I ran a netstat on my machine and found a certain connection with a foreign address...
pool-108-51-140-90:14905
Does anyone know what is this ? Is it a mining pool where I am connected ?
Hi bitcoindream as a greyhat hacker i can help you with this if the cpu usage or gpu is running hot on sometimes then i would be worried, if you are going to remove this kinda malware it is most often loaded with an encrypter and a persistance module in the registry so if you are trying to delete it then it will most often be tough and if it is well encrypted virus scans will do you no good because they can not pick up that it is malware i did some testing on this subject just to see how the whole progress worked and most often the miners are set to mine at -4 to reduce chances of being detected so the cpu or gpu could be using around 20% of its power to mine now if you have a powerfull computer you would not notice any changes in performance, anyways check the process explorer for an shady looking Svchost that seems to be taking high resources
it is most often set to create another process that is named svchost or similar, if you want to remove the malware and its encrypted then it is very hard especially if the miner is covered with a ring3 rootkit that hides the process from the process explorer so you can not see it, but you can easily prevent it from connecting to the mining pool and therefore it will stop mining, if you edit your hosts file in the windows settings you can add to the hosts file the desired ip or dns at the end of file and save it i will show you an example here below :
1. go to C:\Windows\System32\drivers\etc\
2. open hosts with notepad
it should show something like this
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
4 . ok now you want to add to the end of the file like this
hackeripormineripordns 127.0.0.1
This will make it so when the miner tries to connect to the pool it will instead of connecting to it resolve to your local ip 127.0.0.1 and will not be able to get the data from the pool to start mining therefore you have disabled the miner and it can not mine anymore because it can not connect to the pool because it automaticly redirects to your local ip and it can not get the mining data from there so proplem solved
this is just a quick easy way to disable it so it will stop hogging your resources =) .
i hope you enjoyed my little input here and it does you good
Have a nice day.
PS: sometimes the hosts file is locked so you actually need to copy it to your desktop first edit it there and then overwrite the original one with the new one and then restart the pc.
