cryptocurrency miner malware

cryptocurrency miner malware disguised as a legitimate Windows process. I feel like If i keep messing around with it I'll genuinely brick my PC. It was linked to AddInProcess.exe but I deleted it. It persisted and tied itself to RegAsm (Another .NET tool). I tried searching the registries and schedulers and couldnt find anything honestly. I feel like if i keep deleting more processes from the .NET framework my pc will be bricked. Need help

_null•11/22/25, 12:22 PM

Yeah, this is absolutely not my area of specialty but I'll try to assist some because no one else has.

So AddinProcess and regasm are associated with .net but its most likely just leveraging it as a .net executable. I couldn't rule out their process being injected, but seeing as you are suspecting .net, I'd say that's unlikely.

_null•11/22/25, 12:23 PM

Ok, so go into Safe mode

_null•11/22/25, 12:28 PM

I just checked the process on my own system, the menu is dumb, I had to go into the "Reset menu"

But you want to hold shift and restart. Then navigate the menu on boot to look for Safe mode with networking

_null•11/22/25, 12:29 PM

then, since you seem capable:
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns

Autoruns - Sysinternals

See what programs are configured to startup automatically when your system boots and you login.

_null•11/22/25, 12:29 PM

investigate what is being ran at startup and the locations

_null•11/22/25, 12:31 PM

That should get you started.

cryptocurrency miner malware

Similar Threads

Similar Threads

Similar Threads