Bitcoin Miner Virus
Bitcoin Miner Virus -
Fact Or Fiction?
There has been a lot in the news recently about the the Bitcoin miner virus.
Is it real? What do you need to know in order to protect yourself?
It’s like the warning on the side of drain cleaner not to splash it in your eyes. If the PDF file was infected, it could infect your computer. Your anti-virus program should scan it as well and warn you if it’s dangerous.
Your anti-virus program should already do that
Whenever you download a PDF file. Of course, keep your version of Adobe Reader or Foxit PDF Reader (or whatever you use) updated. Old versions of Adobe Reader used to be easily exploitable and people got infected because users never updated them.
If I wanted to open random PDF files to look at for fun, how can my computer protect me? You see emails detect SPAM good now, there must be something to detect SPAM in PDF.
Also, as people inject exe codes in PDF, there must be a way to detect it in the code right? If you had a PDF file less than 10 MB, there is only so far you can bury your EXE file, right? I would think that larger PDF files would be at risk from malicious intent. Insight into my query is welcome. Thank you.
This very thing a couple of weeks ago: Had to remove an FBI Moneypack infection yesterday. It was the new nasty one that infects the MBR and disables Safemode and pretty much cripples the machine.
Now what I usually do is get to the Recovery Console and rewrite the MBR then use listsvc to view all the startup processes, disable anything that looked funky, then boot to the OS where you could use the normal tools to remove the infection. Well, yesterday, for shits and grins I decided to try a new tool, HitmanPro Kick Start. I was never a big HitmanPro fan, and always considered it to be a second rate also ran as compared to Malwarebytes, but the reason I tried Kick Start was because it creates a bootable USB Flash Drive that specifically targets the FBI Moneypack malware.
I created the boot drive, booted the infected computer using it, and in less than five minutes I was booting to Windows without having to fux0r around with the recovery console or repair disks or anything else. Once booted I ran MBAM which found a few more nasties unrelated to the FBI infection, and Gmer came up clean, so there was no need to resort to Combofix or a reinstall.
Anyway, I just thought I would pass along my recommendation for HitmanPro Kick Start http://www.bleepingcomputer.com/virus-removal/remove-fbi-monkeypak-ransomware Additional Resources:
Get the Recovery Console back in Windows 7 http://www.ghacks.net/2010/06/05/get-the-recovery-console-back-in-windows-7/ How to View Startup Programs From Recovery Console
From a non-infected computer download an run Hitman Pro Kick Start. Create a BOOTABLE Flash Drive with the kickstart option. Boot the computer and let Hitman remove the virus that prevents Safemode, then when it is complete reboot to Safemode and run your other anti-malware removers, such as Malwarebytes. You can download it from the authors site or from bleepingcomputer.