Coun mining malware

Reedone816

Blue Belt
Joined
Apr 27, 2014
Messages
291
Reaction score
66
Location
Indonesia
I have a windows 10 notebook.
It was infected with various malwares, i'd clean it using malware bytes and eset av.
But there is one remain, the coin mining malware that attached oneself to explorer.exe.
Eset able to stop its process but when after a while the process will try again.
I tried full scan but nothing found.
Tried multiple live scanner but no result.
Anyone has advice?

Sent from my BV8000Pro using Tapatalk
 

Dirty Dog

MT Senior Moderator
Staff member
Lifetime Supporting Member
Joined
Sep 3, 2009
Messages
23,363
Reaction score
9,103
Location
Pueblo West, CO
Backup data files only. Reformat. Clean install.
I don't want to start an OS war (though I might), but your best option would be to ditch windoze entirely. It's bloated, slow, unstable, incredibly easy to hack, and massively invasive of your privacy.
Personally, I'd recommend one of the various flavors of Linux. Linux is free, fast, stable, generally more secure, and because it's open source your privacy is assured. And unlike Windoze, it's a true multi-threaded multi-tasking OS. Not a shell running over the 1980's era MS-DOS that emulates multi-threading and multi-tasking (which is big part of it's instability). You will never see the BSOD or the interminable "Updating" screen with Linux.
Linux Mint is popular with people switching from MicroSloth, because it has a similar 'feel' but Ubuntu (which is what I primarily use) and Arch are also very popular. I also like Kali, but that's more oriented towards security testing and hacking so it's not for everyone.
 

Xue Sheng

All weight is underside
Joined
Jan 8, 2006
Messages
34,275
Reaction score
9,392
Location
North American Tectonic Plate
I have a windows 10 notebook.
It was infected with various malwares, i'd clean it using malware bytes and eset av.
But there is one remain, the coin mining malware that attached oneself to explorer.exe.
Eset able to stop its process but when after a while the process will try again.
I tried full scan but nothing found.
Tried multiple live scanner but no result.
Anyone has advice?

Sent from my BV8000Pro using Tapatalk

Panda Cloud Cleaner

HitMan Pro

TrendMicro Housecall
 

Buka

Sr. Grandmaster
Staff member
MT Mentor
Joined
Jun 27, 2011
Messages
12,952
Reaction score
10,444
Location
Maui
I'm with Dirty Dog. Linux rocks.
 
  • Like
Reactions: pdg

Xue Sheng

All weight is underside
Joined
Jan 8, 2006
Messages
34,275
Reaction score
9,392
Location
North American Tectonic Plate
Backup data files only. Reformat. Clean install.
I don't want to start an OS war (though I might), but your best option would be to ditch windoze entirely. It's bloated, slow, unstable, incredibly easy to hack, and massively invasive of your privacy.
Personally, I'd recommend one of the various flavors of Linux. Linux is free, fast, stable, generally more secure, and because it's open source your privacy is assured. And unlike Windoze, it's a true multi-threaded multi-tasking OS. Not a shell running over the 1980's era MS-DOS that emulates multi-threading and multi-tasking (which is big part of it's instability). You will never see the BSOD or the interminable "Updating" screen with Linux.
Linux Mint is popular with people switching from MicroSloth, because it has a similar 'feel' but Ubuntu (which is what I primarily use) and Arch are also very popular. I also like Kali, but that's more oriented towards security testing and hacking so it's not for everyone.

I'm with Dirty Dog. Linux rocks.

I too like Linux, use to run a Linux box for AV and security. But it is not necessarily more secure, it is just not as popular in an enterprise setting, it still should be running Antivirus and security software. Also not all revs of Linux are created equal. For enterprise always go Redhat, it is not free and it is more secure. But the freeware version of that is CentOS. That is a rather good version of Linux
 

JowGaWolf

Sr. Grandmaster
MT Mentor
Joined
Aug 3, 2015
Messages
13,961
Reaction score
5,858
This particular pain the
I have a windows 10 notebook.
It was infected with various malwares, i'd clean it using malware bytes and eset av.
But there is one remain, the coin mining malware that attached oneself to explorer.exe.
Eset able to stop its process but when after a while the process will try again.
I tried full scan but nothing found.
Tried multiple live scanner but no result.
Anyone has advice?

Sent from my BV8000Pro using Tapatalk
Not sure if this will help you but it helped me. In my case it was attached to Google Chrome Browser and would reinstall when the Google Chrome Browser was opened. To solve it, (save any bookmarks you want to keep) and do the following
1. Uninstall Google Chrome.
2. Run your antivirus and your Malware Bytes Software. Doing this will get rid of any left over registry information that was used for Google Chrome.
3. Reinstall the updated version of Google Chrome.

This should get rid of it. If you research Coin Mining and google, you will come across discussions and articles about this issue. The problem isn't a Windows 10 problem. The problem is a Google Chrome problem. As of January 2018, google chrome has fixed the problem, but that new fix is only going to work with New Installs which is why you have to uninstall and then reinstall it.

Just make sure you run your Malware Bytes software after you uninstall, because if the old registry stuff is still in the system, then you'll most likely won't get rid of the issue.
 

Martial D

Senior Master
Joined
May 18, 2017
Messages
3,407
Reaction score
1,156
Backup data files only. Reformat. Clean install.
I don't want to start an OS war (though I might), but your best option would be to ditch windoze entirely. It's bloated, slow, unstable, incredibly easy to hack, and massively invasive of your privacy.
Personally, I'd recommend one of the various flavors of Linux. Linux is free, fast, stable, generally more secure, and because it's open source your privacy is assured. And unlike Windoze, it's a true multi-threaded multi-tasking OS. Not a shell running over the 1980's era MS-DOS that emulates multi-threading and multi-tasking (which is big part of it's instability). You will never see the BSOD or the interminable "Updating" screen with Linux.
Linux Mint is popular with people switching from MicroSloth, because it has a similar 'feel' but Ubuntu (which is what I primarily use) and Arch are also very popular. I also like Kali, but that's more oriented towards security testing and hacking so it's not for everyone.
Man, I remember spending like 16 hours trying to set up redhat 2.0. When the X system finally booted(after many many failed compiles and recompiles) I felt like I had just summited Everest.

I didn't even care that my sound wasn't happening.

That was of course many moons ago. These days Linux installs (at least most of them) are as easy as taking a piss.
 
OP
Reedone816

Reedone816

Blue Belt
Joined
Apr 27, 2014
Messages
291
Reaction score
66
Location
Indonesia
Thank you all for the advice,
As for Linux, i'm in dual mode now, been using OracleOS for a while now.
The windows one is for working purpose.

As the scanners I'd used Hitman and panda, i'll try the trendmicro one.

And for the last one, I'm afraid it's much trickier than that since it's attaching to the explorer.exe process. Can't uninstall that.
But none the less i'll try to uninstall my chrome first.

Anyway, somehow after reading the replies, it reminds me of firewall, so in case I'm unable to clean it, at least I'll prevent it to leave my computer.

Sent from my BV8000Pro using Tapatalk
 

JowGaWolf

Sr. Grandmaster
MT Mentor
Joined
Aug 3, 2015
Messages
13,961
Reaction score
5,858
Thank you all for the advice,
As for Linux, i'm in dual mode now, been using OracleOS for a while now.
The windows one is for working purpose.

As the scanners I'd used Hitman and panda, i'll try the trendmicro one.

And for the last one, I'm afraid it's much trickier than that since it's attaching to the explorer.exe process. Can't uninstall that.
But none the less i'll try to uninstall my chrome first.

Anyway, somehow after reading the replies, it reminds me of firewall, so in case I'm unable to clean it, at least I'll prevent it to leave my computer.

Sent from my BV8000Pro using Tapatalk
For some reason I want to say that from first looks it appears that the issue is with the explorer.exe process but in reality it's Google Chrome. My wife was able to run Malwarebytes which would get it, but every she starts her computer it would come back. So what I did, was to do 2 scans. I cleaned the computer using Malwarebytes then restarted the computer, and then scanned the computer immediately after the restart (I didn't open any other application). The scan came up clean so I knew that the issue wasn't with the explorer.exe. Next I pretty much followed the next step of what my wife does which is to open a browser. I opened up Google Chrome, and I did another scan, and Malwarebytes found the coin miner again.
 

Dirty Dog

MT Senior Moderator
Staff member
Lifetime Supporting Member
Joined
Sep 3, 2009
Messages
23,363
Reaction score
9,103
Location
Pueblo West, CO
I too like Linux, use to run a Linux box for AV and security. But it is not necessarily more secure, it is just not as popular in an enterprise setting, it still should be running Antivirus and security software. Also not all revs of Linux are created equal. For enterprise always go Redhat, it is not free and it is more secure. But the freeware version of that is CentOS. That is a rather good version of Linux

This could be argued forever (and is...). I'll just say this. I am not a professional, but I've been using and coding in Unix since your only options were BSD and SunOS. And I've done more than a little testing of security on various versions. So I'll just say this. If I can social engineer physical access to your unlocked *nix box, it takes all of 12 seconds to have remote shell access on your account, without needing a password. I will get your password, too, of course, but I don't need it to have a shell. I can do the same thing to your Windoze box, but it doesn't even have to be unlocked, or even have anybody logged on. And I'll get not only your user account, I'll get your browser history, including online passwords. I can get a lot more info out of a Windoze box with a lot less time and effort. That's why I think it's less secure.
Sure, putting in a BEEF hook is the same on either, since they run ported versions of the same browsers.
And it's super easy to get a Windoze user to sit there and do nothing for as long as you need, while you're installing and running tons of stuff behind it. The first part of your script just calls iexplore to send them HERE, and with the -k option it makes it full screen. Windows users are trained to sit there and let this run. So then your script grabs alllllll kinds of stuff to install in the background, while the user sits.
 
OP
Reedone816

Reedone816

Blue Belt
Joined
Apr 27, 2014
Messages
291
Reaction score
66
Location
Indonesia
For some reason I want to say that from first looks it appears that the issue is with the explorer.exe process but in reality it's Google Chrome. My wife was able to run Malwarebytes which would get it, but every she starts her computer it would come back. So what I did, was to do 2 scans. I cleaned the computer using Malwarebytes then restarted the computer, and then scanned the computer immediately after the restart (I didn't open any other application). The scan came up clean so I knew that the issue wasn't with the explorer.exe. Next I pretty much followed the next step of what my wife does which is to open a browser. I opened up Google Chrome, and I did another scan, and Malwarebytes found the coin miner again.
Yup it seems this works.
I uninstall my old chrome, the warning popup no longer popup for coin mining malware.
Thanks alot...

Sent from my BV8000Pro using Tapatalk
 

Xue Sheng

All weight is underside
Joined
Jan 8, 2006
Messages
34,275
Reaction score
9,392
Location
North American Tectonic Plate
This could be argued forever (and is...). I'll just say this. I am not a professional, but I've been using and coding in Unix since your only options were BSD and SunOS. And I've done more than a little testing of security on various versions. So I'll just say this. If I can social engineer physical access to your unlocked *nix box, it takes all of 12 seconds to have remote shell access on your account, without needing a password. I will get your password, too, of course, but I don't need it to have a shell. I can do the same thing to your Windoze box, but it doesn't even have to be unlocked, or even have anybody logged on. And I'll get not only your user account, I'll get your browser history, including online passwords. I can get a lot more info out of a Windoze box with a lot less time and effort. That's why I think it's less secure.
Sure, putting in a BEEF hook is the same on either, since they run ported versions of the same browsers.
And it's super easy to get a Windoze user to sit there and do nothing for as long as you need, while you're installing and running tons of stuff behind it. The first part of your script just calls iexplore to send them HERE, and with the -k option it makes it full screen. Windows users are trained to sit there and let this run. So then your script grabs alllllll kinds of stuff to install in the background, while the user sits.

And I have a Knoppix disk (and flash drive) that will own your PC, or any other, in seconds, don't care what OS you run...that is, unless you secure it properly and most don't, not even Linux users.

I am not going to argue anything, I know better than to argue security with those committed to linux or Mac.... but professionally speaking, I stand by my original post.
 

pdg

Senior Master
Joined
Feb 19, 2018
Messages
3,568
Reaction score
1,034
And I have a Knoppix disk (and flash drive) that will own your PC, or any other, in seconds, don't care what OS you run...that is, unless you secure it properly and most don't, not even Linux users.

I am not going to argue anything, I know better than to argue security with those committed to linux or Mac.... but professionally speaking, I stand by my original post.

Not to argue... ;)

Can someone use that disc to 'own' my computer (running whatever OS) here in England while they're sat in their mum's basement in the US?
 

Dirty Dog

MT Senior Moderator
Staff member
Lifetime Supporting Member
Joined
Sep 3, 2009
Messages
23,363
Reaction score
9,103
Location
Pueblo West, CO
Not to argue... ;)

Can someone use that disc to 'own' my computer (running whatever OS) here in England while they're sat in their mum's basement in the US?

No, but there are other ways to do it remotely. It's just easier if you can get physical access for just a few seconds. That's not at all difficult, for most business computers. "I'm here for a meeting, but I forgot to print out some documents I need. Can you print the papers on this USB drive for me?" It takes a LOT longer to print those documents than it does for the script I've also put on the device to run.
Without physical access, you use things like MItM attacks, BEEF hooks, Captive Portals, Packet sniffers and such. You'll still get there, it just takes more time and effort.
And I'm on the second floor of my own home, not my mums basement. :)
 

pdg

Senior Master
Joined
Feb 19, 2018
Messages
3,568
Reaction score
1,034
No, but there are other ways to do it remotely. It's just easier if you can get physical access for just a few seconds. That's not at all difficult, for most business computers. "I'm here for a meeting, but I forgot to print out some documents I need. Can you print the papers on this USB drive for me?" It takes a LOT longer to print those documents than it does for the script I've also put on the device to run.
Without physical access, you use things like MItM attacks, BEEF hooks, Captive Portals, Packet sniffers and such. You'll still get there, it just takes more time and effort.
And I'm on the second floor of my own home, not my mums basement. :)

My point really was that if you have access to insert a disc the security requirements are different.

Out of the box, with no extra effort to 'secure', *nix beats ios beats doze from a remote access standpoint.

And, securing a machine against a bootable disc (round or usb) is OS independent.

If you can socially engineer access (click here for nudes), that's a whole lot easier than brute force entry too...
 

JowGaWolf

Sr. Grandmaster
MT Mentor
Joined
Aug 3, 2015
Messages
13,961
Reaction score
5,858
Yup it seems this works.
I uninstall my old chrome, the warning popup no longer popup for coin mining malware.
Thanks alot...

Sent from my BV8000Pro using Tapatalk
Glad it solved your problem. It's unfortunate that google caused this problem as the coin mining malware was part of their browser install. Hopefully in the future they will focus more on security than being trendy.
 

Xue Sheng

All weight is underside
Joined
Jan 8, 2006
Messages
34,275
Reaction score
9,392
Location
North American Tectonic Plate
Not to argue... ;)

Can someone use that disc to 'own' my computer (running whatever OS) here in England while they're sat in their mum's basement in the US?

Got an e-mail address..... do you look at your e-mail on your computer.....then yes...it's called Phishing
all you need to do is click the link in the e-mail that was socially engineered to get you to open it.

Do you peruse the web? Do you get surprise popups about viruses or free offers...do you click yes, or no or scroll across the popup with your cursor.....then yes
 

Xue Sheng

All weight is underside
Joined
Jan 8, 2006
Messages
34,275
Reaction score
9,392
Location
North American Tectonic Plate
And, securing a machine against a bootable disc (round or usb) is OS independent..

yes it is OS independent, it is done in the BIOS and it can also be a GPO

Knoppix is an OS on a disk that is Linux based. And you would need physical access to the box. Or remote access rights
 

Dirty Dog

MT Senior Moderator
Staff member
Lifetime Supporting Member
Joined
Sep 3, 2009
Messages
23,363
Reaction score
9,103
Location
Pueblo West, CO
And I have a Knoppix disk (and flash drive) that will own your PC, or any other, in seconds, don't care what OS you run...that is, unless you secure it properly and most don't, not even Linux users.

Agreed. In my experience (which is certainly less extensive than yours), most peoples security is what is set out of the box. And 'out of the box', I think Linux (at least the distros I use) is more secure. Those who tweak things (on any OS) can make it harder, but nothing connected is unhackable, given enough time and commitment.
Even systems that are geared towards security. A buddy at work runs Parrot, which he thought was more secure. I plugged in. Owned. He was able to stop me eventually, but he was doing things that required foreknowledge of exactly how the script worked; i.e. he changed perms on a directory I was using to store a loot file to read only. So I changed to a different directory. Or I had the loot emailed to me at a throw-away gmail account.
Ultimately, he created a USB whitelist. That works, sure. And it's fine on a single user system. But as an enterprise solution, it's awfully cumbersome; nobody can throw work on a USB drive to take home, unless they come get a special one from you. Which they will inevitably lose anyway. Nor can they look at some PowerPoints from a seminar I went to.
The tighter your security, the more difficult it becomes to actually use the computer. It's a trade off.
 
Last edited:

pdg

Senior Master
Joined
Feb 19, 2018
Messages
3,568
Reaction score
1,034
Got an e-mail address..... do you look at your e-mail on your computer.....then yes...it's called Phishing
all you need to do is click the link in the e-mail that was socially engineered to get you to open it.

Do you peruse the web? Do you get surprise popups about viruses or free offers...do you click yes, or no or scroll across the popup with your cursor.....then yes

Those aren't really using your knoppix usb drive to 'own' my pc though ;)

Although, your message has made me think...

Is there a possibility that the Nigerian prince who sent me an email asking for help to move his money wasn't genuine?

What about the one I got that said "we am from you bank council of english in america, needed your password confirm with here clicking" - surely that was genuine?
 

Latest Discussions

Top