Bitcoin Miner in svhost.exe erscheint nach Neustart wieder

My BitCoin Miner Story

So I'm working on my computer and all of a sudden my power supply started making this super weird coil whine noises. I knew what it was since I heard it before at a previous psu that I had to RMA because of that.
Now my psu is a shitty one because I got a bit stingy when I built my unit... it's a Segotep psu ffs. Here I was thinking that it started to fail after not even 1 year of usage. But then I started to investigate...
I opened the Task Manager and found a process called issch.exe (click for pic) under the description of 'InstallShield Update Service Scheduler'. Yes....A fucking bitcoin miner was installed on my pc. It had around 1.2 mb and was installed in:
C:\Users\myuser\AppData\Roaming\Identities\ISSCH\issch.exe
I have Malwarebytes Premium installed and it couldn't detect it. That isn't a problem since it's easy to detect if you sort the processes in task manager by the cpu usage. The goddam thing was drawing 25% power from my cpu. So after I identified it I made a search in all my files and I found it and deleted it.
Now you're probably wondering where have I got it from. Well the only 2 games that I installed were:
INSIDE-Steamworks
and
Rise.Of.The.Tomb.Raider.-Steamworks
So apparently not only Seyter includes miners in his releases but Steamworks too...fuck those guys. I was so close to order a new psu because of them =)
Upvote so that others become aware of this.
LE1: the libcurl.dll file was also present in the folder where the issch.exe was (as stated in this thread )
LE2: if you want to take a look at the files (maybe debug them or smth) you can download'em from here ...hope that malwarebytes or my antivirus didn't messed with'em in any way though
LE3: as you can see in this pic (posted by another member) the miners can have other names too (jusched.exe for ex)...so watch out for those names too
submitted by Karstarks to CrackStatus [link] [comments]

Malware potentially 'hiding' in (I think) legit software?

Earlier this week I noticed that after playing various games, my gpus usage held at about %80 with nothing running (I had afterburner open for some pre-fallout 4 overclocking) - after a bit of digging (It didn't use much cpu or ram at all), I found the culprit to be jusched.exe, what I determined to be a bitcoin or similar virus, running when I was idling. I removed it, and everything seems fine again.
The problem is where I found it. It was in C:\Users...\AppData\Roaming\Eviivo\Java Obviously not my java installation location, but rather the appdata folder for one of my client's (I am a web developer) bookings portal application. From what I have observed they (Eviivo) are a fairly reputable company, so I doubt they placed it there.
Could it be that I acquired the virus through a different source and it just chose a random appdata folder to dump itself in, or is it more likely that it potentially came with the eviivo software? In that case I feel like I should inform them, but I don't want to go through the whole process to find that it was only my end. I am concerned, however, for my client who is also running this application (and computer illiterate enough to be unable to diagnose this for herself) and any others using the software.
Where should I go next? Not too sure if this is a /techsupport question, but I didn't know where else to ask...
Thanks anyway!
submitted by nuggetbram to techsupport [link] [comments]

Can't turn on Firewall.

Gmail says I need to enable cookies but it's aready enabled. So it might have something to do with the firewall. Here's the hijack this.
Also I recently deleted the .exes of some virus named "bitcoin-miner". I'm not exactly sure if that's related with this one.
Anyone, help?
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:48:55 PM, on 12/28/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\VistaSwitcher\vswitch.exe C:\Program Files\DVDFab Virtual Drive\vdrive.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Adobe\Adobe InDesign CS6\InDesign.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskmgr.exe C:\Windows\System32\cttunesvr.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = facultyproxy.upd.edu.ph:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Users\Guissmo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DVDFab VDrive] "C:\Program Files\DVDFab Virtual Drive\vdrive.exe" O4 - HKCU\..\Run: [SugarSync] "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" O4 - HKUS\S-1-5-18\..\Run: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\$GPATH\gupdate.exe /app 87D5BDC2BA6D83EA507102CE330A5F42 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\$GPATH\gupdate.exe /app 87D5BDC2BA6D83EA507102CE330A5F42 (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Guissmo\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.sc200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D899ECB6-12A8-49B8-8758-8DD51777D017}: NameServer = 202.126.40.5 222.127.143.5 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - Winlogon Notify: niaxama - C:\Windows\system32\config\systemprofile\AppData\Local\niaxama.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe -- End of file - 13379 bytes 
submitted by guissmo to techsupport [link] [comments]

Best website to mine bitcoin + payment proof + giveaway my ... FREE Bitcoins! Claim every 7 seconds! One Cash - YouTube Get free Bitcoin  No Investment Work 2020 - YouTube How to Earn Bitcoin 2020 Video Guide Step by Step ... how to earn free Bitcoin 2020 step by step instructions ...

The application jusched.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The ... Anti-jusched.exe: Interesting forum. The sole purpose of jusched.exe appears to be to run jucheck.exe occasionally to check for updates. You could avoid whatever security hole it opens up by running, and still keep Java updated, by disabling it and running jucheck directly. You could do this manually, but then you have to remember to do so. The How-To Geek (see link below) suggests running ... Plagegeister aller Art und deren Bekämpfung: Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu ... Hello hard working malwarebytes community, as the thread title states I've caught a bitcoin virus which masquerades as the Java Update Scheduler (jusched.exe) and which starts by itself (even after killing the process several times) and makes my graphics card run at maximum power (as expected).I'd guess the other one in the task manager (Java Update Scheduler (32 bit)) is the original. If jusched.exe is located in a subfolder of the user's profile folder, the security rating is 79% dangerous. The file size is 601,600 bytes (70% of all occurrences), 192,519 bytes and 6 more variants. Jusched.exe is not a Windows system file. The program is not visible. Jusched.exe is able to monitor applications and record keyboard and mouse ...

[index] [6018] [51179] [39498] [14144] [45246] [9840] [17574] [44551] [7742] [24189]

Best website to mine bitcoin + payment proof + giveaway my ...

how to earn 1bitcoin very fast http://exe.io/pbJrRNX Earn up to 1btc per day http://exe.io/aKCbzby In this video I show you a page where you can earn Bitcoins for free. Link to the Page: http://exe.io/ibmqY2iV EARN UP to 1 Bitcoin in a SINGLE DAY: http://exe.io/shVZP7U Earn up to 1BTC in a SINGLE day now - http://exe.io/NFPCud

#