Bitcoin Forum
June 16, 2024, 08:30:49 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Am I infected by Trojan Miner ?  (Read 2355 times)
BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2338
Merit: 1204

The revolution will be digital


View Profile
August 24, 2014, 09:25:44 AM
 #1

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?

Pacowomo
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
August 24, 2014, 10:28:02 AM
 #2

Check your active processes?
gondel
Legendary
*
Offline Offline

Activity: 1946
Merit: 1005


View Profile
August 24, 2014, 10:51:54 AM
 #3

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?
Hello,
Not sure but i ran the netstat and it is showing to me also something like this, but after the pool there different numbers. I am not sure if there is something wrong with my machine too.. Huh
I google it and it is not showing anything there..
Milkcookie
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
August 24, 2014, 10:58:55 AM
 #4

pool-xxx-xxx is often your own ip

you are sure this is not your ip ?

ipchicken.com to check it

http://www.ip-tracker.org/locator/ip-lookup.php?ip=108.51.140.90
BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2338
Merit: 1204

The revolution will be digital


View Profile
August 24, 2014, 12:58:57 PM
 #5

pool-xxx-xxx is often your own ip

you are sure this is not your ip ?

ipchicken.com to check it

http://www.ip-tracker.org/locator/ip-lookup.php?ip=108.51.140.90

Not really. It is neither my private nor the public ip. I'm not from US, but this ip belongs to verizon n/w of US. If I find in any way that it is a trojan mining pool, I promise I'll boot it down Angry

evansearle42
Sr. Member
****
Offline Offline

Activity: 366
Merit: 250


View Profile
August 24, 2014, 01:21:52 PM
 #6

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?

Check your CPU usage, it should be really high like 60% and above if someone is mining on your computer..
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
August 24, 2014, 01:25:16 PM
 #7

I'd assume that refers to an address pool, not a mining pool.
LtPaxIV
Sr. Member
****
Offline Offline

Activity: 400
Merit: 250


View Profile
August 24, 2014, 01:45:36 PM
 #8

i dont know if its the same for you,i just did netstat -a ,also had this pool thingy,shut down the bitcoin client removed the connection for me
BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2338
Merit: 1204

The revolution will be digital


View Profile
August 24, 2014, 02:35:45 PM
 #9

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?

Check your CPU usage, it should be really high like 60% and above if someone is mining on your computer..

CPU usage is below 5% at the moment, though I dont see that pool in the netstat anymore !!!


BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2338
Merit: 1204

The revolution will be digital


View Profile
August 24, 2014, 02:35:59 PM
 #10

I'd assume that refers to an address pool, not a mining pool.

Why would I be connected to an address pool beyond my ISP's NAT box. I'm behind DHCP and already behind multiple layers from the internet backbone. So, I dont think, I can be connect to an address pool of a different country.

BitCoinDream (OP)
Legendary
*
Offline Offline

Activity: 2338
Merit: 1204

The revolution will be digital


View Profile
August 24, 2014, 02:36:17 PM
 #11


i dont know if its the same for you,i just did netstat -a ,also had this pool thingy,shut down the bitcoin client removed the connection for me

When I got the address, I was not running any Bitcoin client at all !!!

nizamcc
Legendary
*
Offline Offline

Activity: 1218
Merit: 1007



View Profile
August 24, 2014, 02:37:04 PM
 #12

I think this is a RAT/WORM

Use hitman pro to clean your pc Smiley
CraftingTable
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
August 24, 2014, 03:16:07 PM
 #13

Use Process explorer to search for any weird services and processes.
enginnspes
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
August 24, 2014, 05:54:53 PM
 #14

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?

Hi bitcoindream as a greyhat hacker i can help you with this if the cpu usage or gpu is running hot on sometimes then i would be worried, if you are going to remove this kinda malware it is most often loaded with an encrypter and a persistance module in the registry so if you are trying to delete it then it will most often be tough and if it is well encrypted virus scans will do you no good because they can not pick up that it is malware i did some testing on this subject just to see how the whole progress worked and most often the miners are set to mine at -4 to reduce chances of being detected so the cpu or gpu could be using around 20% of its power to mine now if you have a powerfull computer you would not notice any changes in performance, anyways check the process explorer for an shady looking Svchost that seems to be taking high resources
it is most often set to create another process that is named svchost or similar, if you want to remove the malware and its encrypted then it is very hard especially if the miner is covered with a ring3 rootkit that hides the process from the process explorer so you can not see it, but you can easily prevent it from connecting to the mining pool and therefore it will stop mining, if you edit your hosts file in the windows settings you can add to the hosts file the desired ip or dns at the end of file and save it i will show you an example here below :

 1. go to C:\Windows\System32\drivers\etc\
 2. open hosts with notepad
 it should show something like this

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#   127.0.0.1       localhost
#   ::1             localhost


4 . ok now you want to add to the end of the file like this

hackeripormineripordns 127.0.0.1


This will make it so when the miner tries to connect to the pool it will instead of connecting to it resolve to your local ip 127.0.0.1 and will not be able to get the data from the pool to start mining therefore you have disabled the miner and it can not mine anymore because it can not connect to the pool because it automaticly redirects to your local ip and it can not get the mining data from there so proplem solved

this is just a quick easy way to disable it so it will stop hogging your resources =) .

i hope you enjoyed my little input here and it does you good Smiley

Have a nice day.

PS: sometimes the hosts file is locked so you actually need to copy it to your desktop first edit it there and then overwrite the original one with the new one and then restart the pc.
Coinhunter32
Member
**
Offline Offline

Activity: 61
Merit: 10


View Profile
August 25, 2014, 12:05:37 PM
 #15

This is a sad fact that many fellas use blackhat method to mine bitcoin,everything has positive and negative aspects.Even though you have antivirus and firewalls on they bypass it by several methods.Hope you get it removed out of your system soon.
nizamcc
Legendary
*
Offline Offline

Activity: 1218
Merit: 1007



View Profile
August 25, 2014, 05:59:38 PM
 #16

it could be also a silent miner mate best is you scan it with some av and hitman Wink
Vortex20000
Hero Member
*****
Offline Offline

Activity: 504
Merit: 500

sucker got hacked and screwed --Toad


View Profile WWW
August 26, 2014, 02:59:56 AM
 #17

Turn off your internet and see if it's still there.


Monica80
Full Member
***
Offline Offline

Activity: 210
Merit: 101


View Profile
August 26, 2014, 03:15:39 AM
 #18

Always wear protection...

Gentlemen Bitcoin: 1GuwSfwVryEhB15vWMx4j52yMPg6EwSAat
Sexy Sexcoins: S66C4UMnpdwEWDgGPLFa94QRTsnvnwGk1b
notlist3d
Legendary
*
Offline Offline

Activity: 1456
Merit: 1000



View Profile
August 26, 2014, 06:19:28 AM
 #19

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?

Just googling that IP looks like Verizon in the Washington area.  Do you happen to be in this area?  If so i would be less worried.

If you are not I would start running a few malware and virus scans. 
BitsBitsBits
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
August 26, 2014, 07:38:20 AM
 #20

I ran a netstat on my machine and found a certain connection with a foreign address...

pool-108-51-140-90:14905

Does anyone know what is this ? Is it a mining pool where I am connected ?

Check your CPU usage, it should be really high like 60% and above if someone is mining on your computer..

Who would even still try and mine bitcoins with others CPU's.

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
⚂⚄ Pocket Dice — The real dice experience | Provably Fair | Free BTC Faucet ⚅⚁
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!