Trojan.BitCoinMiner
* path
c:\users\grato\appdata\roaming\nscpucnminer\pools.txt
c:\users\grato\appdata\roaming\nscpucnminer\nscpucnminer64.exe
c:\users\grato\appdata\roaming\nscpucnminer\nscpucnminer32.exe
c:\users\grato\appdata\roaming\img001.exe
c:\users\grato\appdata\roaming\snappy\snappy.exe
c:\users\grato\appdata\roaming\nsminer\img001.exe
c:\users\grato\appdata\roaming\nsminer\img002.exe
c:\users\grato\appdata\roaming\nsminer\nscpucnminer32.exe
c:\users\grato\appdata\roaming\nsminer\pools.txt
* delete value
hcu_val\%x%\run : c:\users\grato\appdata\roaming\nscpucnminer\img001.exe
* delete key
hcu_key\software\bifrost
hcu_key\software\snappy
|
|