Suggestions on removing a stubborn mining virus?

mildewman · Feb 21, 2019

Im infected - Realtemp shows load at 30%, if i open task manager load drops to normal 2-5%, close task manager and system load immediately goes back to 30%. (Windows 10 x64 latest public version)

I have run Trend Online scan, Malwarebytes, Kaspersky, AVP2019 and Windows defender but no success.

When windows starts i can see a dos box opening then minimizing just before desktop opens. No odd additions to installed apps list in windows, no odd additions to startup apps list in windows. What should my next step be for removing this virus?

UsandThem · Feb 21, 2019

Back up your documents, nuke your partitions, full format, and then a clean OS install.

mildewman · Feb 21, 2019

My recording software uses a LOT of plugins. A system rebuild takes many hours.

I ran Malwarebytes beta of its specialized rootkit fixing software (https://www.malwarebytes.com/antirootkit/), and it turned out my soundmixer.exe had been infected. Same file as the last mining virus i got about a year ago.

System load now back down to 2-3% but i still have this suss dosbox opening just before desktop comes up at boot. Now to uninstall all the random antivirus software ive added in the last few hours and start using malwarebytes instead of windows defender. And the moral is of course, never install software you found on piratebay !!!

UsandThem · Feb 21, 2019

mildewman said:
And the moral is of course, never install software you found on piratebay !!!

I don't want to be "that guy", but in this case I'm going to.

balloonshark · Feb 22, 2019

I could never trust a computer that was infected. Making regularly created known clean images and then restoring them if and when you're infected or have issues is the only way to go.

jameny5 · Feb 22, 2019

Download RKILL at www.cnet.com. Install it. Then RUN it. At the RUN command type RKILL. Let it run it's diagnostics and see if it finds the problem.

WilliamM2 · Feb 23, 2019

I would restore my computer to an image created before it was infected. Takes less than 10 minutes.

If you don't have one, do a clean install, and this time create one.

As you said, it takes a long time to fully configure your computer the way you like it.

corkyg · Feb 23, 2019

That is why I have duplicate drives that are mounted in a mobile rack. I rotate them every Sunday morning. If one ever gets corrupted, I simply go to the other drive, and clone it to the contaminated one. That way I always have an ace in the hole.

Racan · Feb 24, 2019

You should give Hitman Pro a try https://www.hitmanpro.com/en-us/hmp.aspx

VirtualLarry · Feb 24, 2019

mildewman said:
And the moral is of course, never install software you found on piratebay !!!

You could use a "Test Mule VM", and wipe / restore it after every use. Not that that's 100% safe either, there are some "VM escape" exploits.

Modular · Mar 22, 2019

balloonshark said:
I could never trust a computer that was infected. Making regularly created known clean images and then restoring them if and when you're infected or have issues is the only way to go.

WilliamM2 said:
I would restore my computer to an image created before it was infected. Takes less than 10 minutes.

If you don't have one, do a clean install, and this time create one.

As you said, it takes a long time to fully configure your computer the way you like it.

corkyg said:
That is why I have duplicate drives that are mounted in a mobile rack. I rotate them every Sunday morning. If one ever gets corrupted, I simply go to the other drive, and clone it to the contaminated one. That way I always have an ace in the hole.

What software do you all use to make clean images?

balloonshark · Mar 22, 2019

Modular said:
What software do you all use to make clean images?

I use Macrium Reflect Free. You can check out the comparison chart to see if it will fit your needs. https://www.macrium.com/reflectfree

WilliamM2 · Mar 22, 2019

Modular said:
What software do you all use to make clean images?

I use the built in utility in Windows. It's never failed me yet. Go to control panel, and look for "backup and restore".

corkyg · Mar 22, 2019

I use Acronis TI created Rescue Media.

Modular · Mar 22, 2019

balloonshark said:
I use Macrium Reflect Free. You can check out the comparison chart to see if it will fit your needs. https://www.macrium.com/reflectfree

Thanks!

WilliamM2 said:
I use the built in utility in Windows. It's never failed me yet. Go to control panel, and look for "backup and restore".

Excellent, I think I'm going to give this a shot. I've been using Acronis TrueImage, but it's pretty clumsy IMO. I don't have the time to research 100 different options. I just need something simple.

corkyg said:
I use Acronis TI created Rescue Media.

Thanks, I've been using their full version with incremental backups and some other settings, but I never feel confident that it's going to work when I need it. I guess that I should try and do a restore to a spare HDD and see how it goes.

Back on topic - sorry for the thread derailment.

corkyg · Mar 22, 2019

I use the clone function offline with TI bootable media/ Never has failed me in the last 20 years or so.

IN THE DEPTHS OF DARKNESS · Apr 5, 2019

https://www.zemana.com/
Zemana AntiMalware

Search

Suggestions on removing a stubborn mining virus?

mildewman

Member

UsandThem

Elite Member

mildewman

Member

UsandThem

Elite Member

balloonshark

Diamond Member

jameny5

Senior member

WilliamM2

Platinum Member

corkyg

Elite Member | Peripherals

Racan

Golden Member

VirtualLarry

No Lifer

Modular

Diamond Member

balloonshark

Diamond Member

WilliamM2

Platinum Member

corkyg

Elite Member | Peripherals

Modular

Diamond Member

corkyg

Elite Member | Peripherals

IN THE DEPTHS OF DARKNESS

Junior Member

TRENDING THREADS