Windows 10: Did I just find crypto-malware on my PC?

I left my PC alone with Task Manager open, and I noticed 3 processes, called ".NET Runtime Optimization Service", sitting at the top (when sorting by CPU). I sat down at my PC, and as soon as I started using it, they started to move down the list and separate. After waiting for 10 seconds, they quickly found their way back to the top. Very considerate, but still a nuisance.

So, naturally, I fired up Process Explorer to take a look. This is what I found: C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe -restart 0 -pool us1.ethermine.org:4444 -pool2 us2.ethermine.org:4444 -wal 0x2C87A020b716276D37FF52BFab90286C71A28Ed9.MyRig -proto 3 C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe -restart 0 -pool us1.ethermine.org:4444 -pool2 us2.ethermine.org:4444 -wal 0x2C87A020b716276D37FF52BFab90286C71A28Ed9.MyRig -proto 3 C:\Windows\Microsoft.NET\Framework\v3.5\mscorsvw.exe -restart 0 -pool us1.ethermine.org:4444 -pool2 us2.ethermine.org:4444 -wal 0x2C87A020b716276D37FF52BFab90286C71A28Ed9.MyRig -proto 3

The command-line arguments for all three processes contain "ethermine", which I assume is an Ethereum miner. Cool, so I've been lending my processing power this whole time, and Windows Defender didn't have anything to say about it?

So, I have a few questions: 1. This is crypto-mining malware, right? 2. How do I get rid of it? 3. How do I get rid of all traces of it? 4. Has anyone else here encountered this before? 5. How can I check my PC for malware like this, without using antivirus (for personal reasons)?

Thanks in advance!

submitted by /u/GLIBG10B
[link] [comments]

:)

 

How crypto ransomware spreads... is it decryptable...should I pay the ransom

Crypto malware ransomware typically propagates itself as a
Trojan Horse which the developers use to target a wide audience for financial gain rather than a specific individual. Numerous

variants of encrypting ransomware have been reported between 2013 and 2016.

• Sophos: The Current State of Ransomware
• The ascension of Crypto-Ransomware and what you need to
  know to protect yourself
• Symantec: Ransomware A Growing Menace

A repository listing of Crypto malware Information and ransomware topics can be found in this index.

• List of BC Crypto malware Information Guides, FAQs, news, support and discussion
  topics

 

Does Windows 10 File History protect against crypto malware

Is the saved data generated by Windows 10's file history feature isolated from users and administrators? I'm asking this after reading of the recent crypto attack against OSX machines where time machine backups were safe because the files are only accessible to a special user and even with access to the drive the malware wasn't able to encrypt time machine's data store.

I was wondering if Windows 10's feature provides similar protection. There is a similar question to this but the answers simply suggest different backup strategies and don't actually answer the question.

note: I realize that the most secure solution involves backing up to drives that are physically disconnected, there's no need to suggest that - I'm only looking for a specific answer to this question

 

How crypto ransomware spreads... is it decryptable...should I pay the ransom

Crypto malware typically will scan and encrypt whatever data files it finds on computers connected in the same network with a drive letter including removable drives, network shares, and even DropBox mappings...if there is a drive letter on your
computer it will be scanned for data files and encrypt them. Some crypto malware will scan all of the drive letters that match certain file extensions and when it finds a match, it encrypts them. Other crypto malware utilize a white list and will
encrypt all files unless it has certain excluded extensions or is located at a certain area on the system.