D
D
des1roer2016-01-12 16:22:30
Information Security
des1roer, 2016-01-12 16:22:30

How to manually delete Miner Ethash folder in appdata?

I saw today such a beauty
82b9024ee9d74cc4908a9b2d3fed08d9.jpg
gobbled up 30 GB
like they say that this is a miner. I saw suspicious activity of the computer, but I did not sin against viruses (there is a node). but he looks like crap.
how to find and remove malware? there is nothing in autoload. I advise you to kill ctfhost.exe, but I don’t have one either. just
2cad647874b64deaa742fc522f66738c.png
what to do?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
des1roer, 2016-01-21
@des1roer

found via E:\webdownload\sigcheck\sigcheck -u -ec:\windows\system32
. only the total virus says that everything is fine

N
nirvimel, 2016-01-12
@nirvimel

How to calculate the author of these (multi-gigabyte) captions:

  1. Check autoload carefully - https://technet.microsoft.com/en-us/sysinternals/b...
  2. (desirable) Change the task manager to a more powerful analogue - https://technet.microsoft.com/en-us/sysinternals/p...
  3. Monitor file system activity with disk monitor - https://technet.microsoft.com/en-us/sysinternals/d... . Pay attention to the filter, it is necessary to monitor a specific path in the FS.

A
Alexander, 2016-01-12
@NeiroNx

Yes - in the Sysinternals set there is a system activity monitor program (pcmon.exe) - set the filter along this path and wait - maybe the miner is activated when idle (assigned as a task)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question