Threat Database Trojans Trojan.Bitcoinminer

Trojan.Bitcoinminer

By GoldSparrow in Trojans

Threat Scorecard

Ranking: 41
Threat Level: 80 % (High)
Infected Computers: 1,559,548
First Seen: May 18, 2012
Last Seen: March 19, 2024
OS(es) Affected: Windows

Trojan.Bitcoinminer ScreenshotTrojan.Bitcoinminer is one of the detection names that have been associated with an executable file named 'indexer.exe' that is used to mine BitCoins and FeatherCoins. Trojan.Bitcoinminer will be installed in a hidden directory in the AppData directory on the infected computer. Trojan.Bitcoinminer will mine Bitcoins using the infected computer's resources. Cryptocurrency mining can be extremely demanding on a computer's resources, making it overheat, perform poorly and consume more power. While BitCoin mining is a legitimate activity, Trojan.Bitcoinminer is used by on artists to take advantage of a victim's computer to mine BitCoins or another cryptocurrency, then keeping the profits generated at the expense of the victim's computer. While mining BitCoins with a single computer is rarely profitable, the people that distribute Trojan.Bitcoinminer and similar Trojans will take advantage of the combined resources of numerous infected computers by mining BitCoins and keeping the proceeds. Many Trojan.Bitcoinminer infections have been spotted in Russia, Ukraine and Indonesia currently.

How Trojan.Bitcoinminer may be Delivered

The most common way in which Trojan.Bitcoinminer may enter a computer is through fake software downloads and updates. Con artists may hide threats like Trojan.Bitcoinminer inside software and media files distributed online. Victims will download them from shady websites and the install Trojan.Bitcoinminer on their computers without being aware of it. The fact is that Trojan.Bitcoinminer will not alert the victims that their computers are infected such as a notification or interfere in any way. However, Trojan.Bitcoinminer will use up more than three-quarters of the infected computer's processing power for mining cryptocurrency. Victims of the Trojan.Bitcoinminer attack will, therefore, realize that their computers run extremely slowly and become unresponsive or unstable frequently. Additionally, it is not uncommon for threats like Trojan.Bitcoinminer to conflict with the victim's computer, causing various performance issues and preventing other software from functioning properly.

The Trojan.Bitcoinminer Infection and Its Related Symptoms

There are several symptoms that may indicate that your computer has been infected with Trojan.Bitcoinminer. Computer users have reported that most software, including email clients, will become unresponsive, freeze or crash frequently. Some software, especially Internet browsers, will fail to open completely and many files will fail to load. When victims attempt to use the infected computer to view a video or listen to music, this will have stuttering or altered playback, stopping and not resulting in a functional experience frequently. One typical problem associated with Trojan.Bitcoinminer will happen when typing. Computer users may notice that their keyboard inputs have a delay, especially on word processing programs. This indicates that a large portion of the infected computer's resources is being used. These symptoms may occur if victims are attempting to use a program that requires lots of resources (for example, for rendering a high-quality video). In this case, however, it's Trojan.Bitcoinminer that is using up the system's resources to mine cryptocurrency.

General Recommendations Related to Trojan.Bitcoinminer

Victims of Trojan.Bitcoinminer may notice 'indexer.exe' listed in the Task Manager. This is almost always an indicator of a Trojan.Bitcoinminer infection and requires action from the computer user. However, 'indexer.exe' is not the only name used by this BitCoin miner. PC security researchers advise computer users to remain vigilant, since other variants of Trojan.Bitcoinminer with different file names may appear. Malware investigators recommend that computer users use a security program to remove Trojan.Bitcoinminer and other threats. If your computer continues to show symptoms, it is important to use a different anti-virus program to ensure that the Trojan.Bitcoinminer infection or any related threat has been found (in some cases, other components may prevent its removal). The following are other names by which Trojan.Bitcoinminer may be detected:

  • PUP.Optional.Bitminer
  • RDN/Generic.dx!cxt
  • Riskware.Win32.BtcMine.cnywcu
  • Tool.BtcMine.157
  • Trojan ( 0048fd0e1 )
  • Trojan.Win32.Generic!BT
  • Trojan.Win32.S.BitMiner.932352
  • W32/Trojan.PBJZ-2853
  • Win32/BitCoinMiner.AS
  • Win32/Trojan.Multi.daf

SpyHunter Detects & Remove Trojan.Bitcoinminer

File System Details

Trojan.Bitcoinminer may create the following file(s):
# File Name MD5 Detections
1. optimization.exe cb77f063286ca531454f87c4acd6c990 1,010
2. ServiceHub.CLR.x64.exe 4a8982935d9fd546297141fc7d81bf63 624
3. services64.exe 63703ea195bf16c8ad4f37177171de12 215
4. Roaming/GameService2/service.exe 025ef509839a563c88b5409c7e17226e 148
5. 3f70a0a3669cf11f8e4bff5d61c758bdce53baf22d9244dc0db0fe66262d7a34 b5e6b2c92cced7cbe825b5ddfd577291 70
6. vcservice.exe 468f91ff2774a8484faa49ae63bbbbec 46
7. 29cf036480b6.dll 77ba4a18ef8719c2f218e87dfdcba58f 30
8. zcoin-qt.exe 20f333c444ebe1d7ecdb744296b4d2ea 18
9. sppsvc.exe 8491a3f6c096bd19310d1e899fad94f5 18
10. services64.exe 5a08778a59789474932e7b14d7effe24 14
11. osdmnus.exe 4caf60213aebb70e4ea983a3141ef5bc 10
12. services64.exe cda1aa8b92f4f1f6eb7f0e2293fb41bf 10
13. XMR Silent Miner by Tigerzplace.exe 4c624ced3b2e239cf9c6b6488c37d97e 8
14. services64.exe 476bcd9e66d06651a37cf588de4e9228 8
15. services64.exe d915eb706a9ad54f27c85a84e2a75704 7
16. services64.exe 38eb4933c8e20922767a048147216c1e 7
17. Desktop-64.exe 2c9550a1516bcc5590379fb0e968118b 6
18. ja.exe a06f3792c7e517bca2f7b7e519630f07 6
19. services64.exe ac1858b76946d2e020ae43f7b6e0495d 5
20. skinsunlocked.exe f1a545f5d7a0443cc0bded7704c1022e 4
21. services64.exe e9eaa08be20f5400a6b1690f77ec2858 3
22. services64.exe c02209a8a6d41787b6f8408b68337a65 3
23. service.exe 1e9f5d2feffeca445c5ddf1c3854e0e5 3
24. Update.exe f1dcd42899ff80dd03925b3e5c4ea81e 3
25. services64.exe c1c38b9e03e2243a9bbe766d6aaa1b9a 2
26. services64.exe 8ede703abe476280aa7a19ef70cda9d4 2
27. services64.exe 9bd9a85ef25e55df371cd8d9bb717492 2
28. services64.exe 4ce11aab13eac647a62d628923530b31 2
29. services64.exe 4bd2a4b6ffd91f7c4ddc8b2eb2daa105 2
30. service.exe f7a86d16bc207b5c867bdd4e39b726f7 2
More files

Registry Details

Trojan.Bitcoinminer may create the following registry entry or registry entries:
File name without path
32xmrig.exe
64xmrig.exe
cpuminer-gw64.exe
cpuminer-sse2.exe
DOC001.exe
IdlingBuddy.lnk
IMG001.exe
img002.exe
nbminer.exe
nheqminer.exe
nheqminer32.exe
NsCpuCNMiner32.exe
NsCpuCNMiner64.exe
NsGpuCNMiner.exe
xmrig-amd.exe
xmrig-notls.exe
xmrig-nvidia.exe
Regexp file mask
%ALLUSERSPROFILE%\Application Data\NVIDIA_cure.exe
%ALLUSERSPROFILE%\DriversI\intel.exe
%ALLUSERSPROFILE%\esif.exe
%ALLUSERSPROFILE%\flash\msacuil.exe
%ALLUSERSPROFILE%\Framework\System.exe
%ALLUSERSPROFILE%\GS_Svc.exe
%ALLUSERSPROFILE%\Intel(R) Management\intel[RANDOM CHARACTERS].exe
%ALLUSERSPROFILE%\Intel(R) Management\run.exe
%ALLUSERSPROFILE%\Komar.exe
%ALLUSERSPROFILE%\Mbvhost.exe
%ALLUSERSPROFILE%\Microsoft\Defender\jusched_srv.exe
%ALLUSERSPROFILE%\Microsoft\Security Windows\svshost.exe
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\DOC001.exe
%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup\winhost.exe
%ALLUSERSPROFILE%\MicrosoftCare.exe
%ALLUSERSPROFILE%\NVIDIA_cure.exe
%ALLUSERSPROFILE%\olly.exe
%ALLUSERSPROFILE%\onedrive.exe
%ALLUSERSPROFILE%\Roamer.exe
%ALLUSERSPROFILE%\run[NUMBERS].exe
%ALLUSERSPROFILE%\Skype\chrome.exe
%ALLUSERSPROFILE%\Skype\msacuil.exe
%ALLUSERSPROFILE%\SQLEXPRESS_X64_86.exe
%ALLUSERSPROFILE%\System32\Logs\ShellExperienceHost.exe
%ALLUSERSPROFILE%\VsTelemetry\vshub.exe
%ALLUSERSPROFILE%\windowsservices\helper.vbs
%ALLUSERSPROFILE%\zun.exe
%APPDATA%\1.cmd
%APPDATA%\2.cmd
%APPDATA%\32.exe
%APPDATA%\Adobe\Flash Player\MediaCache\IEMonitor.exe
%APPDATA%\Adobe\Share\AMDshare.exe
%APPDATA%\Adobe\Share\Launcher.exe
%APPDATA%\Adobe\Share\NVIDIAshare.exe
%APPDATA%\Adobe\Share\Share[NUMBERS].exe
%APPDATA%\Adobe\syssl.exe
%APPDATA%\Adobe\Updater6\AdobeService.exe
%APPDATA%\Alxi\Alxi.vbs
%appdata%\appcontainer\storage\microsoft.microsoftedge_8wekyb3d8bbwe\children\001\internet settings\guard.exe
%appdata%\appcontainer\storage\microsoft.microsoftedge_8wekyb3d8bbwe\children\001\internet settings\sysclc.exe
%APPDATA%\appmgr\appmgr.exe
%APPDATA%\Architecture\member\Systemcore.exe
%APPDATA%\coinutil.dll
%APPDATA%\crmsvc.exe
%APPDATA%\DirectX\DirectX.vbs
%APPDATA%\documents\imonitor.exe
%APPDATA%\driver\driver.exe
%APPDATA%\etctool\etc.vbs
%APPDATA%\Filosof\Filosof.vbs
%APPDATA%\FireFox\launcher\Systemcore.exe
%appdata%\google\chrome\user data\spool.exe
%APPDATA%\GoogleUpdater.exe
%APPDATA%\Idle\Idle.exe
%APPDATA%\Images\image.exe
%APPDATA%\Images\images.exe
%APPDATA%\isaa.exe
%APPDATA%\Java\x86-64bits Windows\Config-DefaultMain\SysUtils SDK v2.49\svhcost.exe
%APPDATA%\Launcher_01.exe
%APPDATA%\Launcher_08.exe
%APPDATA%\libraries\MicrosoftRuntimeUpdate.vbe
%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\SyncCheck.exe
%APPDATA%\Mama\mama.vbs
%APPDATA%\mcrserver.exe
%APPDATA%\MicroMon\curl.exe
%APPDATA%\Microsoft\msconfig.exe
%APPDATA%\Microsoft\office\dllchost.exe
%APPDATA%\Microsoft\Windows Protect\winprotect.exe
%APPDATA%\Microsoft\Windows\CPU\taskhost.exe
%APPDATA%\Microsoft\Windows\Helper.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\AudioDriver.url
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Browge.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Check for updates.bat
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\fBCjxCDztG.url
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\GoogleCrashHandlerws.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\IeServise.lnk
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\key.exe
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\miner.exe.url
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\OneMisc.vbs
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\rara.vbs
%APPDATA%\Microsoft\Windows\winhost.exe
%APPDATA%\MicrosoftViewer.exe
%APPDATA%\miner-x64.exe
%APPDATA%\miner.dll
%APPDATA%\rarog.exe
%APPDATA%\Roamer.exe
%APPDATA%\RunSpeed\RunSpeed.vbs
%APPDATA%\Sasha\Sasha.vbs
%APPDATA%\SearchProtocolHosts.exe
%APPDATA%\server\minergate.exe
%APPDATA%\server\runhosts.exe
%APPDATA%\svc\svc.exe
%APPDATA%\System\etp.exe
%APPDATA%\systemcare-ppi-ul5.dll
%APPDATA%\systemcare.exe
%APPDATA%\SystemProcess\SystemProcess.exe
%APPDATA%\taskmg.exe
%APPDATA%\TeleMetric\TeleMetric.exe
%APPDATA%\Temp\DOC001.exe
%APPDATA%\Updater\localversion.txt
%APPDATA%\Updater\Update.cmd
%APPDATA%\Valit\jukov.vbs
%APPDATA%\Valit\lera.vbs
%APPDATA%\Valit\Valit.vbs
%APPDATA%\vfc\ffmpeg\task.exe
%APPDATA%\windows-ppi-ul5.dll
%APPDATA%\WindowsApps\CPU1\intel1.exe
%APPDATA%\WindowsApps\CPU\intel.exe
%APPDATA%\WindowsApps\taskwint.exe
%APPDATA%\WindowsApps\winitex.exe
%APPDATA%\winhost.exe
%APPDATA%\winlog.exe
%APPDATA%\winlog.vbs
%APPDATA%\WinRAR\Precomp\precomp.exe
%APPDATA%\xmrig[NUMBERS].exe
%APPDATA%\Zara\zara.vbs
%COMMONPROGRAMFILES%\System\svchost.exe
%COMMONPROGRAMFILES(x86)%\new.bat
%HOMEDRIVE%\Applications\cmdsrvs.exe
%HOMEDRIVE%\Applications\Service.exe
%HOMEDRIVE%\Applications\websock.exe
%HOMEDRIVE%\ASD\cpuminer-sse2.exe
%HOMEDRIVE%\ASD\nh.exe
%HOMEDRIVE%\backupsys\pow32.bat
%HOMEDRIVE%\backupsys\system.bat
%HOMEDRIVE%\backupsys\taskmgr32.exe
%HOMEDRIVE%\backupsys\window[NUMBERS].vbs
%HOMEDRIVE%\browse\browse.exe
%HOMEDRIVE%\Browse\cmdsrvs.exe
%HOMEDRIVE%\Disk\cmdsvr.exe
%HOMEDRIVE%\Disk\securedisk.exe
%HOMEDRIVE%\Disk\WebService.exe
%HOMEDRIVE%\DOC001.exe
%HOMEDRIVE%\images.scr
%HOMEDRIVE%\intel\setup.vbs
%HOMEDRIVE%\MSOCache\svchost.exe
%HOMEDRIVE%\WindowsData\hostdl.exe
%LOCALAPPDATA%\amd\amd_accelerator.exe
%LOCALAPPDATA%\Explorer Data\msiexec64.exe
%LOCALAPPDATA%\Intel\iaa23.exe
%LOCALAPPDATA%\Intel\iap23.dll
%localappdata%\intel\iii.pl
%localappdata%\intel\iii.zip
%LOCALAPPDATA%\Intel\imgre.exe
%LOCALAPPDATA%\Intel\intelmngr.exe
%LOCALAPPDATA%\Intel\management.db
%localappdata%\intel\red.dll
%LOCALAPPDATA%\isaa.exe
%LOCALAPPDATA%\Optimizer\Optimizer.exe
%LOCALAPPDATA%\Roamer.exe
%LOCALAPPDATA%\smartstats\smassvc.exe
%LOCALAPPDATA%\SQLite\SQLManager.exe
%LOCALAPPDATA%\SQLite\wincpu.exe
%PROGRAMFILES%\SQLite\SQLManager.exe
%PROGRAMFILES(x86)%\SQLite\SQLManager.exe
%PROGRAMFILES(x86)%\SQLite\wincpu.exe
%PUBLIC%\documents\documentsindex.dll
%PUBLIC%\Libraries\wsappx.exe
%TEMP%\DrToolKrl.sys
%TEMP%\hiddengate.exe
%TEMP%\isaa.exe
%TEMP%\Kilence.exe
%TEMP%\Roamer.exe
%TEMP%\wup\wup.exe
%TEMP%\xmrig.exe
%TEMP%\ytmp\t[NUMBERS].[RANDOM CHARACTERS]
%USERPROFILE%\Documents\xmrig.exe
%USERPROFILE%\NVDisplay.exe
%WINDIR%\deftesrg.exe
%WINDIR%\fonts\conhost.exe
%WINDIR%\Fonts\MsEssentialSecurity.exe
%WINDIR%\Fonts\svchost.exe
%WINDIR%\HS_Svc.exe
%WINDIR%\IIS\crss.exe
%WINDIR%\ime\rescv.exe
%WINDIR%\inf\msief.exe
%WINDIR%\installer\patchcach\systemnt.exe
%WINDIR%\jb-JP\spools.exe
%WINDIR%\LiveKernel\SRPolicySvc.exe
%WINDIR%\mcfg\mcfg.exe
%WINDIR%\microsoft.net\framework64\v4.0.30319\gpsrv.exe
%WINDIR%\mscsuscr.exe
%WINDIR%\nv\NvProfileUpdater64.exe
%WINDIR%\nvidia\NvUpdater64.exe
%WINDIR%\scsktsvc.exe
%WINDIR%\servime.exe
%WINDIR%\Sys64\starter.exe
%WINDIR%\Sys\taskmgr.exe
%WINDIR%\System32\config\systemprofile\AppData\Roaming\Microsoft\cred.ps1
%WINDIR%\system32\dllhostex.exe
%WINDIR%\System32\drivers\etc\svchost.exe
%WINDIR%\system32\MaintenancesServices.dll
%WINDIR%\System32\mcicda32.dll
%WINDIR%\system32\mcicda64.dll
%WINDIR%\system32\SecUpdateHost.exe
%WINDIR%\system32\Tasks\CPUSpeed
%WINDIR%\system32\Tasks\GPUSpeed
%WINDIR%\System32\Tasks\RestoreRevTask
%WINDIR%\System32\Tasks\UpdaterChromeApp[RANDOM CHARACTERS]
%WINDIR%\system32\TasksHostServices.exe
%WINDIR%\system32\vmichapagentsrv.dll
%WINDIR%\system32\werlfault.exe
%WINDIR%\System32\windfn.exe
%WINDIR%\system32\wmassrv.dll
%WINDIR%\system32\WUDHostServices.exe
%WINDIR%\SysWOW64\HS\Client.exe
%WINDIR%\SysWOW64\HS\HS_Svc.exe
%WINDIR%\TEMP\32x64.exe
%WINDIR%\TEMP\amdxx64.exe
%WINDIR%\TEMP\antspywares.exe
%WINDIR%\TEMP\av64n.exe
%WINDIR%\TEMP\nvi864.exe
%Windir%\temp\y1.bat
%WINDIR%\wdf\wdf.exe
%WINDIR%\window.exe
%WINDIR%\wmi\WmiPrvSE.exe
%WINDIR%\WmiPrvSE.exe
%WINDIR%\wmu2\wininit.exe
%WINDIR%\wolf\minerw{0,1}.exe
%WINDIR%\xmrig[NUMBERS].exe
Software\Ashampoo\Ashampoo Gadge It\PQwick
SOFTWARE\IdleBuddy
SOFTWARE\idledbuddy
Software\idlenessbuddy
SOFTWARE\idlingbuddy
SOFTWARE\Jetmedia
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CPUSpeed
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUSpeed
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RestoreRevTask
Software\Microsoft\Windows\CurrentVersion\Run\AVAADA
Software\Microsoft\Windows\CurrentVersion\Run\PQwick
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ShellExperienceHost
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vnlgp
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zminer
SOFTWARE\Native System Provider
SOFTWARE\SystemaRev
Software\VideoDrivers
SOFTWARE\Wow6432Node\IdleBuddy
SOFTWARE\Wow6432Node\idledbuddy
SOFTWARE\Wow6432Node\idlenessbuddy
SOFTWARE\Wow6432Node\idlingbuddy
SOFTWARE\Wow6432Node\Jetmedia
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\vnlgp
SOFTWARE\Wow6432Node\Native System Provider
SYSTEM\ControlSet001\Services\AdobeFlashPlayerHash
SYSTEM\ControlSet001\Services\DirectX11b
SYSTEM\ControlSet001\Services\MinerGate
SYSTEM\ControlSet001\services\NativeDesktopMediaService
SYSTEM\ControlSet002\Services\AdobeFlashPlayerHash
SYSTEM\ControlSet002\Services\DirectX11b
SYSTEM\ControlSet002\Services\MinerGate
SYSTEM\ControlSet002\services\NativeDesktopMediaService
SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerHash
SYSTEM\CurrentControlSet\Services\DirectX11b
SYSTEM\CurrentControlSet\Services\MinerGate
System\CurrentControlSet\Services\NativeDesktopMediaService
Altruistic
bridlebuddles
Id_Buddy
IdBuddy
idle--buddy
IdleBuddy
idledbuddy
idlenessbuddy
IdlingBuddy
overidlebuddies
PQwick
{0854AE3A-3A63-4BC6-BE20-F4185D343B5A}_is1
{4A91D8B3-712F-4815-B29B-E610008C4704}
{4CF9B388-78FA-46C3-B409-196FE2CF5F20}
{BEA0F17A-FD14-4646-8138-30994D87948A}_is1
{C2AA50F8-B1B8-4A40-BC18-E6CAB19DC0ED}_is1
{EC27A18E-53F3-4434-B08D-26C3E751C50F}
{FC44DE72-60F9-4BC1-B098-D2F6B5A06187}

Directories

Trojan.Bitcoinminer may create the following directory or directories:

%ALLUSERSPROFILE%\Application Data\clr_optimization_v4.0.30318_64
%ALLUSERSPROFILE%\Application Data\clr_optimization_v4.0.52760_64
%ALLUSERSPROFILE%\Application Data\wrdjdgyrmg
%ALLUSERSPROFILE%\AudioDriver
%ALLUSERSPROFILE%\DirectX11b
%ALLUSERSPROFILE%\Flashas
%ALLUSERSPROFILE%\Flashe
%ALLUSERSPROFILE%\FrameworkHostPro
%ALLUSERSPROFILE%\Guard Tool
%ALLUSERSPROFILE%\Guardm
%ALLUSERSPROFILE%\Haalety
%ALLUSERSPROFILE%\Intel(R)Usb3.0
%ALLUSERSPROFILE%\IntelD
%ALLUSERSPROFILE%\JetMedia
%ALLUSERSPROFILE%\Logiteh
%ALLUSERSPROFILE%\Micro Foundation 7
%ALLUSERSPROFILE%\MicrosoftCorporation
%ALLUSERSPROFILE%\ModuleGS
%ALLUSERSPROFILE%\PhysicalDeviceAdapter
%ALLUSERSPROFILE%\SRAPO64srrstr
%ALLUSERSPROFILE%\ServiceProfiles
%ALLUSERSPROFILE%\Systema Natives
%ALLUSERSPROFILE%\SystemaRev
%ALLUSERSPROFILE%\Systemfiles
%ALLUSERSPROFILE%\Task.Manager.Helper
%ALLUSERSPROFILE%\UHASecurity
%ALLUSERSPROFILE%\Windows64
%ALLUSERSPROFILE%\WindowsAppCertification
%ALLUSERSPROFILE%\clr_optimization_v4.0.30318_64
%ALLUSERSPROFILE%\eizzbvEmWK
%ALLUSERSPROFILE%\flashes
%ALLUSERSPROFILE%\flashi
%ALLUSERSPROFILE%\hkrfjnygtg
%ALLUSERSPROFILE%\lpmti
%ALLUSERSPROFILE%\mg32
%ALLUSERSPROFILE%\playersclub
%ALLUSERSPROFILE%\securityhealth
%ALLUSERSPROFILE%\sqlncli11imageres
%ALLUSERSPROFILE%\task
%ALLUSERSPROFILE%\wincss
%ALLUSERSPROFILE%\wintcpautoproxysvc
%ALLUSERSPROFILE%\wrdjdgyrmg
%ALLUSERSPROFILE%\zvmimcgqez
%ALLUSERSPROFILE%\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87}
%ALLUSERSPROFILE%\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8}
%APPDATA%\8mFuF
%APPDATA%\AMDProcess
%APPDATA%\Adobe32
%APPDATA%\Adobe32x64
%APPDATA%\Alix
%APPDATA%\Aplfone
%APPDATA%\AsCDPro
%APPDATA%\AudioHDriver
%APPDATA%\Auto1Feed
%APPDATA%\DPTopologyApp
%APPDATA%\Defender
%APPDATA%\Dibifu_9
%APPDATA%\Faqelo
%APPDATA%\Fujelo
%APPDATA%\Google\GoogleUpdates
%APPDATA%\IdleProcess
%APPDATA%\Ie1Servise
%APPDATA%\IeMiss2
%APPDATA%\IeServise
%APPDATA%\Logiteh
%APPDATA%\Maik
%APPDATA%\Microsoft Help\hs_module
%APPDATA%\Microsoft\Windows\Start Menu\Programs\IdleBuddy
%APPDATA%\Microsoft\Windows\Start Menu\Programs\id_buddy
%APPDATA%\Microsoft\Windows\Start Menu\Programs\idle--buddy
%APPDATA%\Miicrosoft
%APPDATA%\MingC
%APPDATA%\Nanera
%APPDATA%\Olesya
%APPDATA%\OneMisc
%APPDATA%\RarZip
%APPDATA%\Sorsur
%APPDATA%\Svcms
%APPDATA%\Sysfiles
%APPDATA%\System Process
%APPDATA%\Systema Natives
%APPDATA%\SystemaRev
%APPDATA%\TelemetricSys
%APPDATA%\Vatico
%APPDATA%\Versions Watcher
%APPDATA%\Vive
%APPDATA%\WinZIP_32
%APPDATA%\WindowsFirewall
%APPDATA%\WindowsHelp
%APPDATA%\Windows_x64_nheqminer-5c
%APPDATA%\ZSystemDll
%APPDATA%\adobe\nvv8
%APPDATA%\adobe\x64e
%APPDATA%\adobe\x64r
%APPDATA%\adobe\x64rx
%APPDATA%\brhost
%APPDATA%\bvhost
%APPDATA%\com.flash.WidgetBrowser
%APPDATA%\com_shell
%APPDATA%\jetmedia
%APPDATA%\jsonminify
%APPDATA%\jswUpdate
%APPDATA%\mercya
%APPDATA%\microsoft\teamviewer
%APPDATA%\myinstall
%APPDATA%\rundll32.exe
%APPDATA%\shell\0\0\0\0\0\googlerec
%APPDATA%\sppui
%APPDATA%\svhost
%APPDATA%\systemdata\searcher
%APPDATA%\uconhosts
%APPDATA%\vbhost
%APPDATA%\vghost
%APPDATA%\winrar_tools
%APPDATA%\x11
%APPDATA%\xBooster
%APPDATA%\xmlframwork
%APPDATA%\xszman
%AppData%\AsToolCD
%AppData%\ClearMe
%AppData%\Microsoft\Protect\Upd64
%AppData%\MineCor
%Appdata%\Avira Antivir
%COMMONPROGRAMFILES%\myinstall
%COMMONPROGRAMFILES(x86)%\myinstall
%HOMEDRIVE%\Chrome\XMR
%HOMEDRIVE%\Users\Default\AppData\Roaming\System
%HOMEDRIVE%\XMR
%HOMEDRIVE%\dapp
%HOMEDRIVE%\ness\miner
%LOCALAPPDATA%\ESET-NOD32
%LOCALAPPDATA%\Logiteh
%LOCALAPPDATA%\Roaming\Cache
%LOCALAPPDATA%\cypjMERAky
%LOCALAPPDATA%\minergate-cli
%PROGRAMFILES%\BRTSvc
%PROGRAMFILES%\IdBuddy
%PROGRAMFILES%\Idle-Buddy
%PROGRAMFILES%\IdleBuddy
%PROGRAMFILES%\Jetmedia
%PROGRAMFILES%\LaCie Private Public
%PROGRAMFILES%\PQwick1.1
%PROGRAMFILES%\System Native\Main Services
%PROGRAMFILES%\SystemNanoPacks
%PROGRAMFILES%\Systema Natives\MServices X
%PROGRAMFILES%\SystemaRev
%PROGRAMFILES%\SystemaRev\RevServicesX
%PROGRAMFILES%\bridlebuddles
%PROGRAMFILES%\ibuddy
%PROGRAMFILES%\id_buddy
%PROGRAMFILES%\idle--buddy
%PROGRAMFILES%\idledbuddy
%PROGRAMFILES%\idlenessbuddy
%PROGRAMFILES%\idlingbuddy
%PROGRAMFILES%\inteldriverpack
%PROGRAMFILES%\jsstmedia
%PROGRAMFILES%\overidlebuddies
%PROGRAMFILES(x86)%\BRTSvc
%PROGRAMFILES(x86)%\Hardware Driver Management
%PROGRAMFILES(x86)%\IdBuddy
%PROGRAMFILES(x86)%\Idle-Buddy
%PROGRAMFILES(x86)%\IdleBuddy
%PROGRAMFILES(x86)%\Jetmedia
%PROGRAMFILES(x86)%\LaCie Private Public
%PROGRAMFILES(x86)%\PQwick1.1
%PROGRAMFILES(x86)%\System Native\Main Services
%PROGRAMFILES(x86)%\SystemaRev
%PROGRAMFILES(x86)%\bridlebuddles
%PROGRAMFILES(x86)%\ibuddy
%PROGRAMFILES(x86)%\id_buddy
%PROGRAMFILES(x86)%\idle--buddy
%PROGRAMFILES(x86)%\idledbuddy
%PROGRAMFILES(x86)%\idlenessbuddy
%PROGRAMFILES(x86)%\jsstmedia
%PROGRAMFILES(x86)%\overidlebuddies
%Public%\Avast! -Antivirus
%TEMP%\WindowsData1
%TEMP%\WindowsTask
%USERPROFILE%\Documents\TransactionServices Inc
%USERPROFILE%\OneDrive\Documents\SystemServices Inc
%USERPROFILE%\OneDrive\Documents\TransactionServices Inc
%WINDIR%\HashStrem
%WINDIR%\SysWOW64\HS\hs_module
%WINDIR%\SysWOW64\xmr64
%WINDIR%\System32\Tasks\Microsoft\Windows\sysem\ssrec\a
%WINDIR%\fonts\cao
%WINDIR%\hs_module
%WINDIR%\speechstracing
%WINDIR%\system32\HS\hs_module
%WINDIR%\system32\SecureBootThemes
%WINDIR%\system32\SysprepThemes
%WINDIR%\system32\config\systemprofile\Documents\TransactionServices Inc
%WINDIR%\system32\config\systemprofile\appdata\local\bjihiwsdsu
%WINDIR%\syswow64\config\systemprofile\appdata\local\bjihiwsdsu
%WINDIR%\wdms
%WINDIR%\{DE03ECBA-2A77-438C-8243-0AF592BDBB20}
%allusersprofile%\altruistic
%appdata%\VideoDrivers
%appdata%\appcontainer\storage\microsoft.microsoftedge_8wekyb3d8bbwe\children\001\internet settings\cpu
%appdata%\silent
%appdata%\wow64_microsoft-windows-vssproxystub
%appdata%\zgs
%homedrive%\0_miner_mondero
%localappdata%\TMeter
%programfiles%\Altrst
%programfiles%\Altst
%programfiles%\altruist
%programfiles%\altruistic
%programfiles%\altruistics
%windir%\pcdata

Related Posts

Trending

Most Viewed

Loading...