I found a file named yam.exe in my processes

Feb 27, 2015
2
0
4,510
0
Earlier today I noticed a strange file named "script.vbs" in my startup routine, and it points to a file named "yam.exe" that's found in my start menu, which also was running in my processes. I opened the "script.vbs" using a text editor and found it pointing to an address of "x@pool.democats.org". I searched for that and it turned out to be a BitCoin mining community.
I have since deleted both files, but I want to know what else I can do to ensure I'm now safe, and prevent such files from sneaking in again.

Thanks!
 

Dragos Manea

Estimable
Mar 30, 2015
139
1
4,660
25
check gpu usage, msi afterburner or gpu-z and see gpu usage if it is 100% and you are not doing anything then you have a miner and you must search it and destroy it manually. Mining is used for some(including me) on purpose to make some money but some use it very invasive and use other computers to make money for them that is why a antivirus would not detect such type of program. Best way is ti check gpu usage if it is 100% then go to task manager and see what is eating CPU and see the process, if you find it suspicious them search the exe file and destroy it manually.
 

Dragos Manea

Estimable
Mar 30, 2015
139
1
4,660
25
check gpu usage, msi afterburner or gpu-z and see gpu usage if it is 100% and you are not doing anything then you have a miner and you must search it and destroy it manually. Mining is used for some(including me) on purpose to make some money but some use it very invasive and use other computers to make money for them that is why a antivirus would not detect such type of program. Best way is ti check gpu usage if it is 100% then go to task manager and see what is eating CPU and see the process, if you find it suspicious them search the exe file and destroy it manually.
 

aquielisunari

Distinguished
Mar 31, 2011
272
0
19,260
59


As far as scripts and only scripts are concerned the NoScript browser plugin should help. It's a proactive plugin that denies scripts unless authorized. Nothing can ensure your safety but NoScript can help.
 

junkeymonkey

Honorable
Nov 11, 2013
402
0
11,260
60
Thread starter Similar threads Forum Replies Date
N Antivirus / Security / Privacy 1
mangaman Antivirus / Security / Privacy 3
P Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 4
D Antivirus / Security / Privacy 3
P Antivirus / Security / Privacy 2
T Antivirus / Security / Privacy 3
K Antivirus / Security / Privacy 4
S Antivirus / Security / Privacy 12
C Antivirus / Security / Privacy 2
V Antivirus / Security / Privacy 1
F Antivirus / Security / Privacy 1
S Antivirus / Security / Privacy 2
R Antivirus / Security / Privacy 2
M Antivirus / Security / Privacy 2
S Antivirus / Security / Privacy 5
W Antivirus / Security / Privacy 3
V Antivirus / Security / Privacy 2
X Antivirus / Security / Privacy 2
Whammy Antivirus / Security / Privacy 1

ASK THE COMMUNITY