Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
hardtermet2021-08-13 18:08:17
Malware
hardtermet, 2021-08-13 18:08:17

ROBOTDEMO.exe (miner) who faced and how to delete?

The program loads the computer, when removed it returns back

How to remove?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
R
rPman, 2021-08-13
@rPman

General recommendations
1. disinfect your computer with free drweb cleaner/kaspersky removal tool/...
2. close the existing methods of virus penetration (at least updating the OS, before using files from unreliable sources where there may be viruses, check them for viruses and suspicious files with your eyes and etc.), password-protect/change passwords starting from the OS and ending with wifi (an attacker, knowing the wifi password, can change your server/router, it is possible to steal OS passwords, change files, etc. - access to the local network, especially without normal security settings are almost always a hole)
if the antivirus does not find anything, then everything will be much more complicated, since manually to clean the computer from the virus you need to at least understand how they are created and how they work.
Usually, the virus is delivered to the machine in nested containers, the first level penetrates through the protections on the machine and most often self-destructs after infection so that the entry point cannot be analyzed, the second level installs the virus and monitors its destruction, and already at the third level the virus itself, remove it meaningless without removing the second layer and closing the penetration hole.
Look at what is written in autorun, look for exe files in c:\users\...\appdata, especially if the names there match the names of services in 99% of cases, everything in autorun can be safely deleted or at least disabled there. autorun is not only start-startup, but also registry settings or in the task manager ...
use the sysinternails autoruns utility (download from the Microsoft website) to see everything that autoruns, at least see what does not have a digital signature (yes, sometimes legitimate products do not have it, but for example, realtek driver files can be stupidly remembered)

Report
A
akoK, 2021-10-01
@akoK

This miner uses transmission to work. You need to kill the process, delete the task in the scheduler and the service. And also delete the folder with transmission.

Report
D
David_Gastkiller, 2021-11-04
@David_Gastkiller

Hello!!! There is also this folder, but the computer process in the taskbar does not mine 2-5%

Similar questions
G
gomer17262016-08-16 11:48:17
How to get rid of viral ads in the browser? 3Reply
A
Alexander Rastamanov2019-02-05 18:11:29
How to remove a miner from a site on 1C-Bitrix? 0Reply
D
Dima_kras2014-08-25 07:25:39
Where is the virus on the site or on the client? 2Reply
A
AskingAnswer2019-02-10 16:49:24
Virus-encrypted .crypted000007 format - is it possible to recover files? 2Reply
P
pilotus2019-02-12 14:40:00
How to protect the site from trojans (backdoors mainly) with third-party services? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question