Dylan
Dylan3w ago

Bitcoin mine Malwarebytes help

i keep getting this Malwarebytes messege abt a outbound website for phishing. this is what ive collected abt it pls help--- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 4/27/2025 Protection Event Time: 2:48 AM Log File: 07ba97be-233c-11f0-b405-ccf9e4fdede5.json -Software Information- Version: 5.2.11.183 Components Version: 131.0.5227 Update Package Version: 1.0.98437 License: Trial -System Information- OS: Windows 10 (Build 19045.5796) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Windows\explorer.exe, Blocked, -1, -1, 0.0.0, 9959A3941FF1346C4CF7677AB96A1B96, 7D3A21318AAB37F0465C5EAF4188963A48E91DD85A4306400126B94DAC57C004 -Website Data- Category: Phishing Domain: pool.hashvault.pro IP Address: 104.251.123.89 Port: 80 Type: Outbound File: C:\Windows\explorer.exe (end)
13 Replies
c8
c83w ago
It is a miner but from the looks of it Malwarebytes blocked the connection, Scan your computer then check for the explorer.exe file it would only be in C:\Windows\explorer.exe, when found check the properties > details then check if its Microsoft With these types of miners I recommend a fresh windows install from an usb
Orientate
Orientate3w ago
What malwarebytes are you talking about? If it’s the extension and it blocked the website you should be fine, but if your using the app and it traced an application back to a website then yes do what c8 says
c8
c83w ago
Can't be the extension due to the fact it detected something off the machine itself Lemme prettify the logs Protection Event Date: April 27, 2025 Protection Event Time: 2:48 AM Log File: 07ba97be-233c-11f0-b405-ccf9e4fdede5.json Malwarebytes Version: 5.2.11.183 Components Version: 131.0.5227 Update Package Version: 1.0.98437 License: Trial Operating System: Windows 10 (Build 19045.5796) CPU Architecture: x64 File System: NTFS User: SYSTEM Malicious Website Detected: Yes Category: Phishing Domain: pool.hashvault.pro IP Address: 104.251.123.89 Port: 80 Type: Outbound Associated File: C:\Windows\explorer.exe Detection ID: 9959A3941FF1346C4CF7677AB96A1B96 SHA256: 7D3A21318AAB37F0465C5EAF4188963A48E91DD85A4306400126B94DAC57C004
Orientate
Orientate3w ago
But he’s saying it’s a website, guess it’s where he downloaded it from @Dylan could you provide the site where you downloaded this?
c8
c83w ago
Lemme look if I can find what miner they used
Orientate
Orientate3w ago
Nvm it says there https://pool.hashvault.pro/
c8
c83w ago
hashvault last I check is off xmrig
Orientate
Orientate3w ago
c8
c83w ago
Yea @Dylan You have 2 options, We look into removing it (less safe but no wipe of your operating system) or just wipe your os
Orientate
Orientate3w ago
Yeah definitely malware https://www.malwarebytes.com/blog/detections/hashvault-pro
parntz
Malwarebytes
hashvault.pro
Malwarebytes blocks the domain hashvault.pro because it is associated with phishing
c8
c83w ago
Let op answer then we'll look forwards
Dylan
DylanOP3w ago
thank you imma just do a hard reset after i figure out some more of my info and get everything changed 🙂 thank you again
c8
c83w ago
Thats why we are here

Did you find this page helpful?