directory and deleted but issue is persistant
Found and Removed Suspect Registry Entries There werent many but I search for SVCHOST and LSASS and located afew registry entries attached to FIFA15 installation keys and removed them
Followed Steps on this Reddit Entry: http://bit.ly/1GNgUaZ Shortened URL for Formatting Purposes But the processes and .EXE files dont match and the registry key isn't found in the suggested location
Help me Obi-Wan Kenobi.... You're my only hope.
submitted by hackthefortress to techsupport [link] [comments]

How to Remove BitcoinMiner How to Remove Trojan:Win32/CoinMiner Virus Manually ... How to Find and Remove a Hidden Miner Virus on Your PC 🐛🛡️🖥️ CPU Miner (a.k.a. BitCoin Miner) removal with GridinSoft ... How To Remove #scvhost.exe Virus Form Your Pc By DevTechz

A Short Crypto Virus Removal Guide. You can easily detect a simple Bitcoin miner: open the Task Manager and find any task that uses more than 20 percent of the CPU power. Most likely, this is a hidden miner. All you need to do is to finish the process. BitCoin miner virus or BitCoin mining virus is a dangerous malware that may use your CPU and/or GPU to obtain BitCoin cryptocurrency by mining illegally. Cryptocurrency miners keep hitting computers and trying to use their resources to generate revenue for their developers. Even though this type of infection is called BitCoinMiner, it does mine for digital currencies such as Monero ... I've been trying for weeks to remove an svchost.exe virus which appears to be bitcoin mining using my GPU, I first noticed when my GPU load was at 98% load when idle and realised that if I just ended the svchost.exe in processes it would stop until I restarted my PC, however I need rid of this but I've tried everything I could find. SVCHOST, BITCOIN MINER. Started by dispak , Jan 24 2014 06:05 PM. Page 1 of 2 ; 1; 2; Next; This topic is locked ; 16 replies to this topic #1 dispak dispak. Members 12 posts OFFLINE Local time ... Bitcoin Miner malware, detected with Malware Bytes but I believe it's still hidden somewhere. Open so a few days ago I did something stupid and tried to torrent a game for the first time and ended up installing a Bitcoin Miner onto my PC :/ It was very obvious that it was malware as it quickly seemed to hijack Google Chrome.

[index] [15579] [37982] [24601] [14305] [35438] [6198] [18732] [15917] [16983] [9151]

How to Remove BitcoinMiner

How to manually remove these little performance ruining bastards. These things are becoming the new epidemic. Most anti viruses don't detect them because the... Bitcoin Miner is a spy utility that is embedded in your PC and spend resources on completing your computation tasks and earnings E- Currency - Bitcoin comrade . On your PC , and calculated numbers ... Remove bitcoin miner trojan Virus (Virus Removal Guide) Visit Site :- https://www.uninstallallpcvirus.com/remove-bitcoin-miner-trojan-virus-virus-removal-gui... How to Remove Trojan:Win32/CoinMiner Virus Manually ( SYS64/Starter.exe and Driver.exe ) How to Mine Bitcoins Using Your Own Computer - Duration: 3:36. 99Bitcoins Recommended for you. 3:36. How to diagnose and remove a bitcoin miner trojan - Duration: 4:57. EZOVERDOSE 191,913 views. 4 ...

#