PSA: Cryptomining is a thing. Also something ironic.

It started with getting ridiculous memory/CPU leaks regularly. Then my cursor started bugging out and lagging really hard. Then one day I sign in to Gmail to see a sign in attempt was blocked from Hong Kong.

I found this e-mail the same day.



Translated it basically says invest in NOAH coins, a type of crypto currency. I found out I'd been hacked and my laptop was being used to cryptomine.

Just wanted to throw it out there that this is a thing, if you've got a nicer PC, like I assume most of you have, it could be happening without you even knowing.

Now for the ironic part. I looked into NOAH coins and saw this.

life sucks if your security sucks.
But this thing looks like some worthless no name shit. believe me, when great china pushes their own product out there, these small timers will (be) disappear(ed).

But yeah, know all your processes and how much resources they normally use.

eh, thought this thread would be about MTG:A

No shit, these guys are fucking good. I was about to sign in to my Gmail, I was feeling paranoid about it though. I've been checking in repeatedly since this happened to make sure it didn't happen again. I removed a ton of programs it might be hiding in too.

I go to sign in to an alternate e-mail on GMX to be safe. As soon as I hit login my cursor starts bugging out, I check the processes, and sure enough it's back.

These people are fucking ridiculous. I think they made a program that can hide itself until it notices you're signing in to an e-mail. Luckily the passwords I used on these e-mails were my two junk ones. And I literally killed windows and changed my main e-mail password in the minute I had until it force restarted.

then your problem isn't the process itself but a watchdog, either in the browser engine or somewhere hidden in the registry (the watchdog is camouflaged as another process or runs alongside a svchost process)

Good luck finding that shit :/

I don't think this is actually cryptomining or trying to steal my non existent money anymore.

I gave up trying to remove it myself, downloaded Kaspersky to do a full scan. I let it run for an insane amount of time. It came back with no threats, but some security risks. One of them was remote registry being reopened, which I had definitely closed.

I think they hid or removed the trojan, I planned on taking it and trying to bust it open to see how it worked, so it would be a good move.

But now I'm still getting the crazy lag spikes, but a new process pingsender.exe is showing up when it happens. Whenever I go in to the task manager to check it out it auto closes nearly instantly so I can't do anything.

I think I'm the target of some hardcore trolling. The Hong Kong sign in attempt was probably just a VPN. It seems like someone is just trying to collect random info and ddos me. (my internet has been awful for about a week, I think this is related.)

meh, the trojan could be at a lower level too, but that would be really sophisticated. Kaspersky wouldn't find it there. Or, whats always an option, your router is compromised :)

I would suggest reinstalling the OS if you can't find anything(would at least help against anything in the OS) and reseting BIOS/UEFI as well as upgrading it to it's latest version. If the problem persists, go to an expert.

"

tsunamikun wrote:

meh, the trojan could be at a lower level too, but that would be really sophisticated. Kaspersky wouldn't find it there. Or, whats always an option, your router is compromised :)

I would suggest reinstalling the OS if you can't find anything(would at least help against anything in the OS) and reseting BIOS/UEFI as well as upgrading it to it's latest version. If the problem persists, go to an expert.

I was just planning on bailing on this laptop anyways. I actually found this in a pile of trash and got it running almost decently. I have another slightly less junky one, I messed up the bootloader on it trying to dual boot Lubuntu though. It'll take like like no time to fix once I actually feel like doing it.

Agree with tsunamikun, it's hosed. Once you've lost control of the system, you cannot trust any software including the OS.

Reimage it and try to remember what you did before so that you don't do it again. Some sketchy program, some sketchy site, etc.

"

pneuma wrote:

Agree with tsunamikun, it's hosed. Once you've lost control of the system, you cannot trust any software including the OS.

Reimage it and try to remember what you did before so that you don't do it again. Some sketchy program, some sketchy site, etc.

Such lulz, I've only downloaded a trillion sketchy programs on this thing.