What is Bitcoin Miner Virus? And how does it function?
Bitcoin Miner virus is a malicious program that belongs to the category of Trojan horses. This malicious program hijacks devices so it can mine Bitcoins using the GPU and CPU of the affected computers. This Trojan horse is dubbed as “COINMINER.QO” by TrendMicro. And based on the analysis done by security experts, it seems that most of the users affected by this Trojan virus are from the Asia-Pacific region with Japan having the largest number of infected devices followed by Indonesia and Taiwan, respectively.
The Bitcoin Miner virus uses the Windows Management Instrumentation or WMI which contains an application known as “scrcons.exe” used to run scripts. What makes this malware dangerous is that there is no indication that it exists in your system as it does not drop any kinds of the file in the system it infects.
During the malicious activity of the Bitcoin Miner virus, it executes multiple malicious scripts on the affected PC using a backdoor which the Trojan uses beforehand. These malicious scripts have the purpose to connect the Trojan to a command and control or C&C server. After that, it will connect to a remote C&C server for the second time around again, probably for communication. It then makes use of various classes to execute additional scripts that allows the malware to run further actions such as:
- Download the crypto-currency mining program and execute it without using any files.
- Add the infected PC into a mining pool network where all other infected PCs are also added.
- Remove control of the Trojan.
How does Bitcoin Miner Virus proliferate?
At the time of writing, it isn’t known how this Trojan horse proliferates yet. However, this malicious program can appear on your computer as an outcome of executing multiple different types of other malicious programs the existed previously in your system like other Trojans, worms, and so on. In addition, these kinds of viruses could also be obtained from malicious web links, fake software and fake software updates, malicious attachment from a spam email.
Follow the instructions given below to successfully remove the Bitcoin Miner virus from your system.
Step 1: Tap Ctrl + Shift + Esc keys on your keyboard to pull up the Task Manager
Step 2: After opening the Task Manager is opened, go to the Processes tab and locate the malicious processes that are named Taskhostw.exe, Updatechecker.exe, and WindowsUpdateChecker which are all processes of the crypto-currency mining Trojan. Then end all of these processes.
Step 3: Close the Task Manager and tap the Win + R, then type in appwiz.cpl and then tap Enter or click OK to open Control Panel.
Step 4: Look for Bitcoin Miner virus and then uninstall it.
Step 5: Close Control Panel and then tap the Win + E keys to open File Explorer.
Step 6: Navigate to the following locations.
Step 7: Look for the malicious files created by Bitcoin Miner virus such as Taskhostw.exe and Updatechecker.exe and delete them.
Step 8: Close the File Explorer.
The next step below is not recommended for you if you don’t know how to navigate the Registry Editor. Making registry changes can highly impact your computer. So it is highly advised to use PC Cleaner Pro instead to get rid of the entries that the Trojan has created. PC Cleaner Pro is a trusted program that helps in improving your computer’s overall performance by repairing any registry issues as well as optimizes your system. If you are not familiar with the Windows Registry skip to Step 14 onwards. However, if you are well-versed in making registry adjustments, then you can proceed to step 10.
Step 9: Open the Registry Editor, to do so, tap Win + R and type in regedit and then press enter.
Step 10: Go to the following locations and delete all the registry keys and sub-keys created by Bitcoin Miner virus.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\
Step 11: Close the Registry Editor
Step 12: Empty your Recycle Bin.
Once you got rid of Bitcoin Miner virus from your PC, follow the advanced guide below to get rid of it’s the files it has created.
Perform a full system scan using SpyRemover Pro. To do so, follow these steps:
- Turn on your computer. If it’s already on, you have to reboot
- After that, the BIOS screen will be dsplayed, but if Windows pops up instead, reboot your computer and try again. Once you’re on the BIOS screen, repeat pressing F8, by doing so the Advanced Option shows up.
- To navigate the Advanced Option use the arrow keys and select Safe Mode with Networking then hit
- Windows will now load the SafeMode with Networking.
- Press and hold both R key and Windows key.
- If done correctly, the Windows Run Box will show up.
- Type in explorer http://www.fixmypcfree.com/install/spyremoverpro
A single space must be in between explorer and http. Click OK.
- A dialog box will be displayed by Internet Explorer. Click Run to begin downloading the program. The installation will start automatically once a download is done.
- Click OK to launch it.
- Run SpyRemover Pro and perform a full system scan.
- After all the infections are identified, click REMOVE ALL.
- Register the program to protect your computer from future threats.