Hello all,
FYI theres a program somehow infecting machines that downloads a miner program on un-suspecting computers (Which i received after formatting) which exectutes a programe called HDAudio.exe and creates a folder in C:\ProgramData\ComSysFolder & in that folder are 2 files named AtiRCll.exe & HDAudio.exe (Anti-Virus cant pick up & cant kill task as it comes back via registry start ups) after which creates a new folder named "McOnlineGames" also in ProgramData, which has bckgzm.exe, dire32.dll phoenix.cfg and a plugins folder.
This is what was in the phoenix.cfg:
[general]
autodetect = -cpu
verbose = true
backend = http://life.resource@7.net_onlinex:support@pit.deepbit.net:8332
backups = _online1:support@pit.deepbit.net:8332failback = 300
queuesize = 1
queuedelay = 5
statusinterval = 1
ratesamples = 10
logfile = dire32.dll
[cl:0:0]
kernel = diakgcn
start_undetected = true
aggression = 4
goffset = true
vectors2 = false
vectors4 = false
vectors8 = true
worksize = 128
Please can someone ban this account as they are illegally mining using unauthorized computers
Regards
