- Sep 16, 2020
- 4
- 0
- 10
Hi, 2-3 weeks ago, I noticed that I would have 100% GPU video encode usage after startup on my RX5600xt. In task manager, it says it's being used by Radeon Host service(my display drivers) but I'm convinced it's malware utilizing it. a week ago, I got a windows defender notification saying it had found ".net optimization service" as a low-risk bitcoin miner. I ignored it because, after some research, I heard it's supposed to be doing something with the runtime libraries and I should just wait for it to do it's this. However, its been a week and the process still runs when I start my pc. That's when I started to get suspicious. After going to the directory of the optimization service, there were around 30 logs. The contents inside clearly indicate that my GPU is mining some sort of crypto. Seems to be something called "ethermium" here is one of the logs: https://pastebin.com/j5fTGYH5 I ran a scan with Malwarebytes in safe mode and it detected nothing. At this point, I'm running out of ideas because the malware seems to have rooted itself into the "genuine" .net 3.5 and in Windows 10, you can't reinstall it. So should I just backup and nuke files, or is there a better solution?
Ps. I have never installed/intended to mine crypto on my computer. It looks like it snuck itself into the system somehow. I can't imagine how it managed to because I've never installed any new programs for the past month.
Ps. I have never installed/intended to mine crypto on my computer. It looks like it snuck itself into the system somehow. I can't imagine how it managed to because I've never installed any new programs for the past month.
Facebook
Twitter