Multi-Device Licenses (Volume Discounts)

Change Region

English Português
Threat Database Potentially Unwanted Programs startWebLogic.exe CPU Miner

startWebLogic.exe CPU Miner

By GoldSparrow in Potentially Unwanted Programs
Translate To:
English

The startWebLogic.exe CPU Miner is a program that can be found on computers that have been compromised by a Trojan-Downloader, and the user has downloaded a fake update to Adobe Flash and Java. The startWebLogic.exe CPU Miner is created by threat actors who aim to use the processing power of compromised machines for profit. Assuming you are familiar with digital money that falls under the term cryptocurrency, you might know that cryptocurrency transactions require enormous processing power to be verified and ensure persistence with each block. In simpler terms, the moving of digital money involves complex calculations, and the operation depends on the work of a large-scale computer network.

Individual users can help maintain cryptocurrency networks like Ethereum, Dogecoin and others. The same was true for Bitcoin until it became a leading force in the digital money market in 2017. This is where we come back to tools like the startWebLogic.exe CPU Miner. The startWebLogic.exe CPU Miner is a customized version of the XMRig open-source code, which was later used to spark the wave of Minergate clones at the end of 2017. The startWebLogic.exe CPU Miner is used by third parties to hijack the processing power of compromised devices and help verify Bitcoin transactions. The people who created the startWebLogic.exe CPU Miner are paid in Bitcoins for every encrypted block their computer network has processed. However, the PC owners who have the startWebLogic.exe CPU Miner running in the background do not receive a dime of the profit generated using their hardware. The startWebLogic.exe CPU Miner and related resources are usually dropped to the following folders:

  • C:\Program Files(x86)\[random string]
  • C:\ProgramData\
  • C:\Users\username\App Data\Local\
  • C:\Users\username\App Data\Roaming

AV companies use the following detection names in reference to the startWebLogic.exe CPU Miner and potential clones:

  • MSIL/CoinMiner
  • RiskWare[RiskTool]/Win64.BitCoinMiner
  • Not-a-virusrisktool.win32.bitcoinminer
  • Win32.hacktool.coinminer
  • Trojan.SvcMiner
  • Troj/Miner-BP
  • Win32.Trojan.Agent Coin Miner

As mentioned above, the startWebLogic.exe CPU Miner is based on XMRig, and there are hundreds of clones registered per month. The reason is that tools like the startWebLogic.exe CPU Miner allow threat actors to have a steady income and given the volatile nature of the Bitcoin currency they can make a lot of money in a short period. Hence, threat actors are motivated to release numerous copies of XMRig, create new versions and aim to expand their network of available devices. You can terminate instances of the startWebLogic.exe CPU Miner with the help of a trusted anti-malware suite, as well as block the loading clones. Some of the recent versions of Minergate and XMRig include:

1.exe, 32kilences.exe, 360ds.exe, Aa.exe, Crack.exe, Ab.exe, Adsshowss.exe, AdvProxy.exe, Apnstub.exe, Appframehost.exe, Ativsc.exe, Ativsi.exe, Ativsk.exe, Atixxc.exe, AudioModule.exe, Audiobl.exe, Azureservice.exe, Bash.exe, Bicho.exe, Bin.exe, Byaiamuf.exe, ColorScheme.exe, ComDev.exe, Comp_stat.exe, Contorl.exe, Cpservice.exe, Ctfhost.exe, Dereporting.exe, Dj-mining.exe, Dllhostwin.exe, Dofilterhost.exe, Don-Find.exe, Don-find.exe, Drwtsn32.exe, Dwrkgto.exe, Dzf.exe, Ecolam.exe, Eczey.exe, Ekqovlafpj.exe, Eqm.exe, Errorcheck.exe, Etwinprc.exe, Fefef.exe, File4org_421057.exe, Flashtask.exe, Flchost.exe, Gameconfig.exe, GoogleSetup.exe, Googlesetup.exe, Googlestart.exe, HelpPane.exe, Helppane.exe, Hideminer.exe, Hpset.exe, Hslite.exe, IAStorIco.exe, IOcrypte.exe, Ide.exe, Idle Driver.exe, Idmgrhip.exe, Ksvchost.exe, Ligon.exe, Litecoinsforgood.org.exe, Lnsecsl.exe, Logon.exe, Logonui.exe,Mscorsvw.exe, Maine.exe, Maohawifisvr.exe, Mbsoluesvc.exe, Mcmlkb.exe, Mdns2.exe, Mineos.exe, Msbuild.ex, Mserver.exe, Msg.exe, Mssecsvr.exe, Mswininit.exe, Muxu.exe, Myfile.exe, Myprocess.exe, NisSrv.exe, Node32.exe, PowerMsger.exe, Powermsger.exe, Prog.exe, Ptt.exe, Ptyqfentwb.exe, Publisher.exe, Ready.exe, Realtek Audio.exe, Recover.exe, ReiGuard.exe, Run32.exe, Rundll32.exe, Rundll33.exe, Sailflex.exe, Saltnimdex.exe, Searchprotocolhosts.exe, Sekuhplsvc.exe, Servergui.exe, Session.exeOlly.exe, Setup-srsroot.exe, Setuup.exe, Sfaupdater.exe, Shell.exe, Shieldtest.exe, Shool.exe, Silent.exe, SimpleNoteApp3.exe , Smssupdater.exe, Srvanyx.exe, Startapps.exe, Startermodule.exe, Sturffae.exe, Svbhost.exe, Svhost64.exe, Svohost.exe, Svvhost.exe, Synaptics.exe, Sys.exe, Syssecure.exe, SystemProcess.exe, Systemati.exe, Systemconsole.exe, Systemrr.exe, Systm.exe, Systmss.exe, Test_mys.exe, Turrentie.exe, Upd new hack.exe, Update64.exe, VK_HACK.exe, Valhalla.exe, Varta.exe, Video_live.exe, Vk_hack.exe, Vmprotectss.exe, Vsdatwo.exe, W3wp.exe, Wdf.exe, Welcome.exe, Win32svc.exe, WinSeven.exe, WinSvchost.exe, Wincache.exe, Windownsystem.exe, Windowstime.exe, Winkavapp.exe,, Winup.exe, Wizard.exe, Wudfhost.exe, Wupv.exe, Wwwww.exe, Zord.exe, Ztem.exe, adsShowss.exe, aes-avx.exe, affaseodg.exe, bfgminer.exe, consystem.exe, dfgurey.exe, discuz.exe, dj-mining.exe, dllhostwin.exe, drvhandler.exe, drwtsn32.exe, dsbs.exe, ertrqvg.exe, expiorer.exe, feff.exe, gaszilanfofg.exe, hdtask.exe, hidekill.exe, ii1s.exe, imesrv.exe, jboss.exe, key.exe, lastorico.exe, late-night-miner.exe, litecoinsforgood.org.exe, lnsecsl.exe, lsmosee.exe, lsmoseee.exe, mindManager.exe, mssm-cmm.exe, netcore.exe, network.exe, precomp.exe, ptt.exe, regsvr.exe, rundll64.exe, serversocket.exe, smappscontroller.exe, srvanyx.exe, starter.exe, stub.exe, svhostx86.exe, syntec.exe, syslog.exe, systemRR.exe, taskhostw.exe, taskmana.exe, taskmann.exe, taskown.exe, test_mys.exe, updatechecker.exe, video_live.exe, wcmsvc.exe, win32svc.exe, windowsDefender.exe, winreg.exe, winstar.exe, winword016.exe, xpon.exe.

Folder locations for the executable listed above include:

C:\Program Files (x86)\Launcher for Windows\winstar.exe
C:\Program Files (x86)\app\Wizzard.exe
C:\Program Files (x86)\azer\setuup.exe
C:\Program Files (x86)\fef\feff.exe
C:\ProgramData\GameConfig\GameConfig.exe
C:\Users\username\AppData\AdveR\AdvProxy.exe
C:\Users\username\AppData\Local\Saltnimdex.exe
C:\Users\username\AppData\Local\xpon\xpon.exe
C:\Users\username\AppData\Qoutex\ecolam.exe
C:\Users\username\AppData\Roaming\SIVApp\Eczey.exe
C:\Users\username\AppData\SimpleNoteApp3.exe
C:\Users\username\AppData\SimpleNotepad4\
C:\Users\username\AppData\System32\Windows\taskhostw.exe
C:\Users\username\AppData\WindowsTask\AudioModule.exe
C:\Users\username\AppData\Xl5jVVxcVWIx\ertrqvg.exe
C:\Users\username\AppData\hdtask\hdtask.exe
C:\Users\username\AppData\microsoft\windowsupdate\updatechecker.exe
C:\Users\username\AppData\regsvr.exe
C:\Users\username\AppData\syslog\syslog.exe
C:\Users\username\AppData\vbhost\vbhost.exe
C:\Users\username\AppData\winword016.exe
C:\Users\username\AppData\xmrigcpuu\affaseodg.exe
C:\Windows\AppCompat\Programs\System\mssm-cmm.exe
C:\Windows\System32\lnsecsl.exe
C:\Windows\WinShell\WinSeven.exe
C:\Windows\dfgurey.exe
C:\Windows\imesrv.exe
C:\Windows\sdddgjhdsghsd.exe

Trending

Most Viewed

Loading...