It is very likely that you have heard of bitcoin as an anonymous virtual currency, totally decentralized and used to make payments in the darknet between other sites. The truth is that in black markets you can buy almost everything from stolen service accounts and social networks, to places like Silk Road where you can find all kinds of drugs.
This does not mean that bitcoin is a bad thing per. The currency is used to make payments, does not understand if they are for legitimate or illegitimate purposes. The darknet also has a much more friendly face that goes beyond black markets and hacks on request.
Returning to the topic of bitcoin, it is designed to operate through the block chain or Blockchain, which is responsible for recording the transactions that are made with this currency and to verify them roughly. One way to win these cryptographic coins is through a process known as bitcoin mining.
What is bitcoins mining?
Bitcoin mining is a way to keep the block chain consistent, complete and unalterable by checking over and over again and collecting new issuing transactions into groups of already issued transactions, known as “blocks”.
These blocks require complex mathematical calculations to be processed, so the so-called bitcoin miners must provide the additional power for this by sacrificing a portion of the resources of their computer. By way of compensation, every 10 minutes a bitcoin is generated without owner that is distributed among all the miners who participate in the processing of the block.
To be able to mine coins you need to install P2P software that will take your resources from your computer. When generating that bitcoin without owner you will receive in return a part equivalent to the power that you supply or fixed through a rate of transactions.
The mine of bitcoins as malware
Cybercriminals have long launched malware campaigns specialized in bitcoin mining, using what is known as bitcoin miner. Through this type of programs the victim’s computer is used to extract the cryptographic currency without it being known.
Why is it necessary for cybercriminals to do this? The answer is very simple: a home computer is not enough to mine bitcoins, and specialized equipment that can be used only for this purpose costs a lot of money.
Obviously it is much cheaper to use the infection with malware so you do not have to invest in specific equipment. Why scratch your pocket if you can make someone else’s computer do it for you? That is why campaigns are started that trick users into using a malicious download link or to spread the virus through social networks, which are the most common infection methods.
How to know if you are infected with a bitcoin miner
Does your computer run slower than usual? Are RAM loads and processor resources unusually high? If the answer to both questions is “yes” then you are very likely to be infected.
As we have already mentioned, the bitcoins miner “eats” part of the resources of your computer in exchange for a part of the currency without owner that is created every 10 minutes. To have a greater certainty that, indeed, our computer hosts a bitcoin miner we have several options. First, a “manual option”, which involves going to the Task Manager and checking how the system resources work.
If we do not see anything unusual then there is no need to worry. If any of the processes that appear in the list have a name that we do not know, uses a lot of memory or uses many processor resources, then we can start worrying .
If a name that shows the Task Manager not only not familiar to us, but also consumes a lot of resources, the simplest is to go to Google to perform a search. If the search reveals that it is a bitcoin miner, we will have to remove it immediately.
As a first “automatic option” we have the program Malwarebytes Anti-Malware, which in the case of free protection should identify them and allow them to eliminate them without any problem – we will talk about this later. In its paid version its action on bitcoin miners should be even more immediate.
As a second option in which we can use a program we find RogueKiller Antimalware, along with Malwarebytes one of the best in its class. With it should not be difficult to find the virus that minea bitcoins in our PC and take care of it once and for all.
As a third and final program we are going to recommend Dr. Web Cureit! A powerful standalone antivirus that scans and removes malware . Being a program that does not need to be installed is ideal for use in emergency situations.
How to remove a bitcoin miner from your PC
It is likely that reading all of the above you have been able to think that there are already standalone tools that offer a cleaning system that destroys anything. We’ll get to that. In the first place, we are interested in identifying and locating the threat .
First we will have to download at least one of the three antimalware mentioned above plus a standalone tool, preferably ComboFix or ADWCleaner . If you use Windows 10 it is worth remembering that ComboFix is not compatible, so you can only use the second program.
The next thing is to disconnect the PC from the Internet completely and run one of the two programs. If we use Malwarebytes Antimalware we will have to do, in this order, a fast scanner and a complete scanner before cleaning.
If, on the other hand, we have decided on RogueKiller, the program already carries out an exhaustive analysis by itself. We will only have to wait for it to finish before we delete the infected files. It is worth commenting that RogueKiller will also analyze entries in the Windows registry that are infected, which will offer us the possibility to eliminate them.
If the program by which we have decided is Dr. Web Cureit!, just click the Scan button to make the program search for threats on the PC. If you find them, it will give us the option to clean.
Now what we would have to do is make sure the PC is clean. Now we can use ComboFix or ADWCleaner, which will look where the antispyware could not reach and, if they detect something, give us the option to remove it. When the cleaning is finished we will have to restart the system for the changes to take effect.
