Monday, May 13, 2013

Remove minerd.exe (BitCoin virus)

If your computer has been infected with BitCoin-generating malware (virus) then you will have minerd.exe process running on a continuous basis. Because of it your computer will run extremely slow. You will not be able to run desired applications as you normally do. Generally, your work on them computer will be extremely complicated. No matter how powerful your processor is, the system will experience a tremendous slowdown. And it doesn't matter how many cores your processor has. All of them will be 100% loaded, generating BitCoins. This is all the result of minerd.exe process actively running on your workstation.

Various legitimate anti-virus programs detect minerd.exe differently. Here are some examples of how security programs nominate this malicious file and its process: Virus.BitCoin, RiskTool.BitCoinMiner.ccx, TrojWare.BitCoinMiner.~A, Tool.BtcMine.97, TR.BitCoinMinerAL.A.11, TrojanDownloader.Agent.eywp, Trojan.A.Downloader.401920.AO, W32.Trojan.GMGY-7235, TrojanDownloader.Agent, a variant of Win32.BitCoinMiner.K.

One of the examples of md5 of minerd.exe is e02477250ec492c18a2073305b557fd3. Yet, there are other modifications of md5 possible as well. You can easily detect the presence of minerd.exe on your system. First, you will have the following registry entry:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\AntivirusltcUpddates: “”%Appdata%\cos\coin.exe“”.

You will have the following folder added: %Appdata%\cos. And, finally, you will have the following files added as well:

  • %Appdata%\cos\coin.exe
  • %Appdata%\cos\libcurl-4.dll
  • %Appdata%\cos\minerd.exe
  • %Appdata%\cos\pthreadGC2.dll
  • %Appdata%\cos\start.bat
  • %Temp%\gbQkb.exe

So, if minerd.exe virus attacked your system, scan your PC with reliable security software that we recommend in this blog. Also, scan your PC with some additional tools, like Kaspersky's TDSS Killer and some other security applications you trust.


Recommended software for virus removal:

No comments:

Post a Comment