Mining viruses

[hugeblack]

I use this laptop "Windows 8.1" to participate in this forum in addition to browsing news from official sites and some famous platforms.
Most programs that are installed are either open source or popular.

Two days ago I noticed strange sounds from the fan, these sounds disappear after two minutes plus slow internet browsing.
I checked the fan and all programs installed/running without any problems or any strange applications.
What makes me worry is that the computer works normally in the safe mode.
How can I check the mining viruses? Do I need to restore factory settings? Especially since I use some wallets?

[Bitcoin_Arena]

-Snip-

Writing content without mentioning the source or linking the source is plagiarism and it could give you a permanent ban in this forum.

I told you to read the rules earlier on but it looks like you just under looked my advice.
You copied this article: https://antivirus.comodo.com/blog/comodo-news/detect-remove-bitcoin-miner-virus/ and never included any source link.

Now I am not that kind of person with a very cold heart to report a seemingly genuine newbie on the first day in the forum but someone else will if you don't correct yourself.
For the last time, Please take advice and read the rules or i will have a change of heart too.

[whotookmycrypto]

I use this laptop "Windows 8.1" to participate in this forum in addition to browsing news from official sites and some famous platforms.
Most programs that are installed are either open source or popular.

Two days ago I noticed strange sounds from the fan, these sounds disappear after two minutes plus slow internet browsing.
I checked the fan and all programs installed/running without any problems or any strange applications.
What makes me worry is that the computer works normally in the safe mode.
How can I check the mining viruses? Do I need to restore factory settings? Especially since I use some wallets?

Given that you mentioned that your internet slows down, can you check out your browser on this site? https://cryptojackingtest.com/

Also, when you said you checked all programs, did you view them on the task manager (Windows) or activity monitor (Mac) to see which programs have unusually high CPU usage? Then by a process of elimination end each non-essential program that is running, one by one, to see if it makes the sound disappear.

These can help you narrow down on the source of the problem.

[NeuroticFish]

I checked the fan and all programs installed/running without any problems or any strange applications.
What makes me worry is that the computer works normally in the safe mode.
How can I check the mining viruses?

First of all you should check if this problem also occurs if none of your wallets is running. I write this because in some wallets you can set (and forget?) to mine while running. Or maybe it can come set by default?
Also keep in mind that some websites or browser plugins also can mine.

Second, I suggest you run Process Explorer: https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer   It's made by a subsidiary of Microsoft.
If you leave it running, you'll see in the tray icon the CPU usage. And if it's on continuous high usage you can click and find the process that's using your CPU so heavily. And then you can research more about it.
Lately Windows Task Manager got better, but I use this program since the days TaskMan was not helpful at all.

Unfortunately if the bad program is GPU mining, this strategy will not find it. But you could tell what GPU you have, since there's a good chance you don't have a GPU that can mine...


Reset to factory is a bit extreme imho, also antiviruses may give you a lot of false positives (wallets too), but if nothing else works, ... it can be an option.
Most known antiviruses can be downloaded as CD/DVD image you burn and run from it so it can catch even the nastier viruses without the necessity to reset to factory. Just, again, beware of false positives.

I also recommend you backup all the wallets to make sure you don't lose your coins while trying out various things.

[Lucius]

hugeblack, you should know that there are two types of hidden mining on users device. First is browser mining, which happens only when you visit the website which then initiates the script which use your CPU for mining (in most cases Monero). The moment you leave the site mining is stop.

Second type of mining is much more dangerous, it is about malware which user download on device, often hidden in a legitimate software. Such program is mining all time, and it causes computer slowdown in general.

By what you describe you probably visited the site which is using browser mining script, but to make sure that the device is not infected with some virus / malware I suggest you to download free version of Malwarebytes and to make full scan (even better if you do that in safe mode). You can also scan your device with antivirus, and there is small tool for checking browser from Malwarebytes named AdwCleaner.

In any case you should use good proactive protection which is blocking the majority of Internet threats., For instance, my AV is always block any attempt of browser mining script, and there is also some browser coin mining blockers which you can download for your browser.

https://www.malwarebytes.com/
https://www.malwarebytes.com/adwcleaner/

[boyptc]

Seems that most ideas were given.

Check if the CPU process is fully loaded even though you do nothing. And if there's a big percentage on use, bingo your laptop is used for CPU mining.

Before restoring factory settings, please do back up all of the wallets that contains your funds.

[mk4]

Save yourself from all the hassle and simply do a fresh reinstall of your operating system instead. I'd suggest updating it to the latest version too(probably a good idea to get Windows 10 instead for potentially better security updates). Or better, if you want to explore a bit, try Linux. Preferably, Ubuntu Linux for beginners.

[logfiles]

By what you describe you probably visited the site which is using browser mining script, but to make sure that the device is not infected with some virus / malware I suggest you to download free version of Malwarebytes and to make full scan (even better if you do that in safe mode). You can also scan your device with antivirus, and there is small tool for checking browser from Malwarebytes named AdwCleaner.

In any case you should use good proactive protection which is blocking the majority of Internet threats., For instance, my AV is always block any attempt of browser mining script, and there is also some browser coin mining blockers which you can download for your browser.

https://www.malwarebytes.com/
https://www.malwarebytes.com/adwcleaner/

Awesome advice Lucius.
The Noscript extension for Mozilla is also a good extension in fighting mining and malicious scripts on the browser. The power keep a website's script blocked from running or whitelisting the script is in the user's hands. Only downside about this extension is that it's currently available for only mozilla

[Kristinnspence]

By what you describe you probably visited the site which is using browser mining script, but to make sure that the device is not infected with some virus / malware I suggest you to download free version of Malwarebytes and to make full scan (even better if you do that in safe mode). You can also scan your device with antivirus, and there is small tool for checking browser from Malwarebytes named AdwCleaner.

In any case you should use good proactive protection which is blocking the majority of Internet threats., For instance, my AV is always block any attempt of browser mining script, and there is also some browser coin mining blockers which you can download for your browser.

https://www.malwarebytes.com/
https://www.malwarebytes.com/adwcleaner/

Awesome advice Lucius.
The Noscript extension for Mozilla is also a good extension in fighting mining and malicious scripts on the browser. The power keep a website's script blocked from running or whitelisting the script is in the user's hands. Only downside about this extension is that it's currently available for only mozilla

NoScript won't do much unless the virus is not installed on the computer and is running on the browser with a hidden tab
I just created a thread on how to combat malware like this
from my experence miners are often based on autoit to bypass av but most av find miners legal or not to be malware so they have to be hidden, so now most miners are built inside an exe file that is injected directly into memory etc

[leowonderful]

The shortcut you can use to go to the Task Manager on Windows should be CTRL+Shift+ESC, and you should be able to see CPU usage and various other things like RAM usage in there. The next time you hear the fan sounds go to the Task Manager and see if anything's taking a lot of your CPU power, if it's an application that's not a browser might be a virus (doesn't seem like it to me though).

If there's nothing too useful on the computer you're using, a reinstall of the OS should get rid of the problems if you don't want to go through the hassle of finding what the problem is. If you have any backups, restoring to one of them from before when you had the issue should work too. You should always be backing up important files if you have any to a safe place.

[Harlot]

Did you notice that your laptop is getting warm just by doing regular browser things? One thing to notice if there are any malware in your device is if it goes particularly hot even if you are only running normal task such as browsing or watching a movie. If the fan is still running after you have checked that your laptop is clean from any type of malware and have updated all the necessary drivers I guessed that the problem only lies with the hardware itself.

[Artemis3]

I use this laptop "Windows 8.1" to participate in this forum in addition to browsing news from official sites and some famous platforms.
Most programs that are installed are either open source or popular.

Two days ago I noticed strange sounds from the fan, these sounds disappear after two minutes plus slow internet browsing.
I checked the fan and all programs installed/running without any problems or any strange applications.
What makes me worry is that the computer works normally in the safe mode.
How can I check the mining viruses? Do I need to restore factory settings? Especially since I use some wallets?

Since you like open source, shouldn't you start replacing windows as well? In the meantime, you can always use a live linux iso to boot from an usb thumbdrive and see if things go back to normal. You could spend countless hours to repair windows (again), but if you have backups and are already considering a wipe and reinstall, it is the perfect chance to move yourself to a secure os.

[Lucius]

Awesome advice Lucius.
The Noscript extension for Mozilla is also a good extension in fighting mining and malicious scripts on the browser. The power keep a website's script blocked from running or whitelisting the script is in the user's hands. Only downside about this extension is that it's currently available for only mozilla

Thank you logfiles
I hope some of the advices will help OP to solve his problem. I also have good news for you and Chrome users, NoScript extension is now available for Chrome browser. This extension is good for browser protection, it can block all executable content from web sites, so users can allow such content only from trusted sites.

https://chrome.google.com/webstore/detail/noscript/doojmbjmlfjjnbmnoijecmcbfeoakpjm
https://www.zdnet.com/article/noscript-extension-officially-released-for-google-chrome/

[mikeywith]

Just remember that some viruses consume your pc resources for the sake of it and not importantly for mining. You can download a netowrork monitoring software and see if there is any particular upload going to a certain mining websites's port

There are a few ways to go about this depending on the capabilities you have.

The easiest approach would be getting a good antivirus that
 provides both internal and over the internet (browsing) security.

most of those viruses will be removed using an up to date security program.

And it can also be a browser extension like others have mentioned.

And most importantly you need to consider the fact that it could be a hardware problem after all, the noise from the fan could mean a falling bearing or bad thermal paste , just because it runs fine on safe mode it does not mean much, in safe mode most services are disabled and cpu consumption is close to nothing thus fan rpm are pretty low.

[Adriano2010]

Well you need first time to install antivirus and check your computer for viruses, and also you should have a firewall, but please note that not all antivirus can find viruses if is a new version. You not install any program and after your pc start make that sound?