Nvi864 CPU Miner
The Nvi864 CPU Miner is a program based on the XMRig CPU Miner. The Nvi864 CPU Miner is designed to facilitate digital coin transactions that use Monero and Bitcoin. The people who operate the Nvi864 CPU Miner are reported to make a hefty profit from running the Nvi864 CPU Miner on multiple computers. Unfortunately, the Nvi864 CPU Miner is injected into remote computers without the user's knowledge. The Nvi864 CPU Miner may be attached to spam emails, cracked shareware, and pirated games to reach as many users as possible.
The program at hand may run in the system background as 'nvi864.exe' and feature a description that would suggest that it is part of the Nvidia's graphics driver. However, the file name 'nvi864.exe' and the displayed description are made to dissuade the user from terminating the Nvi864 CPU Miner when it hijacks your processing power. The Nvi864 CPU Miner requires a lot of processing power to verify Bitcoin and Monero transactions. People who lend their processing power to digital coin transaction platforms are paid a fee for their services. The more transactions your software verifies, the more money you are paid. Hence, the more PC you have running the Nvi864 CPU Miner, the more profit you can make. It is no surprise that threat actors would use the Nvi864 CPU Miner and compromise remote computers to expand their operations.
Infected users may notices spikes in the CPU activity and poor program performance. The Nvi864 CPU Miner may prevent other programs from running correctly and connect to remote mining pools via port 443. It is recommended to remove the Nvi864 CPU Miner using a reliable anti-malware instrument. The Nvi864 CPU Miner is built on the same platform as Minergate and 64Kilences.exe. The program has many versions and may be shipped to users under various names.
Associated filenames:
9BN9AQ5QX.exe, AAct.exe, App_loader.exe, AudioConverter.exe, B3.exe, Bam.exe, Bebamin.exe, CCleanerup.exe, Ccminer-x64-75.exe, ChromeHandler.exe, Deltatb.exe, Deskeyg.exe, Dwmhost.exe, Eb64.exe, Fastermc.exe, Gbhvexig.exe, Gerrime.exe, Goodlam.exe, Greentrax.exe, Gunpoint.exe, Hidserv.exe, InstUp.exe, Kolibry12.exe, Konkkix.exe, Lamtouch.exe, Lsmose.exe, Ma1rek.exe, Microsoft Windows.exe, Miner.XMRig!gen1, Mwessweeper.exe, Notla.exe, Nvi864.exe, Pmropn.exe, ProgramData2.exe, RAVBg64.exe, RWBMIN.exe, Rpcminer-opencl.exe, Runner.exe, Startup.exe, Super-Find.exe, Superfan.exe, Svdhalp.exe, Swchost.exe, SystemF0D7.exe, Tintom.exe, Tresis.exe, Unoapeco.exe, UpdaterProBrowser.exe, VORHJD.exe, Vaialamron.exe, Voyafresh.exe, Wcmn.exe, Wcmr.exe, Wshelper.exe, Xjj64.exe, Zanhpig.exe, amdhwnd.exe, amdpr.exe, autoclk.exe, bmupdate.exe, capi.exe, cex3.exe, cg64.exe, conshost.exe, contosog.exe, contosor.exe, core.exe, cpsvchost.exe, cpu-x64.exe, cpu.vmp.exe, cssrss.exe, ctvqzym.exe, deskeya.exe, dllhost32.exe, dtdump.exe, dvu.exe, ellfService.exe, exhelper.exe, fasst.exe, gc.exe, iscsicli.exe, jwtdww.exe, main.exe, memory.exe, minxmr32.exe, moonlight.exe, mssoft.exe, mwesmanager.exe, myvtfile.exe, nssm_x64.exe, nvcpl.exe, nvvgle.exe, opencl.exe, pass.exe, prelims.exe, realtkdrv.exe, runProcesses.exe, sctools.exe, seser.exe, sistem.exe, srs0518.exe, ssvchost32.exe, steagnmstneres.exe, steagnnmsintel.exe, svchosst.exe, svrwsc.exe, sysult.exe, taskmon.exe, teams.exe, tvwhrtch.exe, ursehealth.exe, winclock.exe, windefend.exe, winupdsvc.exe, winwb.exe, xfplay.exe, xmrig-amd64.exe, xmrtor.exe, xmx86.exe, xxxx64.exe.
Associated folders:
C:\Program Files (x86)\collaborating\prelims.exe
C:\Program Files (x86)\fasst\fasst.exe
C:\Program Files (x86)\probation\Gunpoint.exe
C:\ProgramData\ellfService\ellfService.exe
C:\ProgramData\hotfresh\Konkkix.exe
C:\ProgramData\voyasollam\BioDondex.exe
C:\ProgramData\voyasollam\Tresis.exe
C:\Users\username\AppData\Local\Realtek\realtkdrv.exe
C:\Users\username\AppData\Local\Temp\AudioConverter.exe
C:\Users\username\AppData\Local\Temp\TigerTrade.exe
C:\Users\username\AppData\Local\Temp\fCj117lon\Nursehealth.exe
C:\Users\username\AppData\Local\UpdaterBrowser\UpdaterProBrowser.exe
C:\Users\username\AppData\Local\Voyallossam\Goodlam.exe
C:\Users\username\AppData\Local\VzEujvQEZT\winupdsvc.exe
C:\Users\username\AppData\Package\dvu.exe
C:\Users\username\AppData\hodor\Bebamin.exe
C:\Windows\SysWOW64\ProgramData2.exe
C:\Windows\Temp\xxxx64.exe
C:\Windows\jwtdww.exe
C:\Windows\regpoliciy\contosog.exe
C:\sctools\sctools.exe
Associated detection names:
Coinminer.gdg
Coinminer_XMRMINE
TROJ_COINMINE
Troj.Nsis.Bitmin
Troj/Miner-GV Coin Miner
Troj/Miner-LX
Trojan.Application.Miner
Unwanted/Win32.BitCoinMiner
W32.CoinMinerRsND.Worm
W64/XMRIG4
Win64/Sorter.AVE.BitCoinMiner
Worm.NSIS.BitMin
