question

JackChuong-4637 avatar image
0 Votes"
JackChuong-4637 asked DSPatrick commented

How to remove coin miner malware

Hi all,
My Windows server 2012 standard 100% CPU load, check with processxp.exe I find out this

 C:\Windows\System32\svchost.exe -o pool.supportxmr.com:443 -u 44bwTAxAcX7Q99bCLnawEQW55LrCqEUfT1D8pnzz9f1LXSSwp3AXD1K829xt7xKoFdUfdxneZGCmi6BfyHVbQy73UN7GQMJ -k --tls -p 054

I kill process and cpu load back to normal, how can I remove this malware ?

windows-server-2012
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered JackChuong-4637 commented

You can follow along here.
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/coinminer.win64.malxmr.tiaoodbz

--please don't forget to upvote and Accept as answer if the reply is helpful--



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We have nod 32 antivirus but it cannot detect this malware

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

The vendor will be your best resource to troubleshoot the antivirus.
https://forum.eset.com/

--please don't forget to Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JackChuong-4637 avatar image
0 Votes"
JackChuong-4637 answered DSPatrick commented

After update windows, restart , block all traffic in/out from/to pool.supportxmr.com , the malware process stil running but it doesn't consume CPU anymore , is it safe to delete C:\Windows\System32\XblGameUpdateTask.exe ?
128119-capture.png



capture.png (27.5 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The vendor will be your best resource to troubleshoot the antivirus.
https://forum.eset.com/

--please don't forget to upvote and Accept as answer if the reply is helpful--






0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

Windows Malicious Software Removal Tool (MSRT) helps keep Windows computers free from prevalent malware. MSRT finds and removes threats and reverses the changes made by these threats.

You can get the MSRT from here https://www.microsoft.com/en-us/download/details.aspx?id=9905

Run a Full scan it might take several hours and this will remove the traces of Malware on the PC.
If not you can also try the malware bytes these two tools will remove all malwares .

Hope this Answers all your queries , if not please do repost back .
If an Answer is helpful, please click "Accept Answer" and upvote it : )

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.