Win32.CoinMiner
Win32.CoinMiner is not a virus. It is a hacking tool that may be dropped on the computer by another Trojan infection. This tool will use extensive CPU resources once running on the system.
Win32.CoinMiner is mining software created to infiltrate Microsoft Windows systems. It attempts to generate digital coins for Bitcoin program by staging a complex computation expending high CPU resources. Usually, Bitcoin mining is running on the infected computer without user’s knowledge. It can be dropped by variants of Trojans coming from the same group of malware. This threat will drop certain files and tools that is necessary to operate the tool on the compromised PC.
Alias:
Win32/CoinMiner
Win32.BitCoinMiner
Win-Appcare/Bitcoin
W32/BitCoinMiner.B
RiskTool.BitCoinMiner
Tool.BtcMine.1
Win32/BitCoinMiner
RiskTool.Win32.BitCoinMiner.a
HKTL_BITCOINMINE
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista, Windows 7
Characteristics
When Win32.CoinMiner is executed, it will create the following files.
%TEMP%\bitcoin-miner.exe
%TEMP%\taskmgr.exe
%TEMP%\svchost.exe
With the most recent variants of this tool, users may notice presence of the following files and folders aside from those mentioned above.
%WINDIR%\ufa
%WINDIR%\rpcminer
%WINDIR%\phoenix
%APPDATA%\WhileIdle
Once running on the system, Win32.CoinMiner will perform a complicated calculation that aims to earn a Bitcoin blocks for its authors. In most recent trading, Bitcoin blocks are valued to at least US$ 20, which make this digital currency trading a new target for cyber-criminals.
Only noticeable symptom on the presence of Win32.CoinMiner is extreme reduction on performance of the PC. The tool will use extensive CPU resources to solve a complex cryptographic problem, which is called Bitcoin mining.
Distribution
Win32.CoinMiner may arrive on a computer dropped by another Trojan infection. Some users also downloads malicious files from free servers without knowing that it is compromised with Win32.CoinMiner.
Image below shows how Microsoft Security Essentials have blocked the virus before it can enter the computer. It is important to have protection software to prevent attacks coming from Trojan such as Win32.CoinMiner.
How to Remove Win32.CoinMiner
1. Temporarily Disable System Restore if you are using Windows XP. For Windows Vista/7 users, you may use System Restore to return Windows to a previous clean state. However, you must have a saved restore points to accomplish this. Otherwise, proceed with the removal process.
2. Open your antivirus application and update the virus definitions. This method ensures that your antivirus program can detect even newer variants of Win32.CoinMiner
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable, better place them in quarantine. Once the scan is complete please proceed with the next step.
Online Virus Scanner:
Another way to remove Win32.CoinMiner without the need to install additional antivirus application is to perform a thorough scan with free online virus scanner that can be found here or on websites of legitimate anti-virus and security provider.
5. Go to Online Virus Scanner list and run a virus scan. This may require plug-ins, add-on or Activex object, please install if you want to proceed with scan.
6. After completing the necessary download, your system is now ready for online virus scanning.
7. Select an option in which you can thoroughly scan the computer to make sure that it will find and delete entirely all infections not detected on previous scan.
8. Remove or delete all detected items.
9. When scanning is finished you may now restart the computer in normal mode.
Alternative Removal Method for Win32.CoinMiner
Option 1 : Use Windows System Restore to return Windows to previous state
If Win32.CoinMiner enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Win32.CoinMiner infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.
Solange
Jun 15, 2012 @ 05:51:21
No single anti-spyware application is perfect so I recommend using at least 2 different programs. Spybot Search Destroy is one of the best. I also recommend SUPERAntiSpyware. Other free anti-spyware programs would be Adaware, AVG Anti-spyware (formally Ewido), A-squared, Spyware Terminator and SpywareBlaster.If you do not have an updated anti-virus program always running, you need to get one. Install only one, but you can get AVG, Avast! or AntiVir for free.I strongly recommend using FireFox, it’s a far better and safer alternative to Internet Explorer. If you add-on McAfee SiteAdvisor, it will warn you of potentially harmful sites. I also recommend CCleaner which is a free system optimization and privacy tool.