How to remove a hidden miner from your computer. How to find a hidden miner on your computer

A hidden miner is a virus program that uses your computer's resources to . This is done automatically without the user’s knowledge or any warnings.

Most often, you can catch a hidden miner when downloading files from unverified sources. Usually this is some kind of pirated content that is very popular among users. You can also stumble upon a similar virus when receiving various spam mailings. In any option, you get what you want, and at the same time a hidden miner or utility can be downloaded to your computer to automatically download it from the Internet.

Why is a hidden miner dangerous?

The miner forces your PC to operate at the maximum level of performance, which means that even when performing simple office tasks, the computer can be quite slow. Long-term work at the limit of its capabilities will sooner or later affect the hardware.

First of all, the video card, processor, RAM and even a cooling system that simply cannot cope with daily stress tests.

The first sign of the presence of a miner is slowdown on simple tasks and a non-stop cooler.

Also, miners may well gain access to your personal information stored on your computer. Everything can come into play here: from simple photos and ending with data from various accounts and electronic wallets. And this is already very dangerous.

How does a miner manage to hide?

Usually responsible for the operation of the miner on your PC separate service, which allows you to hide and disguise the threat. It is this satellite that controls the autorun and behavior of the virus, making it invisible to you.

Eg, this service may pause the miner when launching some heavy shooters. This allows you to free up computer resources and give them to the game so that the user does not experience slowdowns or drops in frame rate. Once the shooter is closed, the virus will start working again.

The same maintenance service is able to track the launch of system activity monitoring programs in order to quickly disable the miner by unloading it from the list of running processes. However, especially dangerous viruses and may even try to disable scanning tools on your computer, eliminating detection.

How to detect a hidden miner

If you start to notice that your computer is starting to slow down and get hot, the first thing you should do is run an antivirus scan with the latest databases. In the case of simple miners there should be no problems. will be detected and eliminated. You will have to tinker with viruses that hide their presence well.

Systematic monitoring of the Task Manager, which on Windows can be opened using the key combination Ctrl + Alt + Del or Ctrl + Shift + Esc, will allow you to track hidden miners. For 10–15 minutes, you just need to observe active processes with complete inactivity. Close all programs and don’t even move your mouse.

If, in such a scenario, one of the active or suddenly appeared processes continues to load the hardware, this is a good reason to think about it. The origin of such a process can be checked using the “Details” tab or through an Internet search.

Many hidden miners using primarily PCs may not load CPU, and therefore in the “Task Manager” on old Windows versions they won't light up. That is why it is better to assess the load on the hardware using specialized utilities such as AnVir Task Manager or Process Explorer. They will show much more standard tool Windows.

Some miners are able to independently disable the Task Manager a few minutes after it starts - this is also a sign of a potential threat.

Separately, it is worth highlighting the situation when the “Task Manager” demonstrates excessive load on the processor from the browser. This may well be the result of a web miner operating through a specific website.

How to remove a hidden miner from your computer

The first and most logical weapon in the fight against such a scourge is an antivirus, as already mentioned above. However, miners are often not recognized as malicious threats. At most, they are considered potentially dangerous, especially if they came onto the computer along with a pirated game or a hacked program.

If you do not have a powerful antivirus, you can resort to the help of small healing utilities. An example is Dr.Web CureIt! , which is often used to search for hidden miners. It is distributed free of charge.

Manually, without any third-party tools, removing the virus is also possible, but you must be 100% sure that it is the miner that you have detected. In this case, you need to go to the registry by typing regedit in Windows search, and in it, use the Ctrl + F key combination to launch an internal search (or through “Edit” → “Find”).

In the line that opens, enter the name of the process from the dispatcher behind which, in your opinion, the miner is hiding. All detected matches must be deleted via context menu. After this, you can restart the computer and evaluate changes in the load on the hardware.

Conclusion

It is important to understand that a hidden miner is dangerous not only because of its excessive load on the PC, but also because it can intercept your personal data. At the first hint of such a threat, run a deep scan of your computer’s memory with a current antivirus.

Don't forget that your computer can slow down for a variety of reasons. A more important sign of the threat of hidden mining is excessive PC activity during idle time or when performing basic tasks. Pay attention to the operation of the video card coolers: they should not make noise when there is no load.

If you do find an unknown process that is loading your computer to capacity, you definitely need to deal with it. Using anti-virus software or manually, finding and deleting it through the registry.

About the fact that antivirus ESET company noted the growing prevalence of browser-based miners that mine cryptocurrency without the user’s knowledge. Moreover, according to data for December last year, it topped the rating of Belarusian cyber threats. In our material we will tell you how to recognize that someone is using your computer for personal gain and get rid of hidden mining.

Browser or computer

Let us remind you that mining is the process of extracting cryptocurrency using complex calculations that take place on a computer. On this moment There are two main methods of “malicious mining”.

In the first case, the miner program is hiddenly installed on your computer and begins to constantly use its power - the processor and video card. In the second case, and this is what ESET warns about, mining only occurs when you go to an infected site (“browser mining”).

Of course, the first method is much preferable for attackers, albeit more complicated - after all, the computer first needs to be infected somehow. The second is simpler, and the attackers “get” the required power due to the large number of users visiting the site.

Main symptom

The very first (and main) symptom by which you can suspect mining is that the computer begins to constantly “slow down” in harmless situations. For example, when your cooler is noisy all the time, your laptop heats up or freezes while only a browser with three tabs is running.

It is clear that such symptoms are characteristic not only of mining - at this moment you may simply have a “heavy” background process running (for example, updating software). But if the computer constantly works in such a loaded mode, this is a serious reason for suspicion.

Unfortunately, you shouldn’t rely on antivirus software alone here. Here is what, for example, Kaspersky Lab writes about such programs:

Miners are not malicious programs. Therefore, they are included in the Riskware category we have identified - software that is legal in itself, but can be used for malicious purposes. Default Kaspersky Internet Security does not block or remove such programs, since the user could have installed them knowingly.

The antivirus may not work in the event of hidden browser mining.

How to detect a miner?

The easiest way you can try to identify a malicious process that is “eating up” all the resources of your computer is to launch the task manager built into the system (In Windows, it is called by the keyboard shortcut Ctrl+Shift+Esc).

Task Manager in Windows

If you see that some incomprehensible process is loading the processor very heavily - by tens of percent - (the CPU column in the picture above), and you have not launched a “heavy” game or are not editing a video, this may well turn out to be mining.

By the way, Chrome, which is popular among Belarusians, also has its own task manager - to launch it you need to right-click on an area free of tabs above address bar and select the appropriate item. Then you will see which tab is causing the computer to boot.

Unfortunately, the task manager is not always useful. Modern miners know how, for example, to pause work when it starts or “hide” in standard processes, like svchost. exe, chrome. exe or steam.exe.

In this case, you can use additional, more advanced software - for example, the AnVir Task Manager program.

With its help, it is much easier to identify suspicious processes. All undefined lines are highlighted in red and you can get maximum information about each process (including hidden ones!), but the most important thing is that any process you are running can be checked on the VirusTotal website.

And what to do with it?

The easiest way is if mining occurs when opening an infected site. In this case, you just need to close this browser tab.

It’s worse if a miner program gets onto your computer. In this case, you can first try to close the malicious process in the task manager and remove it from startup, however, as a rule, not everything is so simple.

Miners may have non-standard launch methods, nThe presence of two processes that restart each other if they attempt to terminate them. In addition, it can be initiated.

They should come to help here antivirus programs. If for some reason the antivirus does not “catch” the miner in standard mode, you can try recording a portable free scanner on a flash drive, for example, Web CureIt! or Kaspersky Virus Removal Tool and boot your computer into safe mode.

To launch it (on Windows, except for “ten”), you need to press the F8 key several times during boot and select the desired option. In Windows 10, this cannot be done when rebooting. Therefore, you need to open the “Run” window (Win + R key combination), enter the msconfig command there, then select the “System Configuration”, “Boot” section and set Safe Mode, and then restart the computer.

After booting into safe mode, you need to launch an anti-virus scanner from a flash drive.

As we wrote above, antiviruses do not always consider miner programs to be malicious software - after all, you can mine for yourself.

But, for example, Kaspersky Anti-Virus classifies them in the Riskware category (software with risk). To detect and remove an object from this category, you need to go to the settings of the security solution, find the “Threats and detection” section there and check the box next to “Other programs”. ESET offers a similar solution - to identify miners (including on sites you visit), you need to enable detection of potentially unwanted applications in the settings.

If mining continues after these manipulations, you can try more radical method- reinstallation operating system.

How to protect yourself?

If we are talking about browser-based mining, then in addition to anti-virus solutions that detect malicious javascript on sites, browser extensions have already appeared that allow you to detect miners - for example, No Coin or Mining Blocker.

If you do not want the miner program to get onto your computer, then regularly install updates offered by the operating system, and be sure to use anti-virus programs with monitoring enabled.

Here you need to remember that antiviruses may not detect a miner program, but they will almost certainly detect a dropper program, the main purpose of which is to secretly install the miner. In addition to the antivirus, you can add a couple of old ones, but still effective advice— do not click on suspicious links on the Internet and do not open spam messages received in your mail.

Also remember that with the installation of legal software, the likelihood of getting a miner in addition is negligible. Whereas when downloading hacked programs or “cracks”, this risk greatly increases.

What about smartphones?

A smartphone is also a computer, so the attackers’ schemes are similar. For example, at the end of last year, security specialists in Google Play malware that used mobile gadgets for mining cryptocurrencies without the knowledge of the owner.

If your computer constantly slows down and runs on maximum power, then this is a reason to check it for the presence of miner viruses. Let's look at how to detect a hidden miner on a computer and remove it.

What is it and why is it dangerous?

A hidden miner is a virus program that uses the performance of your PC to mine cryptocurrencies. Infection occurs through:

• malicious messages;
• downloaded files;
• spam mailing.

The video explains in more detail what mining is and how it works.

The first mentions of hidden mining appeared in 2011, but then these were isolated cases. At the beginning of 2018 this problem occupies one of the leading positions in news feeds.

The Trojan miner poses a great danger to the PC:

1. Reduces the service life of hardware.
   The PC operates at maximum load for a long time, which negatively affects the maximum service life:
   • processor;
   • video cards;
   • cooling systems.
2. Limits performance.
   When using an infected computer for their tasks, the user receives scanty performance, because the bulk of it goes to hidden mining.
3. Provides access to personal data.
   Since the miner is a Trojan, it gains access to personal information user. Lately Cases of theft of electronic wallets and passwords have become more frequent. The attacker not only uses your PC's performance, but also steals confidential data.

Note! Last thing Windows update received protection from mining. You can get acquainted with the information by clicking on the link “Windows 10 protects your PC from hidden mining.”

How to detect and remove

Advice! Scan your system with an antivirus, you may come across a regular miner that does not hide its presence. In this case, it will be detected and automatically removed by antivirus software.

It is usually quite difficult for a user to detect a Trojan, because the developers of the virus software have tried to hide its operation as much as possible. New miners are able to disguise their activities:

• Disable while the user is working with demanding applications.
• Disguise as other applications in Task Manager.
• Work only when the PC is idle.

Your computer could be infected without you even noticing it. It all depends on the ingenuity of hackers. We will try to explain in as much detail as possible how to identify malware.

Important! Be careful when deleting any file, especially if you are not sure of its purpose. You do all actions at your own peril and risk!

Via Task Manager

Let's touch on Internet mining a little. There are sites that, using a special script, gain access to the performance of your PC. The hacker, bypassing the protection of the Internet resource, uploads his malicious code there, which mines cryptocurrencies while you are on the site.

It’s very easy to understand that you’ve encountered one, because when you visit it, your computer will start to slow down, and the Task Manager will show a heavy load on the hardware. It is enough to simply leave the site to stop the mining process.

To detect malware on the system:

1. Go to the Task Manager by holding down “Ctrl + Shift + Esc” at the same time.
   
2. Observe the processes for 10 minutes of complete inactivity (including mouse movements and keystrokes).
   

   Important! Some viruses close or block the Task Manager in order to hide their activity.
   If the dispatcher closed on its own or some program began to load the system, this means that the PC is infected with the miner.

3. If the virus is not detected, go to the “Details” tab.
   
4. Find a process that differs from the standard (for example, strange symbols) and write down the name.
5. 
   
6. “Edit” → “Find”.
   
7. 
   

   Important! If you are not sure that the file can be deleted, write to us in the comments, we will try to help.

   
   
8. Scan the system with an antivirus (for example, we used a standard antivirus, which is located in “Start” → “Settings” → “Update and Security” → “Windows Defender”).
9. Restart your PC.

Via AnVir Task Manager

The multifunctional process manager AnVir will help you detect a hidden virus.

1. Download and install the utility.
2. Launch it and view the running processes.
   
3. If you are suspicious, hover your cursor over an application to display information about it.
   
   

   Note! Some Trojans disguise themselves as system application, but they don’t know how to fake details.

4. After which RMB → « Detailed information» → “Performance”.
   
   
5. By selecting “1 day”, view the load on your PC during this time.
   
   
6. If a process heavily loaded the system, hover your cursor over it → write down the name and path.
   
   
7. Right-click on the process → “End Process”.
   
8. In Windows search, type “regedit” → go to the registry.
   
9. “Edit” → “Find”.
   
10. Enter a file name → remove all matches.
    
11. If threats are detected, confirm their removal.
12. Restart your PC.

The cryptocurrency boom of 2017 set a new direction for the creators of viruses, worms, Trojans and other malware.

Now they are not interested in your personal files and confidential data, but in the computing power of your device. The topic of today's article is mining viruses, how to recognize them and how to deal with them.

How to understand that your computer is infected with a miner

Mining programs load the processor or video card with complex mathematical calculations. Therefore, recognizing the presence of a malicious miner is in some sense much easier than in the case of a regular virus. Namely - due to the increased load on the computer.

Here's how it might manifest itself:

However, it is worth noting right away that the latter method does not always work. Only the most stupid and greedy miners load their equipment to full capacity, because then anyone will become suspicious. As a rule, mining viruses operate more subtly: they determine the processor (or video card) model and the number of cores, and occupy, for example, half or a third of the resources.

Moreover, some miners are not even displayed in the manager Windows tasks and avoid recognition by the load monitor. It turns out that you feel the load on the equipment, the fans are noisy, but the task manager reports that there is no load. In such cases, you can only reach the resource devourer through good antivirus. But such sophisticated miners are rare.

How to get rid of a miner manually

So, the easiest way to reach the unsolicited miner is through system monitor. But it’s better to use a non-standard one Windows monitor, and advanced - for example, Process Hacker. It sees hidden processes, tricks to hide the load do not help against it, and it has a lot of functions for managing processes.

Download the program from the official project website: . There is both an installer and a portable version that does not require installation. Launch the program and click on the “ CPU” to enable sorting processes by CPU consumption. A miner, even if it mercifully uses only half the processor, will immediately catch your eye.

In most cases, miner viruses are called something clever, trying to impersonate a system component or process of some harmless program. Don't let this bother you. Necessary and harmless processes do not load the system unless you ask them to do so. So you can safely start neutralizing it.

Reflexively, hands reach out to complete the miner process, but there is no need to rush. First you need to find out where it is running from in order to remove it from the system forever. And to relieve the load, the process can simply be frozen. To do this, right-click on the process, and in the pop-up menu click “ Suspend”.

The miner will remain in memory, but will no longer be executed on the processor. Now you can interrogate him - in the same pop-up menu, click “ Properties" An information window about the process will open, where you will immediately see the path along which the miner is located.

All you have to do is follow this path and delete the folder with the miner using the combination Shift+Del, so that the folder does not fly into the trash, but is immediately erased from the drive.

Antivirus against miners

However, there is no need to fight mining viruses manually; antiviruses do an excellent job of dealing with them. This method is even better, because, as mentioned above, the miner can load the system in such a way that it is very difficult to notice - you will only wonder why everything slows down and jerks from time to time.

As an example, we consider here Avast- a very good antivirus that provides basic protective functions completely free of charge, without any trial periods. Go to the company's official website: download and install the program.

There is one caveat here. In general, antiviruses do not consider miners to be viruses, which is correct - miners do not damage your system and personal files, do not infect other computers, they simply use resources like any other program does. Therefore, in order for an antivirus to fight miners, you need to configure it so that it pays attention to potentially dangerous programs.

After starting Avast, click the “ Settings”, and on the “ tab Are common” (it will open first) check the boxes “ Turn on enhanced mode " And " Look for potentially unwanted programs (PUPs)”.

Now on the “tab” Protection”click the button “ Main protection components” and there activate all 3 available modules.

Wait 5-10 minutes and...

How to protect yourself from miner viruses

Treatment with antiviruses is a good thing, but it is better not to treat the infection, but to prevent it. Moreover, antiviruses, as a rule, do not keep up with the emergence of new varieties of computer infections.

The following rules will help you minimize the risk of infection and keep your computer clean not only from miners, but also from any viruses in general:

• Avoid using pirated programs - keep in mind that a license protection hacker could just as easily insert malicious code into the program. Such cases are not uncommon.
• Choose free, open source software with open source source code- it’s clear that the developer is not hiding anything. For example, if you need an archiver, install the free 7-Zip instead of the paid proprietary alternatives.
• Download programs only from the official websites of their manufacturers. Never use software collection sites - they often add additional programs and browser add-ons, and sometimes viruses.
• Regularly update programs, from the operating system to the smallest utility. Sometimes a small error in a small program is enough for a virus or Trojan to enter the system.
• The Internet is a high danger zone. With the help of a set of browser add-ons and several programs, you can protect yourself well from hacking, infections, and personal data leaks. Explore articles on this topic.

Best wishes! 😉

Also on the site:

New-fangled miner viruses: how to find and remove them updated: March 5, 2018 by: alex ferman

How to find a hidden miner?

The hidden miner is a Trojan that uses the victim's CPU processing power to mine a digital currency called Monera. Once installed, this Trojan will install Monero under the name NsCpuCNMiner32.exe And NsCpuCNMiner64.exe, which tries to run Monero using your computer's CPU resources will eat up your computer's resources.

Miner CNMiner works after running a program called CNMiner.exe which then runs NsCpuCNMiner32.exe And NsCpuCNMiner64.exe depending on whether it is installed installed computer 32-bit or 64-bit. Once launched, the miner will begin to use all the computing power of the computer to mine the Monero currency in the mine.moneropool.com mining pool. You can see how much CPU resources the miner is using in the image below.

CNMiner works in task manager
CNMiner running in Task ManagerWhat is especially alarming about this infection is that it will use all the processing power of the CPU indefinitely. This will cause your processor to run at very high temperatures for extended periods of time, which can shorten the life of the processor.

Since there is no indication that the program is running, here is a list of symptoms that a user can use to determine if they are infected with Miner Mining:
NsCpuCNMiner32.exe, NsCpuCNMiner64.exe or C NMiner executable in the task manager.
Windows minimizes and maximizes slowly, games run slower, and videos stutter.

Programs do not launch as quickly.
General slowness when using the computer.
How it was installed Miner Mining on my computer?

Currently unknown as a miner CNMiner is installed on the victim's computer. It can be installed manually by hacking the developer on the computer or together with other malware. Therefore it is important to always have good program security installed to monitor unauthorized and malicious programs. As you can see, the CNMiner miner is a program that steals your computer's resources and your electricity and profits from it. To make your computer work normally again and protect your computer, you should use the guide below to remove this Trojan for free.

24 Point Guide! by removing Miner

1 This removal guide can be overwhelming due to the number of steps and numerous programs that will be used. The article has been written to provide clear, detailed and easy to understand instructions that anyone can use to remove this virus for free. Before using this guide, we recommend that you read it once and download all the necessary tools on your desktop. Once done, print this page as you may need to close your browser window or restart your computer.

2 To interrupt any programs that may interfere with the uninstallation process, we must first download the program Rkill. Rkill will look for active malware infections on your computer and try to stop them so they don't interfere with the removal process. To do this, download RKill to your desktop using the following link.

When on the download page, click the Download Now button that says iExplore.exe. When prompted to save it, save it to your desktop.

3 Once it's downloaded, double-click the iExplore.exe to automatically try to stop any processes associated with CNMiner Monero Miner and other malware. Be patient while the program searches for various malware and finishes them. When finished, the black window will automatically close and the log file will open. Review the log file and close it to continue with the next step. If you have problems starting RKill, you can download other renamed versions RKill from download page Rkill. All files are renamed to copies RKill, which you can try instead. Please note that the download page will open in a new browser window or tab. Do not restart your computer after startup RKill, as the malware will start working again.

4 Now download Emsisoft Anti-Malware, which scans and removes any other adware that may be included in this adware. Download and save the installer Emsisoft Anti-Malware to your desktop using the link

5 Once the file has been downloaded, double-click the EmsisoftAntiMalwareSetup_bc.exe to start the program. If Windows Smart Screen gives a warning, allow it to run anyway. If the installer displays a warning about safe mode, click "Yes", to continue. You should now see a dialog box asking you to agree to the license agreement. Enter the agreement and click the Install button to continue with the installation.

6 You will eventually get a screen asking what type of license you want to use with Emsisoft Anti-Malware.

Select license screen If you have an existing license key or you want to buy a new license key, select the appropriate option. Otherwise select Freeware or Test in 30 days, free option. If you receive a warning after clicking this button, simply click the button "Yes" to switch to mode free access, which also allows you to clean infected files.

7 Now look on the screen and select whether you want to join the network Anti-Malware Emsisoft. Read the descriptions and select your choice to continue.

8 Emsisoft Anti-Malware will now start updating.

Please be patient as it may take a few minutes for the updates to finish downloading.

9 When the updates are complete, the screen will ask if you want to enable discovery PUP. We strongly recommend choosing " Enable PUPs Detection» to protect your computer from unpleasant programs, such adware is not recommended by us.

10 Now we see the final installation menu on the screen. Click the button "Ready" to complete the setup and start automatically Emsisoft Anti-Malware.

11 Emsisoft Anti-Malware will now run and display home screen.

After the initial antivirus screen appears Emsisoft, please left click on the section "Scanning".

12 Now choose what type of scan you want to perform.

Scan selection screen Select the malware scan option to begin scanning your computer for infections. Option Malware Scan will take longer than Quick Scan but will also be the most thorough. Since you're here to clean up infections, it's worth waiting to make sure your computer is scanned correctly.

13 Emsisoft Anti-Malware will now begin scanning your computer for rootkits and malware. Please note that the detected infections in the image below may be different from what this guide is intended for.

Scanning Screen Be careful while Emsisoft Anti-Malware is scanning your computer.

14 Once the scan is complete, the program will display scan results that show which infections were detected. Please note that due to an updated version of Emsisoft Anti-Malware, the screenshot below may look different from the rest of the guide.

Scan Results Now click the Quarantine button, which will remove the infections and quarantine them in the program. You will now be at the final screen of the Emsisoft Anti-Malware installer, which you can close. If Emsisoft prompts you to restart your computer to complete the cleaning process, allow it to do so. Otherwise, you can close the program.

15 Now download AdwCleaner and save it to your desktop. AdwCleaner scans your computer for adware programs that may have been installed on your computer without your knowledge. You can download AdwCleaner from the following URL

16 When AdwCleaner finishes downloading, double-click the AdwCleaner.exe icon that now appears on your desktop. After double clicking on the icon, AdwCleaner will open and you will be given license agreement programs. After you read it, click the I Agree button if you want to continue. Otherwise, click the I Don't Agree button to close the program. If Windows asks you if you want to run AdwCleaner, allow it to run.

If you choose to continue, you will be presented with a startup screen as shown below.

17 Now click the Scan button in AdwCleaner. The program will now begin searching for known adware programs that may be installed on your computer. Once completed, it will display all the items found in the Results section on the screen above. Review the results and try to determine whether the programs listed contain those that you do not want to install. If you find programs that you want to keep, uncheck the associated entries. For many people, the contents of the Results section may seem confusing. If you don't see a program name that you know shouldn't be removed, continue to the next step.

18 To remove adware programs detected in the previous step, click the Clean button on the AdwCleaner screen. Now AdwCleaner will prompt you to save any open files or data, since the program needs to close any open source software before they start cleaning. Save your work and click OK. Now AdwCleaner will remove all detected adware from your computer. When this is done, a warning will appear that explains what PUPs (potentially unwanted programs) and adware are. Read this information and click OK. You will now be presented with a warning that tells you that AdwCleaner needs to restart your computer.

Tip for restarting AdwCleaner Click OK to have AdwCleaner restart your computer.

19 When your computer restarts and you are logged in, AdwCleaner will automatically open a log file containing files, registry keys, and programs that were removed from your computer.

AdwCleaner Log Review this log file and close the Notepad window.

Write in the comments your problems regarding Trojans and whether a new article is needed on other types of Hidden Miners.