Bitcoin Forum
November 23, 2017, 01:37:34 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
   Home   Help Search Donate Login Register  
Pages: [1]
Author Topic: Is this normal?  (Read 1238 times)
Offline Offline

Activity: 1

View Profile
March 26, 2012, 11:11:14 PM

 before tonight I didnt know what a bitcoin was or what a miner was, and too be honest im still not sure. Tonight when i opened Task manager too quite a buggy program I noticed catalyst.exe running, Thought this was strange because catalyst are ati drivers, I use Nvidia graphics. So I looked in more depth and found Phonix.exe running from a draw called folder1 on my hd. also in that draw was a .bat file with this text.
taskkill.exe /IM phoenix.exe /F
taskkill.exe /IM function3.exe /F
c:\folder1\3\phoenix.exe -u -k poclbm AGGRESSION=1 DEVICE=0
So I assume this phonix was installed by another program, as im the only user of this pc, and I will find what installed it. But as the subject heading says is this normal for people doing this to try a hyjack other peoples pcs, do I now need too keep a watch for these programs as well as viruses/malware/trojans etc?
If you want to be a moderator, report many posts with accuracy. You will be noticed.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Hero Member
Offline Offline

Posts: 1511444254

View Profile Personal Message (Offline)

Reply with quote  #2

Report to moderator
Offline Offline

Activity: 1218

Gerald Davis

View Profile
March 27, 2012, 12:14:24 AM

It is normal for botnet operators to exploit unprotected systems.   Doesn't really matter if it is bitcoin or sending mass penis enlargement spam.

If you didn't install that then you allowed your system to become compromised.

Nice find and obviously a script kiddie.  What kind of idiot hijacks a computer and then uses a public pool with their account in plaintext.

I would contact  Hopefully they ban that user and seize the funds.
Full Member
Offline Offline

Activity: 210

View Profile
March 27, 2012, 12:16:27 AM

Answering your question, yes, it is perfectly normal for criminals to break into and exploit computer systems.
It is an unfortunate yet undeniable fact that there is a very strong economic incentive to employ hijacked machines for mining a non-traceable virtual currency such as Bitcoin - it offers higher rewards than simply sending out spam messages or performing DDoS attacks.

Phoenix is a legitimate miner but it was apparently being used covertly, without your consent.

For any attacker to have such control over your machine, it must have been seriously compromised.
This is a very dangerous situation because if the attacker has such control over your system he might as well record all your keystrokes and steal the login credentials to your e-mail, internet banking, ebay, or pay-pal accounts.
I strongly suggest you perform a range of antivirus scans - you can use free online scanners(1) if you don't have one installed.

You need to get that system cleaned up ASAP. Better yet, back up valuable data, sanitize the hard drive and reinstall from scratch.
Always have up-to-date antivirus protection and install all the updates available for your OS.

(1) there are links to three different scanners here.

EDIT:: Evening, DAT. I see you've been quite prolific - are you per chance aiming for some undisclosed "Godlike member" title? Cheesy
Offline Offline

Activity: 15

View Profile
March 27, 2012, 12:33:07 AM

Also if you have got a keylogger installed like jake262144 warned about, be sure to change your passwords (not on the unclean computer, though Tongue)!

Hero Member
Offline Offline

Activity: 773

View Profile
March 27, 2012, 12:37:44 AM

Guys, these things don't install themselves onto your computer.  You had to have clicked something to bring it in.

Most computer viruses (like biological one) are caught by engaging in unsafe practices and are completely avoidable.

You are in a maze of twisty little passages, all alike.
Pages: [1]
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!