Bitcoin mine Malwarebytes help
i keep getting this Malwarebytes messege abt a outbound website for phishing.
this is what ive collected abt it pls help---
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 4/27/2025
Protection Event Time: 2:48 AM
Log File: 07ba97be-233c-11f0-b405-ccf9e4fdede5.json
-Software Information-
Version: 5.2.11.183
Components Version: 131.0.5227
Update Package Version: 1.0.98437
License: Trial
-System Information-
OS: Windows 10 (Build 19045.5796)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Windows\explorer.exe, Blocked, -1, -1, 0.0.0, 9959A3941FF1346C4CF7677AB96A1B96, 7D3A21318AAB37F0465C5EAF4188963A48E91DD85A4306400126B94DAC57C004
-Website Data-
Category: Phishing
Domain: pool.hashvault.pro
IP Address: 104.251.123.89
Port: 80
Type: Outbound
File: C:\Windows\explorer.exe
(end)
13 Replies
It is a miner but from the looks of it Malwarebytes blocked the connection, Scan your computer then check for the explorer.exe file it would only be in C:\Windows\explorer.exe, when found check the properties > details then check if its Microsoft
With these types of miners I recommend a fresh windows install from an usb
What malwarebytes are you talking about?
If it’s the extension and it blocked the website you should be fine, but if your using the app and it traced an application back to a website then yes do what c8 says
Can't be the extension due to the fact it detected something off the machine itself
Lemme prettify the logs
Protection Event Date: April 27, 2025
Protection Event Time: 2:48 AM
Log File: 07ba97be-233c-11f0-b405-ccf9e4fdede5.json
Malwarebytes Version: 5.2.11.183
Components Version: 131.0.5227
Update Package Version: 1.0.98437
License: Trial
Operating System: Windows 10 (Build 19045.5796)
CPU Architecture: x64
File System: NTFS
User: SYSTEM
Malicious Website Detected: Yes
Category: Phishing
Domain: pool.hashvault.pro
IP Address: 104.251.123.89
Port: 80
Type: Outbound
Associated File: C:\Windows\explorer.exe
Detection ID: 9959A3941FF1346C4CF7677AB96A1B96
SHA256: 7D3A21318AAB37F0465C5EAF4188963A48E91DD85A4306400126B94DAC57C004
But he’s saying it’s a website, guess it’s where he downloaded it from
@Dylan could you provide the site where you downloaded this?
Lemme look if I can find what miner they used
Nvm it says there
https://pool.hashvault.pro/
hashvault last I check is off xmrig
Yea @Dylan You have 2 options, We look into removing it (less safe but no wipe of your operating system) or just wipe your os
Yeah definitely malware https://www.malwarebytes.com/blog/detections/hashvault-pro
parntz
Malwarebytes
hashvault.pro
Malwarebytes blocks the domain hashvault.pro because it is associated with phishing
Let op answer then we'll look forwards
thank you imma just do a hard reset after i figure out some more of my info and get everything changed 🙂 thank you again
Thats why we are here