First time poster here. I have an old PC that I havent used in months. I turned it on last night to transfer my files to an external drive so I can reset it and give it to a relative as a gift. I have had MalwareBytes and Eset installed ever since I bought the computer around 2013. It was a decent computer at the time (i7 processor, 16gb ram)
Last night I logged it on and it was unimaginably slow. It's been sitting overnight and some of the icons in the tray on the bottom right hand corner arent loaded and when I right click them nothing happens or they take over a minute to react. Last night applications kept crashing- basic things like firefox. It seems to be running a bit faster today but still slowly. So last night I had it transferring my C drive to my external harddrive and I decided to let Eset run a scan. When I checked on it today Eset found a coinminer application running. I cleaned it and tried running the scan again and now it has found 2 variants of them this time. Both located in my C drive under program files. The applications are variants of CoinMiner(dot)(the letter J)(the letter Y). The other one has the same name but the last two letters are different and when I tried to google it I couldnt find anything about it. The location of the file is \"MyAccount"\Data\C\Program Files\ethereum\ethminer (2021_01_01 1-_42_21 UTC).exe Eset says the application in question is svchost.exe, specifically C:\Windows\System32\svchost.exe
Here's the kicker my C drive has already finished copying onto the external hard drive by time I caught it. Luckily the hard drive was brand new so there was no data on it from other devices. I deleted the C drive off the external hard drive after I saw the Eset report.
Malwarebytes doesnt find anything.
Now- I feel really stupid because a couple years ago I used to use a website where Eset would pop up and alert me to the same CoinMiner application, except it would say it was running on the website. I figured since Eset was giving me the option to block it, as long as I didnt download anything it would be fine. And I ran malwarebytes which never detected it. So is that where I got it from? It could be a coincidence or not. I don't know. I know that last night the only thing I did online was look up reviews of different software online. One of the websites was blocked from Eset so I closed out of it. After that I began transferring files and disconnected my ethernet cable and let it run along with the Eset scan.
What do I do now guys?
1) What do I do to protect my data? So far I have changed all my main account passwords with very secure passwords but this PC is old and there could be accounts on there that I forgot about or havent used in years.
2) How can I clean my PC?
3) Is my external hard drive now compromised? Can I still backup my data?
Also, the only other thing that stands out when I run a scan is a program called Manycam which I used to use years ago but have had installed forever. It's an application that lets you play videos over your webcam. Malwarebytes or eset ( I forget which one) used to tell me it was a PUP and that I should consider deleting it. This time when I scanned my computer (I think via Malwarebytes?) it had it listed as malware. I haven't updated the program in years I've had an outdated version forever because the newer versions make you pay for features that used to be free on the version I had.
