Hello, i hope this is the right section, today with the raise of bitcoin a particular variant of Trojans starting to appear often which mine bitcoin, ofcourse, the real threat comes with these Trojans injecting themselves into another process, and running very stealthy (not using too much resources, not running 24/7, and completely marked safe by pretty much every anti-virus), and my question is, how may one identify a bitcoin Trojan running? it will most likely use the GPU , are there tools to inspect GPUs to tell which process is controlling it for example?
Can confirm that AV/anti-malware can be an effective method to prevent and detect these threats. Our threat labs has been aware of several mining schemes that we have been blocking, here's more information on them that might help you to spot miners:
(On a side note, Avast has several methods that can help detect this kind of unwanted behavior, including CyberCapture and Behavior Shield, in real-time. I can fill you in or provide a link if you are curious.)
I found that dllhost.exe was being used to piggy-back a file called MicrosoftRuntimeUpdate.vbe ,
This file was the guilty crypto mining trojan.
My Solution was to end the task running.
Open the .vbe file in notepad
Added a few digits and letters in the code to render it useless.
Saved the file without changing the filename.
Marked file as 'read-only'
Result: positive. the file is no longer running at startup
My Reason for using this bizarre method: the .vbe file cannot be overwritten with an identical filename from the web.