the Internet Windows Android
Expand
the main

How to check the system for miners. How to understand that the computer is infected with miner

How to find a hidden miner?

Hidden Mainer is a Trojan, which uses the computing power of the victim's processor for the mining digital currency called Monera. After installation, this Troyan will install Monero called Nscpucnminminer32.exe.and Nscpucnminer64.exe.Who will try to run MONERO using the processor resources of your computer will eat computer resources.

Miner Cnminer. Works after launching a program called Cnminer.exe.which then launches Nscpucnminminer32.exe.and Nscpucnminer64.exe.depending on whether the installed computer is installed 32-bitor 64-bit. After launching Mainer, Shakhtar will start using the entire computer computing power to get the Monroo currency in the Mine.Moneropool.com mining pool. You can see how many processor resources are used by a miner in the image below.

Cnminer. Works in the Task Manager
Cnminer. It works in the manager task especially anxious about this infection, so this is what it will use the entire computing power of the processor for an indefinite period. This will lead to the fact that your processor will operate at very high temperatures over long periods of time, which can reduce the service life of the processor.

Since there is no guidance on the fact that the program is running, here is the list of symptoms that the user can use to determine if they are infected with miner mining:
Nscpucnminmin32.exe, nscpucnminminer64.exe or C. NMINERperformed in the Task Manager.
Windows minimizes and maximizes slowly, games work slower, and the video is stuttering.

Programs are started not so quickly.
Shared slowness when using a computer.
As set Miner Mining.on my computer?

Currently, it is not known as Shakhtar Cnminer. Installed on the sacrifice computer. It can be installed manually hacking a developer on a computer or with other malicious programs. Therefore, it is important to always have a good security program installed to monitor unauthorized and malware. As you can see, Shakhtar Cnminer is a program that steals the resources of your computer and your electricity and profits from it. For the computer to work again normally and defended the computer, you should use the manual below to remove this Trojan for free.

Guide from 24 points! Majer removal

1 This removal guide may turn out to be overwhelming due to the number of steps and numerous programs that will be used. The article was written in such a way as to provide clear, detailed and easy-to-see instructions that anyone can use to remove this virus. is free. Before using this manual, we recommend that you read it once and download all the necessary tools on your desktop. After that print this page, as you may need to close the browser window or restart the computer.

2 To interrupt any programs that may interfere with the removal process, we must first download the program RKILL. Rkill It will search on your computer active infections of malicious programs and try to stop them so that they do not interfere with the removal process. To do this, download Rkill on your desk the next link.

When on the download page, click the "Download Now" button with the inscription ysplore.exe.. When you are prompted to save it, save it on the desktop.

3 After downloading it, double-click the icon. ysplore.exe. to automatically try to stop any processes associated with CNMINER MONERO MINER.and other malicious programs. Be patient while the program is looking for various malicious programs and finishes them. Upon completion, the black window will automatically close and the log file will open. Browse the log file and close it to continue the next step. If you have any problems with the launch RkillYou can download other renamed versions. Rkillfrom page Download Rkill. All files are renamed in copies. Rkillwhich you can try instead. Please note that the download page will open in a new browser window or tab. Do not restart the computer after launch RkillSince malware will start working again.

4 Now download Emsisoft Anti-Malwarewhich scans and deletes any other advertising software that can be included in this advertising software. Load and save the installation program Emsisoft Anti-Malware on your desk on the link

5 After the file has been loaded, double-click the icon Emsisoftantimalwaresetup_bc.exe.To run the program. If a Windows Smart Screen. Gives a warning, allow it to work anyway. If the installation program displays a safe mode warning, press the button. "Yes" , to continue. Now you should see the dialog box asking for a license agreement. Enter the Agreement and click the Install button to continue the installation.

6 Ultimately you get a screen with a question, what type of license you want to use with Emsisoft Anti-Malware.

Select a license screen If you have an existing license key or you want to buy a new license key, select the appropriate option. Otherwise, select Freeware. or Test for 30 daysfree option. If after clicking this button you will receive a warning, just click "Yes" To go to free access mode, which also allows you to clean infected files.

7 Now we look at the screen and choose whether you want to join the network Anti-Malware Emsisoft. Read the descriptions and select your choice to continue.

8 Emsisoft Anti-Malware Now the update will start.

Be patient, as it may take a few minutes to complete the download.

9 When updates are completed, a question appears on the screen, whether you want to turn on the detection Pup.. We strongly recommend choosing " Enable Pups Detection"To protect your computer from unpleasant programs, such advertising software is undesirable to us.

10 Now we see on the menu screen of the final installation. Press the button "Ready" to complete the setting and automatically run Emsisoft Anti-Malware.

11 Emsisoft Anti-Malware Now it starts and displays the initial screen.

After the initial antivirus screen came out Emsisoft Please click on the left mouse button on the section "Scanning".

12 Now choose which type of scan you want to perform.

Scan selection screen Select the scan of malware scanning to start scanning your computer for infections. Option Malware Scan. will take longer than Quick Scan, But it will also be the most careful. As you are here to clean infections, it is worth waiting to make sure your computer is correctly scanned.

13 Emsisoft Anti-Malware will now start scanning your computer to rootkits and malicious software. Please note that detected infections in the image below may differ from what is designed for this manual.

Scanning screen Be careful until EmsiSoft Anti-Malware scans your computer.

14 Upon completion of the scanning, the program displays the scan results that show which infections are detected. Please note that due to the updated version of EmsiSoft Anti-Malware, the screen snapshot below may look different than the rest of the manual.

Scan Results Now click the Quarantine button, which will remove the infection and put them in the quarantine program. Now you will be on the last screen of the EMSOFT Anti-Malware installation program, which you can close. If Emsisoft is offered you to restart the computer to complete the cleaning process, allow it to do it. Otherwise, you can close the program.

15 Now download AdwCleaner and save it on the desktop. ADWCleaner scans your computer to promotional programs that may have been installed on your computer without your knowledge. You can download ADWCleaner from the next URL

16 When AdWcleaner completes the download, double-click the adwcleaner.exe icon, which is now displayed on the desktop. After a double-clicking, the AdWcleaner program will open, and you will be given a licensed program agreement. After you read it, click the "I agree" button if you want to continue. Otherwise, click the "I disagree" button to close the program. If Windows is offered to you, whether you want to run AdwCleaner, allow it to run.

If you choose to continue, you will be presented to the start screen, as shown below.

17 Now click the Scan button in AdWCleaner. Now the program will begin search for well-known advertising programs that can be installed on your computer. Upon completion, it will display all the items found in the "Results" section on the screen above. Review the results and try to determine if the listed programs that you do not want to install are contained. If you find the programs you want to save, remove the marks with the associated records. For many people, the content of the "Results" section may seem confusing. If you do not see the name of the program, which, as you know, should not be deleted, go to the next step.

18 To remove advertising programs found at the previous step, click the "Clear" button on the AdwCleaner screen. Now ADWCleaner will prompt you to save any open files or data, since the program must close any open programs before they start cleaning. Save your job and click OK. Now ADWCleaner will delete all discovered promotional programs from your computer. When this is done, a warning will appear, which explains that they are Pup (potentially unwanted programs) and advertising software. Read this information and click OK. Now you will be presented a warning that says ADWCleaner needs to restart the computer.

AdwCleaner Reboot Hint Click OK to ADWCleaner rebooted your computer.

19 When your computer restarts and you are logged in, AdWcleaner will automatically open the log file containing files, registry keys and programs that have been deleted from your computer.

AdwCleaner Journal View this log file and close the Notepad window.

Write your problems in Troyans in the mintaries and whether a new article is needed on other types of hidden miners.

Recently, several news appeared that some sites are engaged in cryptocurrency mining, using computer capacity of their visitors for this. Initially, a message appeared, then Oh, both sites were engaged in this secretly from users.

This led to dissatisfaction with users of these sites, as well as many other users began to worry, and will not be the help of their computer the cryptocurrency without their consent when visiting a particular site. Really such a danger is and that's what you can do to avoid it.

Mystery Maining

In fairness it should be noted that many users were not so much unhappy that the resources from the computer use for mining cryptocurrency, how much the fact that this is secretly without their knowledge and consent.

Many actually spoke positive about this method of monetization of sites.

What can be done?

If you feel about those who do not want the resources of your computer to use for mining with your consent or not, then what can be done.

Check the processor load

Just opening the task manager (in Windows it is called by Ctrl-SHIFT-ESC, in Chrome there is your task manager) on your computer and looking at the use of CPU, you can quickly understand whether someone has your computing power or not. If you are running some "heavy" program, (for example, you mount the video, or you have Photoshop) - this is normal. If all that you have running is a browser with 5-7 tabs, it is worth checking everything carefully.

A noticeable CPU load splash when visiting a specific site is an obvious feature of the JavaScript launch that uses your computing power.

If you see a similar process in the dispatcher, you can try to stop it there and see what will happen next - the computer's resource consumption should fall sharply.

If the process of self-sealing after a while is an alarming sign. You can try to disable your computer from the Internet and see whether the load fell. If not, check the PC with fresh antivirus. Such scripts can be launched not only from the browser, but also with PC.

In addition, if you do not have a single active process, but the processor is still too loaded, perhaps your resources are still used for mining.

Advertising blockers can help

Usually, in order for your resources to start using for mining it is necessary to visit a specific site that uses one of the many scripts for this, but sometimes mining can be initiated by clicking on an advertisement.

Using advertising blocker, such as Adblockshould help cope with this problem. In addition, the advertising blocker also filters many of the well-known scripts that are used for mining cryptocurrency. One of these scripts is called Coinhive, and it should be noted that its creators do not consider themselves the creators of malicious software.

Coinhive is trying to solve the site monetization problem with an alternative way. The developers of this script publicly spoke against ShowTime for using their script without warning users.

There also appeared extensions that allow making such miners programs. For chrome it No coin. Although before installing it is better to check it.

Other malicious programs

It should be noted that not only the mining scripts are significantly loaded processor, there are other malicious programs that are used for this.

The universal solution for all such problems does not exist, but the first thing you can do is to identify the problem. To do this, it is necessary to simply check the processor load in the task manager.

Virus-Mainer (Mainer, Bitcoin Mainer) is a malicious software, the main purpose of which is mining (mining) - earnings cryptocurrencies using the computer resources of the victim. In the ideal case, such software should work as secret as possible, have a high vitality and low probability of detection by antivirus programs. "Qualitative" virus-Mainer Malozameten, almost does not interfere with the work of the user and is hardly detected by anti-virus software. The main external manifestation of viral infection is the increased consumption of computer resources and, as a result, additional heating and noise increase from the cooling system fans. In the case of a "poor-quality" Mainer Virus, in addition to the listed symptoms, there is a decrease in the overall performance of the computer, short-term hanging or even the inoperability of some programs.

What is mining?

The word "mining" comes from English "Mining", which means "mining development". The mining is nothing more than the process of creating new cryptocurrency units (cryptomone) according to a special algorithm. To date, there are about a thousand varieties of cryptocurrency, although they all use algorithms and protocols of the most famous member - Bitcoin. .

The mining process is a solution of complex resource-intensive tasks to obtain a unique set of data confirming the accuracy of payment transactions. The speed of finding and the number of units of cryptocurrencies obtained in the form of remuneration is different in systems of different currencies, but in any case require significant computational resources. The power of equipment for mining is usually measured in Megareas (Mhash) and Gigheahs (GHASH). Since the complexity of mining the most expensive cryptocurrency has long been unattainable on a separately taken computer, special for earnings are used farm.representing powerful industrial computing systems and pula Mining - computer networks in which the mining process is distributed between all network participants. The mining in the general pool is the only way for a simple user to participate in obtaining at least a small profit from the process of creating a cryptomone. Pools offer a variety of profits distribution models, including the capacity of client equipment. Well, it is quite clear that tens, hundreds and even thousands of computers infected with miners infected with miners, the attackers receive some profit from exploiting someone else's computer equipment.

Mainer viruses are aimed at long-term use of the victim's computer and in infecting, as a rule, an auxiliary software is established, restoring the main mining program in case of damage, removal by antivirus or emergency completion for any reason. Naturally, the main program is configured in such a way that the results of mining are tied to the attacker accounts in the pool used. As the main program, legal software for mining is used, which is loaded from official sites cryptocurrency or special resources of pools and, in fact, not a malicious software (virus, virus software - software). You can download it yourself and install on your own computer, without causing special suspicion of antivirus used on your system. And it says not about low quality antivirus software, but rather, on the contrary - about the absence of false anxiety events, because the only difference between mining, useful for the user, and mining, useful for an attacker is to belong to its results, i.e. From the account in the pool.

As mentioned, the main sign of the infection of the miner's infection is the intensive use of the resources of any program, accompanied by an increase in the noise level of the system unit, as well as components. What, in a multitasking environment, as a rule, the virus works with the lowest priority, using system resources only when the computer is idle. The picture looks like this: the computer is not busy, is idle, and its temperature components and ventilation-made noise resembles gaming mode in some very demanding computer shooter. But, in practice, cases were observed when the priority of mining programs was established in the standard value, which led to a sharp drop in useful performance. The computer begins to "slow down" terribly and it was almost impossible to use it.

Removing the Mainer using a rollback to the recovery point

The easiest way to get rid of unwanted software is the return of the previous state of Windows using recovery points, which is often called a system kickback. For this it is necessary that the recovery point created at that time when the infection has not happened. To start the recovery tool, you can use the Win + R keys combination and the command set rstrui.exe. In the input field that opens. Or use the main menu - "Programs - Standard - Service - Restoring System." Next, choose the desired recovery point and roll back to it. With a successful rollback, in most cases, it is possible to get rid of the virus without much effort. If there is no suitable recovery point or rollback did not led to the neutralization of the virus, you will have to look for more complex ways to resolve this problem. In this case, you can use the standard tools of the operating system or specialized programs that allow you to search and end processes, obtaining information about their properties, viewing and modifying the autorun points of programs, checking digital signatures of publishers, etc. Such work requires a certain qualification of the user and skills to use the command line, the registry editor and other service utilities. The use of several anti-virus scanners of different manufacturers, programs for cleaning the system and removing unwanted software may not give a positive result, and in the case of miner - usually does not give.

Search and remove the maneer using utilities from the SysInternals Suite package

The complexity of identifying programs used for mining is that they are not detected by most antiviruses, since they are actually not viruses. There is a chance that the antivirus can prevent the maneer installation process, because it does not use not quite ordinary software, but if this does not happen, search and remove the malware (from the point of view of the owner of the infected computer) the program is likely to be manually. Notice, in June 2017. The average level of detection of maliciousness of such software, for example, means of a well-known resource Virustotal amounted to 15-20/62 - i.e. Of the 62 antiviruses, only 15-20 counted it with a malicious program. With that, the most popular and high-quality antivirus programs are not included in this group. For well-known or discovered relatively long-lasting viruses, the level of maliciousness detection may be higher thanks to the signatures of anti-virus databases and the adoption of certain additional measures by developers of antivirus programs. But all this does not always allow to get rid of the Mainer virus without additional efforts that need to be applied to solve the problem.

The following is considered the practical case of infection with a malicious software for mining. Infection occurred using modified gaming programs loaded from one of the untrusted torrent trackers. Although the method of infection could be the other, as well as for any other malware - the transition on the links on unverified resources, the opening of postal investments, etc.

The set of malware for mining in the interests of intruders implements the following functions:

Ensuring your automatic launch. One or more programs perform the registry key modification to automatically start in case of unforeseen completion, reboot or turn off the power. Periodically (approximately 1 time per minute) registry keys are viewed and in case of violations (removal, changes) - restored.

Automatic launch of the program for mining. The program also starts automatically and the autorun parameters are tracked and restored by one or more auxiliary programs.

While the processes that provide automatic launch are performed in the computer's memory, it makes no sense to delete executable files and records in the registry - they will still be restored. Therefore, at the first stage you need to identify and forcibly complete all the processes that ensure the automatic restart of malicious programs.

To search and eliminate the Main virus in modern OS, it is possible to do with standard tools or, for example, more functional software package SysInternals Suite. from Microsoft.

- Process Explorer. - allows you to view detailed information about processes, streams, use of resources, etc. You can change priorities, suspend (renew) the operation of the necessary processes, kill processes or trees of processes. The utility is convenient to use to analyze the properties of processes and find malicious programs.

- Autoruns. - Convenient tool for controlling the autorun programs. Controls almost all automatic start points, starting from the forwarder folders and ending the scheduler tasks. Allows you to quickly detect and isolate programs, the launch of which is not desirable.

As an auxiliary software, you can also use the utility. Process Monitorwhich in difficult cases allows you to track the activity of specific software using filters (accessing the registry, file system, network, etc.) as well as convenient to search for files and folders of the SEARHMYFILES utility from Nirsoft, the main feature of which is the ability to search for files and folders Using the NTFS file system time stamps (Time Stamp). As search criteria, you can specify the range of creation times, modifications and access for files and folders (Created, Modified, Accessed). If approximate time of infection or hacking is known, you can collect a complete list of files that were created or changed at a given period.

But I repeat, to search and remove miners, as a rule, it is enough to use standard Windows tools - the task manager and registry editor. Just listed above is easier to use and more convenient to find malicious programs.

Concess Explorer Displays the Use of System Resources:

Column CPU. Displays the degree of use of the central processor by various processes. System Idle Process. - This is not a process, but an indication of the idle mode (inactivity). As a result, we see that the processor is in an inaction mode of 49.23% of the time, part of the processes use hundredth shares of its resources, and the main consumer of the CPU is the process system.exe. - 49.90%. Even with surface analysis of the properties of the process system.exe., the facts that cause a reasonable suspicion are noticeable:

Strange Description (Description) - Microsoft Center.

Strange company name (Company Name) - www.microsoft.com. Other processes that are relevant to Microsoft as a description have a string Microsoft Corporation.

A more detailed analysis is performed through the context menu called by right mouse button - item Properties:

Path of executable file PROGRAMDATA \\ SYSTEM32 \\ SYSTEM.EXE It is also clearly suspicious, and the transition to a pack with an executable file when you click on the appropriate button Explore. I showed that the folder itself and the executable file have attributes "hidden" ("hidden"). Well, and command line parameters:

-o Stratum + TCP: //xmr.pool.minergate.com: 45560 --Donate-Level \u003d 1 -U [Email Protected]* -p x -t 2 -k Individly indicate that the system.exe is a Mainer program (for using pool.minergate.com pools).

Field Autostart location Contains value n / A.What means that this process does not have automatic start points. Parental process for system.exe. has a PID \u003d 4928 identifier, and at the moment does not exist ( NON EXISTENT PROCESS.) that with a lot of probability says that the start of the process was executed using a command file or program that completed its work after starting. Button Verify Designed for forced verification of the presence of the parent process.

Button Kill Process. Allows you to complete the current process. The same action can be performed using the context menu called the right mouse button for the selected process.

Tab TCP / IP. Allows you to get a list of network connections of the System.exe process:

As can be seen, the system.exe process has a fixed connection to a local computer - remote server Static.194.9.130.94.clients.your-server.de:45560.

In this real case, the System.exe process had a minimum priority and almost did not affect the operation of other processes that do not require increased consumption of resources. But in order to evaluate the impact on the behavior of an infected system, you can set the Mainer priority equal to the priority of legal programs and evaluate the degree of deterioration of the useful performance of the computer.

When the SYSTEM EXE process is compulsory, it starts again after a few seconds. Consequently, the restart is ensured by some other program or service. When continuing to view the list of processes, first of all calls suspicion of the Security.exe process

As you can see, to start the program Security.exe. Used autorun point from the standard user program menu, and executable file Security.exe. Located in the same hidden folder C: \\ PROGRAMDATA \\ SYSTEM32

The next step can be forcibly completed. Security.exe., and then - system.exe.. If after this process system.exe. It will not start anymore, you can proceed to remove malicious files and system settings associated with the functioning of malicious programs. If the process system.exe. It will be launched again, the search for auxiliary programs that provide its launch must be continued. In extreme cases, you can successively complete all the processes one by one, each time completing System.exe until it stops restarting.

To search and disconnect the autorun points, it is convenient to use the AutoRuns utility from the SysInternals Suite package:

Unlike the standard msconfig.exe, the Autoruns utility displays almost all possible options for automatically launching programs that exist in this system. By default, everything is displayed (Otherthing tab), but if necessary, you can filter separate records by type Switching to tabs at the top of the window (Known DLLS, WinLogon, ... Appinit).

When searching for records providing autorun malware, first of all, you need to pay attention to the lack of a digital developer signature in the Publisher column. Practically all modern legal programs have a digital signature, with a rare exception to which, as a rule, include third-party software products or Microsoft drivers. The second alarming principle is the lack of description in the Description column. In this particular case, under suspicion, an entry is to open the SECURITY.LNK label in the User Startup folder:

C: \\ Users \\ Student \\ APPDATA \\ Roaming \\ Microsoft \\ Windows \\ Start Menu \\ Programs \\ Startup

Label references file c: \\ ProgramData \\ System32 \\ Security.exe

Time Stamp (Time Stamp) gives the date and time of system infection - 06/23/2017 19:04

Any of the records displayed by the Autoruns utility can be deleted or disabled, with the possibility of further recovery. To delete, use the context menu or key Del.. To disable - the checkbox of the selected entry is removed.

Hidden folder C: \\ ProgramData \\ System32 \\ can be removed along with all its contents. After that, reboot and check the absence of malicious processes.

Under the hidden miner is meant a virus program that uses your computer resources for. This is done in automatic mode without user knowledge and any warnings.

Most often, you can catch the hidden miner when downloading files from unverified sources. Usually it is some kind of pirate content that is very popular among users. Also stumble upon a similar virus upon receipt of various spam mailings. In any option, you get the desired, and at the same time hidden miners or utility can be downloaded to your computer for automatic download from the network.

What is dangerous hidden miner

Mainer makes your PC work at the maximum level of performance, which means even when performing simple office tasks, a computer can be pretty slow. Long-term work at the limit of its capabilities will sooner or later affect the "hardware".

First of all, a video card, processor, RAM and even cooling system, which simply cannot manage to cope with daily stress tests can be affected.

The first sign of the presence of the maneer is braking on simple tasks and an unlocking cooler.

Also, miners may well access your personal, stored on a computer. Everything can go here: Starting from simple photos and ending with various accounts and electronic wallets. And this is already very dangerous.

How Mainer manage to hide

Usually, a separate service is responsible for the work of Mainer on your PC, which allows you to hide and mask the threat. It is such a satellite controls the autorun and the behavior of the virus, making it imperceptible to you.

For example, this service can suspend the work of the Mainer when starting some heavy shooters. This allows you to free up computer resources and give them to the game so that the user does not feel the brakes and sort of frame frequency. By closing the shooter, the virus will reappear again.

The same accompaniment service is able to track the launch of the system's activity monitoring software to quickly turn off the Mainer by unloading it from the list of running processes. However, especially dangerous viruses and can attempt to disable scan tools on your computer, eliminating detection.

How to discover hidden miner

If you have noticed that the computer has become pretty slow and warm up, first of all it is worth running an antivirus check with fresh bases. In the case of simple miners, there should be no problems. will be detected and eliminated. With well-hiding their presence, viruses will have to tinker.

Tracking hidden miners will allow the systematic monitoring of the Task Manager, which can be opened on Windows using the Ctrl + Alt + Del or Ctrl + Shift + ESC key combination. Within 10-15 minutes you need to just watch active processes with full inaction. Close all programs and do not even move the mouse.

If, with this scenario, some of the active or sudden processes continues to load the "iron" - this is a faithful reason to think. The origin of this process can be checked using the "Details" tab or through the search on the Internet.

Many hidden miners using a main PC may not load the central processor, which means that in the "Task Manager" on the old versions of Windows they will not appear. That is why it is better to estimate the burden on the "iron" using specialized utilities, such as Anvir Task Manager or Process Explorer. They will show much more than the standard Windows tool.

Some miners can independently disable "Task Manager" a few minutes after it is launched - this is also a sign of a potential threat.

Separately, it is worth highlighting the situation when the "Task Manager" demonstrates excessive load on the processor from the browser. This may well be the result of the impact of a web-picker functioning through a specific website.

How to remove hidden miner from a computer

The first and most logical weapons in the struggle against such an attack is Antivirus, as mentioned above. However, often miners are not recognized as malicious threats. Maximum equal to potentially dangerous, especially if the computer got along with a pirated game or a hacked program.

In the absence of a powerful antivirus, you can resort to the help of small attending utilities. An example can be brought Dr.Web Cureit! which is often used to search for hidden miners. It is distributed free of charge.

Manually, without any third-party tools, the removal of the virus is also possible, but you must be 100% sure that the Mainer discovered. In this case, you need to go to the registry by typing a REGEDIT in the search for Windows, and it is a combination of Ctrl + F keys to launch an internal search (or via "Edit" → "Find").

In the opening line, enter the name of the process from the dispatcher, which, in your opinion, is hiding Mainer. All detected coincidences need to be removed through the context menu. After that, you can restart the computer and evaluate the load changes to the "iron".

Conclusion

It is important to understand that the hidden Mayer is dangerous not only by excessive load on the PC, but also the possibility of intercepting your personal data. At the first hint at such a threat, run a deep test of the computer's memory with a topical antivirus.

Do not forget that to brake your computer can be in most different. A more important feature of the threat of a hidden mining is the excessive activity of the PC during idleness or when performing elementary tasks. Pay attention to the work of the video card coolers: they should not make noise in the absence of a load.

If you still discovered an unknown process, loading a computer under a string, you definitely need to deal with it. With the help of anti-virus software or manually, finding and removing it through the registry.

If your computer has become "braking", and electricity payments suddenly increased several times, you may have become a victim of hackers, industrially hidden (black) mining.

Hidden mining: how to detect and is it possible to eliminate the problem?

To make the mining cryptocurrency (mining), the usual user requires several things: a high power computer equipment, the availability of special software for mining, a reliable server for the distribution of subscriptions between members of the miners community and, of course, self-confidence. But not everything is so simple. Every day, the production process of Bitcoin is more complicated, the competition between getters is growing.

The cost of electricity is the topic of a separate conversation. Already today, one transaction "eats up" electricity is one and a half times more than the average American family consumes the day. And according to expert forecasts, after three years, the costs of the production of the most popular digital currency will be comparable to the annual consumption of electricity than the country as Denmark.

Tightened conditions completely brought from the game of bitcoins with home computers from the game, but they still have the opportunity to earn alternative coins - so on. Altkinach. For this reason, some "enterprising" programmers are looking for ways to earn a digital cash using other computer capacities.

Cryptodobycha in someone else's hump: how do the hackers do

In any form of human activity there are those who work honestly and those who are trying to get started at the expense of others. And the world of mining did not exception. Someone does not pay for electricity, tightening the cable to the transformer, someone uses smuggled Chinese video cards. But more common is another way of "games without rules" - the use of other people's computers for mining without the knowledge of their owners.

So, in the fall of 2017, the specialists of the Kaspersky Center disclosed two large-scale networks engaged in mining - by 4 thousand and 5 thousand units of equipment. As it turned out, the owners of infected computers did not have the concept of their participation in the extraction of virtual coins, but the creators of a malicious program replenished their wallets with thousands of dollars.

Most often, black miners take "to work" of Lightcoins, Feathercoin and Monero - types of cryptocurrencies that do not require heavy-duty equipment. Therefore, the victims are mainly the users of ordinary home and game computers.

Types of black mining

Consider two types of illegal cryptocurrency mining that attackers use.

  1. Hidden browser mining

Surely you know that visiting unknown Internet resources can cause damage to the computer. This rule is applicable and in our case. It is enough to go to the page, in the script which the fraudulent code is inscribed, and your laptop or computer will instantly become an integral element of whose system to generate virtual coins.

Today, not only unknown sites can be in charge today, but, as it turned out not so long ago, quite respected resources. In September of this year, a scandal associated with the official website of a large Ukrainian media holding, whose visitors became involuntary Monero Mainers. A similar accusation a little later was put forward by the famous Showtime TV channel (USA).

  1. Virus-miners

The first information about virus miners belongs to 2011. Since then, they continue to attack the technique of ordinary users in different countries of the world. You can get infected by clicking on the link from E-Mile. In the risk area - high-power computers, predominantly gaming.

In general, viruses are more dangerous in comparison with browser mining, since they are more active using computer equipment. At the same time, hundreds of thousands of users around the world become victims.

How to check hidden mining?

The first and most obvious sign of a computer infection - a slowdown in work. If the technique is working most of the time normally and starts to slow down only on one site, perhaps black miners penetrated your computer through the browser. The most dangerous sites in this regard, requiring a long time finding the user - torrent trackers, resources for computer games and watching movies. Very often, geimers with powerful processors and video cards are exposed to the virus attacks. Another symptom of infection is a sharp increase in electricity consumption.

The main complexity of checking on hidden mining is that antivirus programs identify it not as a virus, but as a potentially dangerous software. After all, actually miners only steal someone else's computer resources, but cannot cause technical failures or breakdowns. This is also important to understand.

Viral programs of hidden mining

We list the main malicious programs that it is important to know users to improve the safety of their equipment.

  1. MINER BITCOIN (Trojan). As a rule, people download their computers about 18-20% of power, while Mainer Bitcoin increases this indicator to 80, and sometimes up to 100%. In addition to the illegal use of resources, the spyware program steals personal information and can even open attackers access to your wallets. This type of Troyan is distributed mainly through Skype; It can also be picked up by downloading photos or documents Word.
  2. EpicScale. This program was discovered by UTorrent visitors. Responding to informed accusations, the owners of the company said that they are sent in this way they send ... for charity. At the same time, users did not receive explanations about why they were "forgotten" in time to inform about the fate in this "charitable action." It is noteworthy that it is impossible to get rid of EpicScale, after deleting the actuators of the viral software remain in the computer. Later, a similar scandal flared around the torrent tracker Pirate Bay.
  3. JS / Coin Miner. Harmful program that allows you to obtain cryptocurrency through browsers of other people's computers by implementing special scripts. In the zone of special risk - users of online viewing portals and game sites. Such sites load the processor, so in most cases JS / Coinminer remains unnoticed. To detect a fraudulent script you need to check if it is in the list of miner scripts.

How to block hidden browser mining

To date, there are several effective ways to protect against black miners attacks on the browser:

  1. Edit HOSTS file.
  2. Install the NOCOIN browser extension and the Anti-Web Miner utility.
  3. Disable JavaScript in your browser using NO Script.
  4. Add Ublock and Adblock antimine.

But if everything is clear from the javascript and utilities, the editorial office of Hosts needs more detailed consideration. Below we place the instruction how to do it:

After these simple actions, your browser will receive reliable protection against infection.

Protection against hidden virus mining: precautions

Basic protection rules: do not go to dubious links, do not swing non-licenses; Do not activate the keys from incomprehensible sources.

And now some more important rules for safe work with a computer:

  1. It is not enough to simply install the antivirus, you need to systematically update it.
  2. Create yourself an account in Windows and come through it daily. Since administrator rights are needed to install any programs, the risk will accidentally download and run the malicious program will be eliminated.
  3. For Apple's technology, the best solution will install a function that allows you to download only from the AppStore.
  4. At the first signs of slowing down the speed, launch the Task Manager and check if there is no program on your computer that uses it at its power limit (80-100%). Even if you do not find it, do not hurry to calm down, because there are viruses that use less power.
  5. Install special utilities that provide protection against viruses and report updates in the registry. The optimal option is the simultaneous installation of Request Policy Continued and Umatrix, and for those who use Google Chrome, in addition to them, the antimaer blocker.

If you cannot independently find a dangerous program, you can reinstall Windows, run another antivirus or seek help from a professional programmer.

  • Selection of news once a day to you on Email:
  • Crypton's collections 1 time per day in Telegraph: Bitexpert
  • Insaydes, forecasts of discussion of important topics in our telegrams: Bitexpert Chat
  • All Bitexpert magazine Crypton Tape You have in Telegram: Bitexpert Live

Did you find a mistake in the text? Highlight it and press Ctrl + Enter

Did not find an answer to your question? Look at here
Windows Installer package error when installing iTunes and its eliminationWindows Installer package error when installing iTunes and its elimination
View basic information about your Windows ComputerView basic information about your Windows Computer
Erase the app from the smartphoneErase the app from the smartphone