W32.Coinbitminer is a Trojan that mines bitcoins and downloads additional malware on the compromised computer.
Trojan.Coinbitminer is a Trojan created specifically for the program BitCoins. When Trojan.Coinbitminer is executed, it will utilized victim’s PC and resources to mine bitcoins for the benefit of the remote attacker. This Trojan can drop and install the legitimate software for BitCoin without user’s consent.
Alias:
Win32/CoinMiner, Win-Appcare/Bitcoin, RiskTool.BitCoinMiner!SP8RvUesJfQ, Win32/BitCoinMiner, Possible-Threat.Win32.BitCoinMiner, RiskTool.Win32.BitCoinMiner.a, Bitcoin Miner, HKTL_BITCOINMINE
Damage Level:
Medium
Systems Affected
Windows 2000, Windows 7, Windows 8, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Characteristics
Upon executing the Trojan, it will create the following files.
To those who are unfamiliar with BitCoins, it is a digital currency used by miners to purchase goods online. As of this writing, each BitCoin blocks are often traded to around US$25. To earn BitCoin blocks, users are obliged to install a BitCoin software and use computer’s resources to solve a given cryptographic equation. This is known as mining. As mentioned, attackers are using public computers to solve a cryptographic challenge simultaneously. For every problems solve, users will receive for up to 50 BitCoins. Imagine how much attackers would earn for infecting large amount of computers with Trojan.Coinbitminer.
Distribution
Trojan.Coinbitminer arrives on computers in several methods. The most utilized approach is through mass mailing. User may also be contaminated when a questionable link from instant messaging application is executed. The link is originally sent from address of a friend on contact lists, but sender is unaware that Trojan on their computer is sending out malicious information. Most of the time, the message will contain tempting links on trending news and events.
Another means of propagation is via drive-by-download. Trojan.Coinbitminer can enter the computer if user visits a web site that is either legitimate but compromised or web pages that is harmful in nature. The process is so covert that user’s may not even notice. On the other hand, Trojan may be installed with user’s knowledge when it pretends as software update or as required components found on unknown web pages.
How to Remove Trojan.Coinbitminer Temporarily Disable System Restore.
Systems Affected
Windows 2000, Windows 7, Windows 8, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
Characteristics
Upon executing the Trojan, it will create the following files.
- %Temp%\hstart.exe
- %Temp%\svchoost.exe
- %Temp%\test.bat
To those who are unfamiliar with BitCoins, it is a digital currency used by miners to purchase goods online. As of this writing, each BitCoin blocks are often traded to around US$25. To earn BitCoin blocks, users are obliged to install a BitCoin software and use computer’s resources to solve a given cryptographic equation. This is known as mining. As mentioned, attackers are using public computers to solve a cryptographic challenge simultaneously. For every problems solve, users will receive for up to 50 BitCoins. Imagine how much attackers would earn for infecting large amount of computers with Trojan.Coinbitminer.
Distribution
Trojan.Coinbitminer arrives on computers in several methods. The most utilized approach is through mass mailing. User may also be contaminated when a questionable link from instant messaging application is executed. The link is originally sent from address of a friend on contact lists, but sender is unaware that Trojan on their computer is sending out malicious information. Most of the time, the message will contain tempting links on trending news and events.
Another means of propagation is via drive-by-download. Trojan.Coinbitminer can enter the computer if user visits a web site that is either legitimate but compromised or web pages that is harmful in nature. The process is so covert that user’s may not even notice. On the other hand, Trojan may be installed with user’s knowledge when it pretends as software update or as required components found on unknown web pages.
How to Remove Trojan.Coinbitminer Temporarily Disable System Restore.
- To identify even the most recent variant of Trojan.Coinbitminer, open your antivirus application and update the virus definitions.
- Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
- Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete please proceed with the next step.
- Scan with Norton Power Eraser:
No comments:
Post a Comment