I saw today such beauty

enter image description here gobbled up 30 GB

Like they say that this is a miner. I saw the suspicious activity of the company, but I did not sin for viruses (it costs a node). but see crap it.

How to find and remove malware? There is nothing in autoload. I advise you to beat ctfhost.exe but I don’t have one. But

enter image description here what to do?

Closed due to the fact that off-topic participants Kromster , user194374, Denis Bubnov , Mikhail Vaysman , Akina 16 Feb '17 at 16:34 .

  • Most likely, this question does not correspond to the subject of Stack Overflow in Russian, according to the rules described in the certificate .
If the question can be reformulated according to the rules set out in the certificate , edit it .

  • Ask those who say that this is a miner. Delete the catalog if you think you don’t need it. - Vladimir Martyanov
  • Found this miner (eth). was used via the supposedly BlueStacks2 android emulator. Even when downloading from the official site. The game castle Clash I can assume creates c: \ Users \ IRKA \ AppData \ Local \ Ethash \ 1.8GB files. - user237276
  • four
    This question should be closed, because it is not related to the site. - Kromster

1 answer 1

Close all programs, temporarily unload antivirus, firewall and other security software. Important! on Windows Vista / 7/8 AVZ launch through the context menu of the explorer on behalf of the Administrator. Run the script in AVZ (File - Run script):

begin TerminateProcessByName('C:\Users\USERNAME\AppData\Roaming\Corel\Java\jusched.exe'); QuarantineFile('C:\Users\USERNAME\AppData\Roaming\Corel\Java\jusched.exe',''); DeleteFile('C:\Users\USERNAME\AppData\Roaming\Corel\Java\jusched.exe','32'); DeleteFile('C:\Windows\system32\Tasks\Java Update Schedule','64'); ExecuteSysClean; RebootWindows(true); end.

Attention! The computer will restart.

A source

  • @Abyx, fixed, thanks for the advice - Artem Y