Cryptojacking malware

[Robbyradar 0]

Why can't eset detect and remove cryptojacking malware?

 

[Marcos 5,071]

Not sure what you based this statement on since cryptojacking is a general term for malicious cryptomining. ESET detects many CoinMiner threats including those planted on websites in the form of JavaScript.

[itman 1,659]

On 4/24/2023 at 11:02 PM, Robbyradar said:

Why can't eset detect and remove cryptojacking malware?

Post an example of Eset non-detection.

Also, Eset detected wicar.org sample that wasn't detected by either Firefox or Google SafeBrowser coin miner protection:

Edited April 27, 2023 by itman

[Robbyradar 0]

My computer is the example of non-detection.  I have a smart cryptojacking malware that ESET has never found or stopped, regardless of scans.  Once I open a browser, and then stop working for 4-5 minutes, my computer would shift to full speed processing and sometimes overheats.  When I open Task Manager, the malware see's "the police" and stops running.  Only if I restart and never open a browser, would the malware not trigger.  Once I open a browser (even if I close it later) my PC will shift to full speed processing and full fan noise after 4-5 minutes of inactivity.  I purchased 3 different cryptomining "solutions", followed every direction of deleting certain system files, but nothing has been able to solve this.  It got so bad, that I gave up and purchased a brand new PC.  The new PC exhibited no signs of malware...until I finally physically attached my old hard drive with my important legacy files.  Immediately following the day I reinstalled my old hard drive as an available drive on my new PC, my new PC began exhibiting the same symtoms. I've run every scan, but now my new PC is no better than my old PC (but at least it's liquid cooled and doesn't crash).  I would pay anyone $1,000.00 if they can solve this problem and remove this malware that ESET cannot find or fix.

[Marcos 5,071]

I assume the performance issues are not caused by malware but let us check logs first.

When you notice high CPU utilization, please carry on as follows:

1. Enable advanced operating system logging under Tools -> Diagnostics in the advanced setup
2. After 1-2 minutes turn off logging
3. Collect logs with ESET Log Collector and upload the generated archive here. If too big, upload it to a safe location and drop me a message with a download link.

[itman 1,659]

12 hours ago, Robbyradar said:

The new PC exhibited no signs of malware...until I finally physically attached my old hard drive with my important legacy files.  Immediately following the day I reinstalled my old hard drive as an available drive on my new PC, my new PC began exhibiting the same symtoms.

Temporarily disconnect the old hard drive on the new PC. Reboot the PC. If the crypto miner behavior you describe ceases, you have found the source of the malware.

[itman 1,659]

14 hours ago, Robbyradar said:

It got so bad, that I gave up and purchased a brand new PC.

Unfortunately, this was not necessary.

Assuming the crypto miner was not UEFI/BIOS firmware based which is unlikely, you could have just performed a full disk reformat and reinstalled Windows.

Assumed is you would have backed up any files to external media you wished to retain prior to reformatting.

Edited May 17, 2023 by itman