Somehow yesterday a trojan installed on my computer which keeps installing and running ccminer-cryptonight (which gets installed in multiple folders each ending in a different numeral RarSFX0, RarSFX1, RarSFX2 etc. in this location : c:\users\\appdata\local\temp\RarSFX0 )
The strange thing is that I did not install anything to provoke this. I haven't installed anything for weeks, no new software, games or anything. Last night was just watching some videos on youtube and all of a sudden 2 dialogs popped up after each other asking if I wanted to allow the installation of a certain numbered .exe (example 54656.exe) of course I declined both of the install requests.
Did a scan with spybot and malware bytes, both came up clean and seeing as it was late at night i just ignored what happened and moved on. Now today when I started my computer 2 prompt windows popped up running mining software. So instantly reminded of what happened last night I went on the hunt to find what and where it was coming from and found the folders listed above.
Manually deleting the folders doesnt work, spybot and malware bytes dont register it.
these items are inside the rarsfx folders:
- a folder named ccminer-cryptonight with the miner software inside.
- a application named starter_0.03a.exe
- a notepad file named starter_config.
text inside the config file:
Ïîêàçûâàòü îêíî ìàéíåðà (0-íåò, 1-äà)
1
Ïîêàçûâàòü çíà÷îê â òðåå (0-íåò, 1-äà)
1
Çàäåðæêà ïåðåä âêëþ÷åíèåì ìàéíèíãà â ñåêóíäàõ
5
Ïàïêà, â êîòîðîé íàõîäèòñÿ ìàéíåð (ââîäèòü òîëüêî åå íàçâàíèå)
ccminer-cryptonight
Çàïóñêàåìûé ôàéë ìàéíåðà (èìÿ ôàéëà ñ ðàñøèðåíèåì)
ccminer.exe
Ñòðîêà ïàðàìåòðîâ (ñ ïðîáåëîì â íà÷àëå!). Ñèíòàêñèñ çàâèñèò îò âûáðàííîãî ìàéíåðà. Íå äîëæíà íà÷èíàòüñÿ ñ èìåíè ôàéëà ìàéíåðà! Åñëè ïóë ïðåäîñòàâèë ñòðîêó ñ èìåíåì ìàéíåðà, óäàëèòå åãî èç ñòðîêè.
-a cryptonight -o stratum+tcp
/xmr.pool.minergate.com:45560 -u xdem777@gmail.com -p x -l 8x32
Ðåæèì ðàáîòû (0 - âî âðåìÿ íåàêòèâíîñòè ïîëüçîâàòåëÿ, 1 - ïàðàëëåëüíî ñ ïîëüçîâàòåëåì)
1
please help me get rid of this. Dont feel like helping someone mine cryptocurrency on my dime.
The strange thing is that I did not install anything to provoke this. I haven't installed anything for weeks, no new software, games or anything. Last night was just watching some videos on youtube and all of a sudden 2 dialogs popped up after each other asking if I wanted to allow the installation of a certain numbered .exe (example 54656.exe) of course I declined both of the install requests.
Did a scan with spybot and malware bytes, both came up clean and seeing as it was late at night i just ignored what happened and moved on. Now today when I started my computer 2 prompt windows popped up running mining software. So instantly reminded of what happened last night I went on the hunt to find what and where it was coming from and found the folders listed above.
Manually deleting the folders doesnt work, spybot and malware bytes dont register it.
these items are inside the rarsfx folders:
- a folder named ccminer-cryptonight with the miner software inside.
- a application named starter_0.03a.exe
- a notepad file named starter_config.
text inside the config file:
Ïîêàçûâàòü îêíî ìàéíåðà (0-íåò, 1-äà)
1
Ïîêàçûâàòü çíà÷îê â òðåå (0-íåò, 1-äà)
1
Çàäåðæêà ïåðåä âêëþ÷åíèåì ìàéíèíãà â ñåêóíäàõ
5
Ïàïêà, â êîòîðîé íàõîäèòñÿ ìàéíåð (ââîäèòü òîëüêî åå íàçâàíèå)
ccminer-cryptonight
Çàïóñêàåìûé ôàéë ìàéíåðà (èìÿ ôàéëà ñ ðàñøèðåíèåì)
ccminer.exe
Ñòðîêà ïàðàìåòðîâ (ñ ïðîáåëîì â íà÷àëå!). Ñèíòàêñèñ çàâèñèò îò âûáðàííîãî ìàéíåðà. Íå äîëæíà íà÷èíàòüñÿ ñ èìåíè ôàéëà ìàéíåðà! Åñëè ïóë ïðåäîñòàâèë ñòðîêó ñ èìåíåì ìàéíåðà, óäàëèòå åãî èç ñòðîêè.
-a cryptonight -o stratum+tcp
/xmr.pool.minergate.com:45560 -u xdem777@gmail.com -p x -l 8x32Ðåæèì ðàáîòû (0 - âî âðåìÿ íåàêòèâíîñòè ïîëüçîâàòåëÿ, 1 - ïàðàëëåëüíî ñ ïîëüçîâàòåëåì)
1
please help me get rid of this. Dont feel like helping someone mine cryptocurrency on my dime.
Facebook
Twitter