Trojan.Coinbitminer is a Trojan created specifically for the program BitCoins. When Trojan.Coinbitminer is executed, it will utilized victim’s PC and resources to mine bitcoins for the benefit of the remote attacker. This Trojan can drop and install the legitimate software for BitCoin without user’s consent.
Alias: Win32/CoinMiner, Win-Appcare/Bitcoin, RiskTool.BitCoinMiner!SP8RvUesJfQ, Win32/BitCoinMiner, Possible-Threat.Win32.BitCoinMiner, RiskTool.Win32.BitCoinMiner.a, Bitcoin Miner, HKTL_BITCOINMINE
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Upon executing the Trojan, it will create the following files.
Next, Trojan.Coinbitminer will attempt to exploit the affected computer resources to mine bitcoins for its authors. The Trojan is also designed to steal victim’s BitCoin’s account data and send it to a remote attacker.
To those who are unfamiliar with BitCoins, it is a digital currency used by miners to purchase goods online. As of this writing, each BitCoin blocks are often traded to around US$25. To earn BitCoin blocks, users are obliged to install a BitCoin software and use computer’s resources to solve a given cryptographic equation. This is known as mining. As mentioned, attackers are using public computers to solve a cryptographic challenge simultaneously. For every problems solve, users will receive for up to 50 BitCoins. Imagine how much attackers would earn for infecting large amount of computers with Trojan.Coinbitminer.
Trojan.Coinbitminer arrives on computers in several methods. The most utilized approach is through mass mailing. User may also be contaminated when a questionable link from instant messaging application is executed. The link is originally sent from address of a friend on contact lists, but sender is unaware that Trojan on their computer is sending out malicious information. Most of the time, the message will contain tempting links on trending news and events.
Another means of propagation is via drive-by-download. Trojan.Coinbitminer can enter the computer if user visits a web site that is either legitimate but compromised or web pages that is harmful in nature. The process is so covert that user’s may not even notice. On the other hand, Trojan may be installed with user’s knowledge when it pretends as software update or as required components found on unknown web pages.[cf]regis[/cf] [cf]files[/cf]
How to Remove Trojan.Coinbitminer
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To identify even the most recent variant of Trojan.Coinbitminer, open your antivirus application and update the virus definitions.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan.Coinbitminer. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.
Alternative Removal Method for Trojan.Coinbitminer
Option 1 : Use Windows System Restore to return Windows to previous state
If Trojan.Coinbitminer enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Coinbitminer infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.