Hello, i hope this is the right section, today with the raise of bitcoin a particular variant of Trojans starting to appear often which mine bitcoin, ofcourse, the real threat comes with these Trojans injecting themselves into another process, and running very stealthy (not using too much resources, not running 24/7, and completely marked safe by pretty much every anti-virus), and my question is, how may one identify a bitcoin Trojan running? it will most likely use the GPU , are there tools to inspect GPUs to tell which process is controlling it for example?
Solution
- Apr 6, 2009
- 6,218
- 259
- 38,490
Most of the available anti-malware/anti-virus apps will detect and remove these threats. Even if using the GPU, these protection apps can detect them.
Another tell-tale sign of a hi-jacked GPU is high use/heat when it should be idle. You can see this via Task Manager, HWMointor, and Speccy, to name a few ways to assess.
Another tell-tale sign of a hi-jacked GPU is high use/heat when it should be idle. You can see this via Task Manager, HWMointor, and Speccy, to name a few ways to assess.
Avast-Team
Estimable
- Mar 3, 2017
- 225
- 1
- 5,165
Can confirm that AV/anti-malware can be an effective method to prevent and detect these threats. Our threat labs has been aware of several mining schemes that we have been blocking, here's more information on them that might help you to spot miners:
https
/blog.avast.com/arenavision-mines-cryptocurrency-monero-using-visitors-browsers-without-their-knowledge
https/blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
(On a side note, Avast has several methods that can help detect this kind of unwanted behavior, including CyberCapture and Behavior Shield, in real-time. I can fill you in or provide a link if you are curious.)
https
/blog.avast.com/arenavision-mines-cryptocurrency-monero-using-visitors-browsers-without-their-knowledgehttps
/blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming(On a side note, Avast has several methods that can help detect this kind of unwanted behavior, including CyberCapture and Behavior Shield, in real-time. I can fill you in or provide a link if you are curious.)
- Jun 15, 2018
- 1
- 0
- 10
I use Autoruns from Microsoft.
I found that dllhost.exe was being used to piggy-back a file called MicrosoftRuntimeUpdate.vbe ,
This file was the guilty crypto mining trojan.
My Solution was to end the task running.
Open the .vbe file in notepad
Added a few digits and letters in the code to render it useless.
Saved the file without changing the filename.
Marked file as 'read-only'
Restart.
Result: positive. the file is no longer running at startup
My Reason for using this bizarre method: the .vbe file cannot be overwritten with an identical filename from the web.
I found that dllhost.exe was being used to piggy-back a file called MicrosoftRuntimeUpdate.vbe ,
This file was the guilty crypto mining trojan.
My Solution was to end the task running.
Open the .vbe file in notepad
Added a few digits and letters in the code to render it useless.
Saved the file without changing the filename.
Marked file as 'read-only'
Restart.
Result: positive. the file is no longer running at startup
My Reason for using this bizarre method: the .vbe file cannot be overwritten with an identical filename from the web.
- Status
Similar threads
TRENDING THREADS
-
Question Lenovo Yoga book 9i vs. Asus Zenbook duo
- Started by szcad
- Replies: 0
-
-
-
-
-
Question Transferring iPhone 8 (iOS 14.5) to new 15: Upgrade 8’s iOS & best method of transfer
- Started by autozonejawana
- Replies: 0
-
Facebook
Twitter