What is Shadowsocks Miner? And how does it function?
Shadowsocks Miner is a new malicious infection identified to be a Trojan virus. It was designed to steal its victim’s CPU power to mine crypto-currency for cyber criminals. This Trojan is not, in any way, related to the Shadowsocks proxy software. Besides Shadowsocks Miner, there are also other malicious programs which functions similarly such as Monero Miner, Vatico Monero Miner, CPU Miner and other crypto-currency mining tools.
As soon as it invades the system, it launches services.exe or the websock.exe process to start mining CPU resources for crypto-currency. Such activity will slow the affected computer down, constant lags, software crashes and other intolerable system issues. So if you noticed your computer’s performance suddenly took a dive down, then you should check your PC for Shadowsocks Miner as soon as possible.
Malicious crypto-currency mining tools like Shadowsocks Miner allows cyber criminals in generating more substantial amounts of money with the help of botnet of a victim’s computer that is infected with this Trojan. What’s disturbing is that this program can run in your computer unnoticeably for months or even years, which earns the profit for the crooks behind it, all the while affecting your computer’s performance as it slowly starts to deteriorate.
It is also imperative to note that the program used by the crooks hardly arrives alone which means that it can spread using a spying software that silently track user’s activity and steal valuable information and send it to the crooks’ remote server. It goes without saying that the information gathered is used for their benefit with the aim to extort money.
How does Shadowsocks Miner spread online?
Most computer users think that all potentially unwanted programs and malicious applications are distributed by the hackers who infiltrate their computer system to install them themselves. However, the reality is actually kind of different as distribution of such malicious programs can’t happen without some sort of interaction from the users. Such interaction usually involves the installation of software bundles. Some criminals often use this distribution method to spread their malicious infection and Shadowsocks Miner is not any different – cyber criminals attach this malicious program as one of the optional downloads in a software package. And during installation when users do not pay attention to the process, that’s when the infiltration starts – when you use the standard or quick setup rather than the Custom or Advanced setup. This recommended setup is the ideal setup to use as it lets you discard any optional downloads that are bundled with the software you want to install. So when you made the mistake of installing the package using the quick setup, malicious programs like Shadowsocks Miner will also be installed in your computer. Needless to say, you have to be careful enough when installing any freeware or shareware.
Eliminating Shadowsocks Miner from your computer is not that complicated as long as you follow the removal guide below.
Step 1: Open your Task Manager by tapping Ctrl + Shift + Esc on your keyboard.
Step 2: Once the Task Manager is opened, go to the Processes tab and locate the websocks.exe and service.exe processes and then end each one of them.
Step 3: Close the Task Manager and open Control Panel by pressing the Windows key + R, then type in appwiz.cpl and then tap Enter or click OK.
Step 4: Look for shadowsocks.exe or Shadowsocks version 1.0 and then Uninstall it.
Step 5: Close Control Panel and then tap the Win + E keys to open File Explorer.
Step 6: Navigate to the following locations.
- %HOMEDRIVE%\Applications\
- %WINDIR%\Tasks
- %WINDIR%\System32\Tasks
- %USERPROFILE%\Downloads
- %USERPROFILE%\Desktop
- %TEMP%
Step 7: Look for the following malicious files and delete all of them.
- exe
- exe
- ^ShadowsocksS\.job$
- ^ShadowsocksS$
Step 8: Close the File Explorer.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that the PUP created. Unlike Shadowsocks Miner, PC Cleaner Pro is a trusted program that helps in improving your computer’s overall performance by repairing any registry issues as well as optimizes your system. If you are not familiar with the Windows Registry skip to Step 14 onwards. However, if you are well-versed in making registry adjustments, then you can proceed to step 10.
Step 9: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 10: Go to the following locations and delete all the registry keys in it.
- HKEY_CURRENT_USER\Software\Shadowsocks
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ShadowsocksS
Step 12: Close the Registry Editor and empty your Recycle Bin.
Once you got rid of Shadowsocks Miner from your PC, follow the advanced guide below to get rid of it’s the files it has created.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOSscreen will be displayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Optionuse the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Boxwill show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. Installation will start automatically once download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.