Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with INSANE bitcoinminer. Desperate for help


  • This topic is locked This topic is locked
8 replies to this topic

#1 JohnSmith11

JohnSmith11

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 25 September 2017 - 05:45 AM

Hello everyone icon_surprised.gif
First and foremost, thanks for your time . I appreciate ur good will to help.

 

I have read

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

 

Background information :

 

1) SSD has been formatted 1 week ago or less (Cant remember) the second drive (1tb) remained as backup.

 

2) each time I open Skype /Certain games/ Battle.net EVEN Google Chrome.
my GPU temp jumps from 30 idle to 50 and the GPU uses its full functions (Clock speed jumps to max, etc)

 

3)My computer's clock time is not stable, keeps on changing (has been like that for more than a year, even tho I formatted 2 times since the problem arise) I suspect this problem is due to having a motherboard battery burnt although it may be a virus in the BIOS.( my assumptions) I never tried to replace a motherboard battery, I currently have Asus Z97 motherboard.


PC scanned with - Rogue-killer, Anti-malware bytes and Hitman PRO.

SSD Has been formatted 2 times in the last 3 years and a half

from win 8.1 to win10. and from win10 to win7. (SINCE THE FIRST FORMAT THE CLOCK STARTED BUGGING.

since then I have had the problem with time.

 

*bitcoin miner : New problem that I have just noticed recently, which is taking all my attention to cure my GPU.

 

*Note: Currently If I don't run the apps I mentioned above my GPU temp is OK. therefore the main problems are Clock time changes, and Temp jumps super high for no reason while running certain applications.

I used Process Explorer to try and track which applications cause GPU traffic,
that's how I know when the bitcoin miner works and when it doesn't.

 

*FCPrimal (Far cry primal & Watch_dogs 2) These games might be the cause of the problem (I think, I read some of the logs)

I came here thanks to Combo-fix (Didn't run a scan yet)
Thanks in advance, I will be waiting for your help

Best regards,

John.

 

LOGS :

Attached Files


Edited by JohnSmith11, 25 September 2017 - 08:10 AM.


BC AdBot (Login to Remove)

 


#2 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:59 PM

Posted 26 September 2017 - 06:22 PM

Hi JohnSmith11,

I am reviewing your logs now and will give you next steps shortly. Please note that I am in training and my replies must be reviewed before they are posted, so there may be a short delay.

In the interim, please do not attempt to run Combofix or any other tools.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#3 JohnSmith11

JohnSmith11
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 27 September 2017 - 07:56 AM

OK Iang :)

Thank you so much, your help means ALOT to me!

I won't use any program unless you tell me to

I follow your guidance blindly :)


Edited by JohnSmith11, 27 September 2017 - 07:57 AM.


#4 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:59 PM

Posted 27 September 2017 - 11:01 AM

Hi JohnSmith11,

First, to reiterate, you do not need to use Combofix for this, and using it here can render your computer unbootable.

It does not appear you have a bitcoin miner or any sort of malware on your computer. Based on the description of your GPU issues, I would ensure the GPU is able to ventilate properly, but the issue does not seem to stem from malware. There would generally be no point in malware waiting to start taking advantage of your GPU.

Regarding your time synchronization issue, we can synchronize your computer's time if it's currently off, but if you believe the battery in your motherboard has died, you will need to replace it to maintain the clock while the computer is off. However, if you are seeing drifts just while the computer is on, this may be a worse issue. Replacing the battery is usually very easy if you are able to open your computer's case.

Your CMOS battery appears to be a standard CR2032 battery, located in the middle of the PCIe slots. It will just come right out by pulling back the little clip.
09-headers-upper-left.jpg

Additionally, there is almost certainly (and luckily) no malware in your BIOS.

Please let me know if you have additional questions about anything, if you have any additional issues, or if you are all set.

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#5 JohnSmith11

JohnSmith11
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 27 September 2017 - 02:00 PM

Hi JohnSmith11,

First, to reiterate, you do not need to use Combofix for this, and using it here can render your computer unbootable.

It does not appear you have a bitcoin miner or any sort of malware on your computer. Based on the description of your GPU issues, I would ensure the GPU is able to ventilate properly, but the issue does not seem to stem from malware. There would generally be no point in malware waiting to start taking advantage of your GPU.

Regarding your time synchronization issue, we can synchronize your computer's time if it's currently off, but if you believe the battery in your motherboard has died, you will need to replace it to maintain the clock while the computer is off. However, if you are seeing drifts just while the computer is on, this may be a worse issue. Replacing the battery is usually very easy if you are able to open your computer's case.

Your CMOS battery appears to be a standard CR2032 battery, located in the middle of the PCIe slots. It will just come right out by pulling back the little clip.
09-headers-upper-left.jpg

Additionally, there is almost certainly (and luckily) no malware in your BIOS.

Please let me know if you have additional questions about anything, if you have any additional issues, or if you are all set.

Ian Carroll,

Thank you very much for the fast reply.

and thanks for the professional help,

I will try to change battery, but

Unfortunately,

Regarding my time synchronization issue im seeing drifts just while the computer is on, which is a worse issue. Replacing the battery wont help in that case? (waiting for your reply before i open the case and replace it)

Secondly,

Sorry but I disagree with you on this one.

I disagree first, because I didn't explain myself very well,

second,

my problem seems to be VERY VERY bad and now ill explain with as much details as I can.

BG info about my PC :

 

OS:

Win10 formatted to

Win7 pro 64bit SP1

 

Note:

When I'm opening .exe, .avi EVEN Google Chrome MY GPU TEMP jumps surprisingly HIGH to stable 50.

from 30

it lasts on 50 until I close the program then it gets back to normal.

AFTER TRACKING THE PROCCESS WITH Asus GPU tweak all of the listed above programs are making my GPU use his max GPU CLOCK & Memory Mhz.

. which is very very weird.

Very very weird thing I noticed is that

after I deleted Google chrome(Infected program) and downloaded Firefox, firefox had no virus and has stable 30 "c" temp.

I tried replacing Skype(Infected) With Discord but then again, No luck . Discord seems to be infected as well.

I used HWmonitor to measure the Temp and RPM of the GPU and at idle after having the infected program on,

they cap at Stable 48"C" with 1970 RPM.

all the other games I play are infected with this virus, i play all games on lower settings, my GPU nvidia driver is set to Max Performance to get most FPS. before this program has appeared League of legends would only take 40C on lowest settings and now its 48"C" with 1970 RPM.

 

my GPU is asus gtx 770 directuii

my proccessor is i7 4790

and my motherboard is asus z97

the PC was purchased 3 years ago and 2 months, I clean dust very often, last time I cleaned was 1 week ago.

there must be a way to solve it,

 

Perhaps this might help -

 

As you have seen in the FRST logs,

I am connected to a homegroup with 2 other PC's

( my father use the other 2 PCs)

Do you think theres a virus inside the Router / Other pcs connected that has moved to my PC through the net?

Besides, I have 1tb Harddrive connected to the PC along the 128gb SSD, the drive is a backup of my old PC (win10 i formatted)

could it be that there's a virus there that is in charge of this problems?

I know that bitcoin isnt considered as a virus among other AV programs.

I'M CERTAIN there's a Bitcoin miner because of a video I saw in YT with other people describing the same problem as I have, I'll quote them and post link in here this might help you understand better, my english isnt quite perfect and im sorry if its hard to understand.

https://youtu.be/GsvUTO0bwzA

the comment that describes my problem is this(not the same virus, but i think theres strong connection here) :

The quote is down below

""""""""""""

I haven't noticed anything while playing games but , when i don't move my mouse for 1-2 minutes the CPU and GPU start overloading and overheating. I use Open Hardware Monitor to monitor the temperatures and as i said the temperature on my GPU instantly jumps to 50 C with 100% workload (seen on the Open Hardware Monitor) until i move my mouse ... when i move the mouse the workload jumps to normal (0%) and the temp is also lowering. This doesn't happen while i have the Task Manager opened though ... i read that this is the case so the program (virus, bitcoin miner) doesn't get noticed in the Task Manager. I did a format to my pc but after a day or two this starts happening again. I also tried different anti malware and anti virus programs but they can't find anything. Can this virus be in the BIOS ? I would really appreciate if anyone can help me on this matter ...

""""""""""""

I have made a comparison with a friend regarding these programs listed above that causes the gpu temps to go higher.

Skype doesnt require all of the Clock speed & memory on their computers.

nor do AVI's.

I'm afraid the worse problem of the clock is what causing this virus with GPU.

 

Thanks Ian Carroll for your help, I appreciate it alot I adore you for not giving up, Because I haven't . We must find a way to cure this off my PC!


Edited by JohnSmith11, 27 September 2017 - 04:03 PM.


#6 JohnSmith11

JohnSmith11
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 28 September 2017 - 04:11 PM

srry was trying to edit, posted by accident

i wanted to type

*********UPDATE:

 

I have downloaded OBS - open broadcast screen recorder in order to demonstrate the problem, the .EXE is infected too with the virus, i can make a record and upload it to youtube, would that help ?

 

also , my clock is going backwards in time. since i opened PC it was first at 23:00

and now it slowly goes to 10:31... this is very weird :S

 

 

i cant edit the post i dont know why... it says only multi or quote


Edited by JohnSmith11, 28 September 2017 - 04:54 PM.


#7 iangcarroll

iangcarroll

  • Members
  • 658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, MI
  • Local time:12:59 PM

Posted 28 September 2017 - 05:05 PM

Hi JohnSmith11,

I do not believe malware is your issue. Rather, I think there is a bug somewhere in the chain between Google Chrome/your applications and your GPU (i.e. inside Windows or its drivers) that is causing this. The fact your clock is drifting while your computer is on is likely contributing to this, but it may not be the root cause.

Is your CPU usage normal while you see these GPU usage spikes? If your CPU is running at its fullest capacity, the Windows clock will likely drift a bit, but it should not normally.
 

my english isnt quite perfect and im sorry if its hard to understand.


Don't worry, it's pretty good, I understand you well.
 

Replacing the battery wont help in that case? (waiting for your reply before i open the case and replace it)


No, the battery inside your computer is used for when the computer is off and mainly needs to keep its clock running. If your clock is not keeping time correctly while it is on, the battery is not the issue.
 

I know that bitcoin isnt considered as a virus among other AV programs.


Today, all/most cryptocurrency mining applications are flagged as a PUP (potentially unwanted program).
 

I'M CERTAIN there's a Bitcoin miner because of a video I saw in YT with other people describing the same problem as I have


The problem you have -- the miner only starting when certain applications run -- is not something I have ever seen, and not what is mentioned in the video.

It is a counter intuitive idea; the miner would want to run when you are *not* using the GPU, so it can fully utilize it, but here it is supposedly only running when you are also trying to use the GPU. So I do not believe there is a miner running, nor is there any hard evidence of that.
 

I tried replacing Skype(Infected) With Discord but then again, No luck . Discord seems to be infected as well.


Incidentally, this is what I would hope happens. Discord's desktop application actually contains its own version of Google Chrome, so if Google Chrome is triggering this GPU issue, Discord should as well. Battle.net also uses Google Chrome.

The other causes you listed are likely not the issue. I think the best option forward is for you to make a post in our Internal Hardware section, describing your issues and also linking to this thread, so that they know it's likely not malware.

Do you have any concerns about that, other concerns I haven't addressed, or any questions/comments?

Ian Carroll https://ian.sh • Certly Inc
 
Member of the Bleeping Computer A.I.I. early response team!


#8 JohnSmith11

JohnSmith11
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:07:59 PM

Posted 28 September 2017 - 05:39 PM

Hi JohnSmith11,

I do not believe malware is your issue. Rather, I think there is a bug somewhere in the chain between Google Chrome/your applications and your GPU (i.e. inside Windows or its drivers) that is causing this. The fact your clock is drifting while your computer is on is likely contributing to this, but it may not be the root cause.

Is your CPU usage normal while you see these GPU usage spikes? If your CPU is running at its fullest capacity, the Windows clock will likely drift a bit, but it should not normally.
 

my english isnt quite perfect and im sorry if its hard to understand.


Don't worry, it's pretty good, I understand you well.
 

Replacing the battery wont help in that case? (waiting for your reply before i open the case and replace it)


No, the battery inside your computer is used for when the computer is off and mainly needs to keep its clock running. If your clock is not keeping time correctly while it is on, the battery is not the issue.
 

I know that bitcoin isnt considered as a virus among other AV programs.


Today, all/most cryptocurrency mining applications are flagged as a PUP (potentially unwanted program).
 

I'M CERTAIN there's a Bitcoin miner because of a video I saw in YT with other people describing the same problem as I have


The problem you have -- the miner only starting when certain applications run -- is not something I have ever seen, and not what is mentioned in the video.

It is a counter intuitive idea; the miner would want to run when you are *not* using the GPU, so it can fully utilize it, but here it is supposedly only running when you are also trying to use the GPU. So I do not believe there is a miner running, nor is there any hard evidence of that.
 

I tried replacing Skype(Infected) With Discord but then again, No luck . Discord seems to be infected as well.


Incidentally, this is what I would hope happens. Discord's desktop application actually contains its own version of Google Chrome, so if Google Chrome is triggering this GPU issue, Discord should as well. Battle.net also uses Google Chrome.

The other causes you listed are likely not the issue. I think the best option forward is for you to make a post in our Internal Hardware section, describing your issues and also linking to this thread, so that they know it's likely not malware.

Do you have any concerns about that, other concerns I haven't addressed, or any questions/comments?

 

Thank you very much.

I trust your guidance and I will post there.

mind waiting until I show you how things happen from my point of view?

I think the video may be the final say here.

*making a video, it may take up to 1hr from now until it will be done and finished uploading*

 

im trying to make the video.. but it seems that this virus has spreaded to my GPU drivers.. u sure it isnt the same problem as the other guy? :\

nvidia share also makes my PC go crazy.

 

 

*****************

UPDATE

*****************

Uploading the video now!

 

I can make more videos of this program. I am sorry but this is clearly not an hardware issue!

u can see that in the video.

ill link it here when its done uploading

 

*Reasons why its not a hardware problem :

1)

I used video capture program, which is taking HEAVY usage of my GPU and RECORDED and while recording it didn't make my GPU even giggle while the other INFECTED programs were overhauling like a firetruck.

2)

why would the driver make such heavy usage of the GPU .. ?

if as what mentionted above, what u were saying is possibly right ( which means that All of those programs ran by Google)

Wouldnt it be smart to find and locate where the infection is and delete it? can u help me finding the infected folders to delete the virus that is causing this madness? Some programs arent infected and function good, i can make a video of those too when im done uploading, please tell me what you think.

 

 

PROOF :

 

u can see in the video how the clock has drifted back since our convo.

as it was 27 sept 23:00 and it jumped back to 22:30

also . the date isnt  even updated lol

published on 28sept while the video captured at 27sept due to the clock.

 

LINK

https://www.bleepingcomputer.com/forums/t/658787/clock-drifts-back-n-forth-gpu-not-stable-due-to-certain-exe-avi-files/#entry4346178

 

 

I added additional information about my problem.


Edited by JohnSmith11, 29 September 2017 - 05:51 AM.


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,300 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:59 AM

Posted 29 September 2017 - 06:23 AM


The other causes you listed are likely not the issue. I think the best option forward is for you to make a post in our Internal Hardware section, describing your issues and also linking to this thread, so that they know it's likely not malware.

Do you have any concerns about that, other concerns I haven't addressed, or any questions/comments?

 

 

This topic is now closed, OP has opened new topic in non-malware forums.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users