cryptocurrency miner malware
cryptocurrency miner malware disguised as a legitimate Windows process. I feel like If i keep messing around with it I'll genuinely brick my PC. It was linked to AddInProcess.exe but I deleted it. It persisted and tied itself to RegAsm (Another .NET tool). I tried searching the registries and schedulers and couldnt find anything honestly. I feel like if i keep deleting more processes from the .NET framework my pc will be bricked. Need help
3 Replies
Yeah, this is absolutely not my area of specialty but I'll try to assist some because no one else has.
So AddinProcess and regasm are associated with .net but its most likely just leveraging it as a .net executable. I couldn't rule out their process being injected, but seeing as you are suspecting .net, I'd say that's unlikely.
Ok, so go into Safe mode
I just checked the process on my own system, the menu is dumb, I had to go into the "Reset menu"
But you want to hold shift and restart. Then navigate the menu on boot to look for Safe mode with networking
then, since you seem capable:
https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns
Autoruns - Sysinternals
See what programs are configured to startup automatically when your system boots and you login.
investigate what is being ran at startup and the locations
That should get you started.