...as you read, just about yesterday cleaned my freshly installed system of a miner ...there must be a program ive installed with it ...dont know winch but from now on ill check more often ...it was using my cpu and Gpu to almost 80% ...the name of this was cfthost.exe and was located in a very strange place on my ssd ...installed hwmonitor to see whats going on with the whole hardware and infact the gpu was picking 80% with high temps 60 degrees C ...the cpu was indicating 53 C ...just what the hell!!! ...after cleanning it with Malwarebytes and rescanned, restarted the system like 3 times all was back to normal ...please even if you are not connected to the net it can be there using you hw almost to the max ...just check it !

 

Last edited: Jan 30, 2016

No need to check anything as I use Debian Linux for Internet.

I would rely on Malwarebytes and nothing else on Windows. Just scan occasionally with it.

Good luck !

 

Utorrent was installing one of these bastards a while ago. Thankfully, the unusual GPU fan noise tipped me that something was wrong. That's why I've changed to Tixati and never looked back.

Anyway, if you really want to be on the safe side, do yourself a favor and buy Hitman Pro. It does a very quick scan on startup and has the best detection rates around. It's better than Malwarebytes, in my opinion.

Also, please, use a firewall. I've been using Glasswire, which is very simple and intuitive, along with Windows native firewall. It's a great combo.

 

Last edited: Jan 30, 2016

Great find. I've been looking for a small-footprint firewall. You uncovered a gem here.

 

Yeah I too had questionable stuff appear after using utorrent. Sad really because I liked that app. Another free safe app to check out is http://www.qbittorrent.org/if you need a win-based torrent client.

 

there are even jscripts in webpages doing mining so watch out for suspicious cpu peaks on sites.

 

It sounds like you encountered some malicious software using a significant portion of your CPU and GPU resources. The cfthost.exe process was likely part of a miner or unwanted program installed without your knowledge. It's good that you used Malwarebytes to clean it up. Moving forward, make sure to regularly scan your system with trusted security software, avoid downloading questionable programs, and monitor your hardware for any unusual activity.

 

Just be glad it was a bitcoin miner and not an infostealer.

 

A miner needs to be connected to the internet, how would it confirm blocks if it wasnt connected to the network?

Either way, glad you found it, and that it wasnt something more malicious.

Fun fact, i was mining btc in 2013 for fun but sold in the 2017 bull.

I had a substantial amount leftover, but lost it like an idiot. i didnt take it as seriously back then, and did not backup my keys. if i didnt sell, and didnt lose the rest, id have 10 or 20 million worth at todays rate. fun stuff.

 

Most regret stories are like... I spent 45 btc on pizza hut when they were .25 to .50 cents.

From 13 to 17 it nearly did 2000x. Been a measly 5x since. You didn't miss anything.

 

well I remember I found keys for Ethereum ...deleted them I dont even know what to do with that stuff... we just woke a thread from 7 yrs ago

PS: I believe Ethereum could be mined offline and compare the results when connecting, at least I read that somewhere sometimes

 

You think linux is going to protect you from virus/malware?? That's about as naive as the apple folks saying the apple OS is invulnerable to the same. It isn't and neither is any *NIX system... You might wanna Chek yourself before you Wrek yourself on that one... Maybe do a web search on *NIX vulnerabilities - just FYI, there's a lot to discover.

 

Would you like to elaborate on this? I googled it but apparently I am not smart enough to even remotely understand what this is and how I can detect (or better: prevent!) it on my Linux MX21 system?

 

A.I.DDS

It's sneaky.

 

Task manager doesn't show all processes running on PC, I use Process explorer, it shows near 3 times more processes than TM,
but still some suspectful processes appear on my PC just for a moment (less than 1 second) they are marked with red in PE,
Mawarebytes? I scanned with it my PC few days ago, but still those red lines appear in PE

 

If you install the program in my signature, I'll check your PC for you, for free - perpetually.