Jump to content

PowerShell CoinStealer.RP!MTB Causing CPU and Power Usage Spikes


Recommended Posts

Hello,

I noticed my computer running poorly and noticed Antimalware Service Executable spiking every couple seconds, and found it detecting CoinStealer.RP!MTB in PowerShell. I don't see anything like it in the PowerShell folder and am unsure of how to fix the issue. 

Thank you so much for any assistance or advice you can offer.

ELC_logs.zip

Edited by ClaytonZach
Attach ESET Log Collector logs
Link to comment
Share on other sites

Not sure if this follow up is helpful or not, but I ran Malwarebytes adwcleaner and it deleted C:\Windows\System32\Tasks\SVCHOST in Tasks and HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A8C93D-3183-493C-B9F0-64F4C7704AF4}, HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchost, and HKLM\Software\Wow6432Node\\Classes\CLSID\{8BF0126F-A5B7-4720-ABB2-2414A0AF5474} from the Registry.

The issue is still happening, however.

Link to comment
Share on other sites

  • Administrators

Unfortunately the ELC logs were collected when ESET was not installed.

Please make sure to install ESET first, enable detection of potentially unsafe and unwanted applications and then run a full disk scan. If no threat is detected, provide fresh ELC logs.

Link to comment
Share on other sites

  • ESET Staff

In looking at the currently provided logs, I was able to spot a malicious command running.  The command is being started as a scheduled task, who whatever Malwarebytes found, was likely just part of the threat.  Also, if ESET was installed, it would have been detecting and blocking the threat as "PowerShell/Runner.AV trojan".  The threat name "CoinStealer.RP!MTB" was likely detected by something other than ESET.

If you are still getting threat detections, I recommend doing the following:

  1. Reboot the computer and test if the symptoms go away (sometimes all that is needed is a reboot after cleaning)
  2. Install ESET and run a scan.  There is a good chance this will find and remove any remnants.
  3. If still experiencing symptoms, please generate a new ESET Log Collector, using the following to ensure it gathers items that will help investigating this threat: 
    • image.png

 

Link to comment
Share on other sites

  • Administrators

Unfortunately the logs were collected when ESET was not installed. Please install ESET first and activate it with a trial license if you don't have purchased one yet. After you've run a full a disk scan, collect logs with ELC.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...