BITCON MINER VIRUS

[ajax3592]

I just ran a full system scan using Malwarebytes Antimalware and two sneaky "Bitcoin Mining" viruses showed up in temp directory  
Lol, Einsteins of today's world.
Have you guys hear about this virus ?

[sushi]

No....

What's the description?  What is it going to do if you get infected?

Keylog?  steal your private keys?  or scam off portion of your mining powers?

[Lauda]

What the?
Please copy the log here.

[Sythyn]

I found minerd.exe in my office computer and my CPU usage were 100%. Installed free AVG to get ride of it

[Lauda]

I found minerd.exe in my office computer and my CPU usage were 100%. Installed free AVG to get ride of it

Can you provide the log?

[sushi]

Someone was making side money at your office 

You should have looked into the process and the memory and see who the miner user ID at the pool was

[FarSky7]

Could be that trojan mining bot. http://forum.avast.com/index.php?topic=129680.0

[JessicaSe]

I am mining in my office please don't tell anyone But my boss know it and she is ok

[AuroraHF]

I am mining in my office please don't tell anyone But my boss know it and she is ok

We don't know who to tell considering we don't know where you work.

These are silent miners used by hackers. You were infected.

[Lauda]

Could be that trojan mining bot. http://forum.avast.com/index.php?topic=129680.0

So we have that too now. Damn.

[AuroraHF]

Could be that trojan mining bot. http://forum.avast.com/index.php?topic=129680.0

So we have that too now. Damn.

This form of malware has been here since the start of Bitcoins. It used to just drop CGMiner without the GUI.

[wpgdeez]

Zero Access rootkit had some Mining code in it but they removed it since cpu mining is now useless.

[Lauda]

Zero Access rootkit had some Mining code in it but they removed it since cpu mining is now useless.

Could still be used for CPU coins.

[wpgdeez]

Sure but the profit isnt there for the blackhats. They make more money off of click fraud than mining without drwaing unwanted attention to themselves.

[Lauda]

Sure but the profit isnt there for the blackhats. They make more money off of click fraud than mining without drwaing unwanted attention to themselves.

Wrong. Buy cheap botnet -> mine CPU coin -> dump all.
Profit.

[ajax3592]

What the?
Please copy the log here.

Here you go guys, check this out:

Malwarebytes Anti-Malware 1.75.0.1300
Database version: v2013.08.16.07
06-11-2013 14:11:06
mbam-log-2013-11-06 (14-11-06).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 146706
Time elapsed: 30 minute(s), 11 second(s) [aborted]

Memory Processes Detected: 1
I:\Softwares\Top Setup's\Bitcoin\Generator\BTCGenV1.0.exe (Backdoor.MSIL.P) -> 7280 -> Delete on reboot.

Files Detected: 7
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\coinutil.dll (PUP.BitcoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\miner.dll (PUP.BitCoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\service.exe (PUP.BitCoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\usft_ext.dll (PUP.BitCoinMiner) -> No action taken.
I:\Softwares\Top Setup's\Bitcoin\Generator\BTCGenV1.0.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\XHvQH\taskengine.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.

(end)

[rampalija]

What the?
Please copy the log here.

Here you go guys, check this out:

Malwarebytes Anti-Malware 1.75.0.1300
Database version: v2013.08.16.07
06-11-2013 14:11:06
mbam-log-2013-11-06 (14-11-06).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 146706
Time elapsed: 30 minute(s), 11 second(s) [aborted]

Memory Processes Detected: 1
I:\Softwares\Top Setup's\Bitcoin\Generator\BTCGenV1.0.exe (Backdoor.MSIL.P) -> 7280 -> Delete on reboot.

Files Detected: 7
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\coinutil.dll (PUP.BitcoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\miner.dll (PUP.BitCoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\service.exe (PUP.BitCoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\usft_ext.dll (PUP.BitCoinMiner) -> No action taken.
I:\Softwares\Top Setup's\Bitcoin\Generator\BTCGenV1.0.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\XHvQH\taskengine.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.

(end)

I think it is only fake detection

[AuroraHF]

"BTCGenv1.0"

Did you download a "Bitcoin Generator" from YouTube or something? 

[Lauda]

"BTCGenv1.0"

Did you download a "Bitcoin Generator" from YouTube or something? 

Generate bitcoins for free and get rich. 

[rampalija]

"BTCGenv1.0"

Did you download a "Bitcoin Generator" from YouTube or something? 

Generate bitcoins for free and get rich. 

and i assume it steals everythig what u have?!?! am I right?