A Bitcoin miner virus

De Master Yoda

Administrator
Staff member
#1
My Sophos AV detected a bitcoin miner virus and removed it.

This may come in hand as I feel we will be seeing a lot more of this type of virus.

The section below is only part of the post as it is too large to post. You can see it all in the link. Thank you.

https://sensorstechforum.com/bitcoin-miner-virus-how-to-detect-and-remove-it-november-2017/

This article aims to help you detect and remove the newly emerged fileless BitCoin mining software and protect your computer in the future.

Fileless malware is shaping up to be the next big thing in cyber-security, and it will not go away soon. One such virus is the latest discovered BitCoin mining malware. This infection has the only purpose to mine BitCoin, Monero or other cryptocurrencies on the computer it has infected. For cryptocurrency mining to occur, the malware may run processes on the infected machine that may result in the significant over-usage of its resources, and it’s slowing down. And the worst part is that there are no files on your computer, meaning it is very difficult to detect it. If you believe you are infected with this BitCoin miner malware, we advise you to read this article to learn how to remove it from your computer and protect yourself in the future as well.


Threat Summary
Name BitCoin Miner Malware
Type CryptoCurrency Miner
Short Description Aims to infect your computer and use it’s CPU, GPU and other resources to turn it into a miner for cryptocurrencies.
Symptoms Hightened CPU and GPU usage and overheating. The victim PC may break if this virus mines for longer periods of time.
Distribution Method Spam Emails, Email Attachments, Executable files
Detection Tool See If Your System Has Been Affected by BitCoin Miner Malware
Download
Malware Removal Tool

User Experience Join Our Forum to Discuss BitCoin Miner Malware.

How Does BitCoin Miner Infect
At this point, it is not clear as to what the exact infection method of this mining malware is. However, it may appear on your computer as a result of executing multiple different types of malware previously executed on your computers, such as Trojans, Worms, and others. The methods of distribution and infection vary, but they may be conducted via:

  • Malicious web links posted as a spam message online.
  • Web links that exist In various forms, as fake buttons or altered banners on a website as a result of having a PUP on your computer.
  • Via malicious e-mail spam attachment with a convincing message to open it.
The infection process itself is conducted with the aid of one of the exploits used in the WannaCry and NotPetya ransomware outbreaks which came out earlier this year. The exploit is known by the name EternalBlue and is a zero-day type of exploit for Windows versions from Windows XP up to Windows 10. Fortunately, Microsoft has released patches for the exploit, so anyone who has a legitimate Windows installation should immediately:

Disable the WMI service.
Disable SMB and Download the latest security patches from Microsoft.