Trojan.Bitcoinminer
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 41 |
Threat Level: | 80 % (High) |
Infected Computers: | 1,559,548 |
First Seen: | May 18, 2012 |
Last Seen: | March 19, 2024 |
OS(es) Affected: | Windows |
Trojan.Bitcoinminer is one of the detection names that have been associated with an executable file named 'indexer.exe' that is used to mine BitCoins and FeatherCoins. Trojan.Bitcoinminer will be installed in a hidden directory in the AppData directory on the infected computer. Trojan.Bitcoinminer will mine Bitcoins using the infected computer's resources. Cryptocurrency mining can be extremely demanding on a computer's resources, making it overheat, perform poorly and consume more power. While BitCoin mining is a legitimate activity, Trojan.Bitcoinminer is used by on artists to take advantage of a victim's computer to mine BitCoins or another cryptocurrency, then keeping the profits generated at the expense of the victim's computer. While mining BitCoins with a single computer is rarely profitable, the people that distribute Trojan.Bitcoinminer and similar Trojans will take advantage of the combined resources of numerous infected computers by mining BitCoins and keeping the proceeds. Many Trojan.Bitcoinminer infections have been spotted in Russia, Ukraine and Indonesia currently.
Table of Contents
How Trojan.Bitcoinminer may be Delivered
The most common way in which Trojan.Bitcoinminer may enter a computer is through fake software downloads and updates. Con artists may hide threats like Trojan.Bitcoinminer inside software and media files distributed online. Victims will download them from shady websites and the install Trojan.Bitcoinminer on their computers without being aware of it. The fact is that Trojan.Bitcoinminer will not alert the victims that their computers are infected such as a notification or interfere in any way. However, Trojan.Bitcoinminer will use up more than three-quarters of the infected computer's processing power for mining cryptocurrency. Victims of the Trojan.Bitcoinminer attack will, therefore, realize that their computers run extremely slowly and become unresponsive or unstable frequently. Additionally, it is not uncommon for threats like Trojan.Bitcoinminer to conflict with the victim's computer, causing various performance issues and preventing other software from functioning properly.
The Trojan.Bitcoinminer Infection and Its Related Symptoms
There are several symptoms that may indicate that your computer has been infected with Trojan.Bitcoinminer. Computer users have reported that most software, including email clients, will become unresponsive, freeze or crash frequently. Some software, especially Internet browsers, will fail to open completely and many files will fail to load. When victims attempt to use the infected computer to view a video or listen to music, this will have stuttering or altered playback, stopping and not resulting in a functional experience frequently. One typical problem associated with Trojan.Bitcoinminer will happen when typing. Computer users may notice that their keyboard inputs have a delay, especially on word processing programs. This indicates that a large portion of the infected computer's resources is being used. These symptoms may occur if victims are attempting to use a program that requires lots of resources (for example, for rendering a high-quality video). In this case, however, it's Trojan.Bitcoinminer that is using up the system's resources to mine cryptocurrency.
General Recommendations Related to Trojan.Bitcoinminer
Victims of Trojan.Bitcoinminer may notice 'indexer.exe' listed in the Task Manager. This is almost always an indicator of a Trojan.Bitcoinminer infection and requires action from the computer user. However, 'indexer.exe' is not the only name used by this BitCoin miner. PC security researchers advise computer users to remain vigilant, since other variants of Trojan.Bitcoinminer with different file names may appear. Malware investigators recommend that computer users use a security program to remove Trojan.Bitcoinminer and other threats. If your computer continues to show symptoms, it is important to use a different anti-virus program to ensure that the Trojan.Bitcoinminer infection or any related threat has been found (in some cases, other components may prevent its removal). The following are other names by which Trojan.Bitcoinminer may be detected:
- PUP.Optional.Bitminer
- RDN/Generic.dx!cxt
- Riskware.Win32.BtcMine.cnywcu
- Tool.BtcMine.157
- Trojan ( 0048fd0e1 )
- Trojan.Win32.Generic!BT
- Trojan.Win32.S.BitMiner.932352
- W32/Trojan.PBJZ-2853
- Win32/BitCoinMiner.AS
- Win32/Trojan.Multi.daf
SpyHunter Detects & Remove Trojan.Bitcoinminer
File System Details
# | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|---|
1. | optimization.exe | cb77f063286ca531454f87c4acd6c990 | 1,010 |
2. | ServiceHub.CLR.x64.exe | 4a8982935d9fd546297141fc7d81bf63 | 624 |
3. | services64.exe | 63703ea195bf16c8ad4f37177171de12 | 215 |
4. | Roaming/GameService2/service.exe | 025ef509839a563c88b5409c7e17226e | 148 |
5. | 3f70a0a3669cf11f8e4bff5d61c758bdce53baf22d9244dc0db0fe66262d7a34 | b5e6b2c92cced7cbe825b5ddfd577291 | 70 |
6. | vcservice.exe | 468f91ff2774a8484faa49ae63bbbbec | 46 |
7. | 29cf036480b6.dll | 77ba4a18ef8719c2f218e87dfdcba58f | 30 |
8. | zcoin-qt.exe | 20f333c444ebe1d7ecdb744296b4d2ea | 18 |
9. | sppsvc.exe | 8491a3f6c096bd19310d1e899fad94f5 | 18 |
10. | services64.exe | 5a08778a59789474932e7b14d7effe24 | 14 |
11. | osdmnus.exe | 4caf60213aebb70e4ea983a3141ef5bc | 10 |
12. | services64.exe | cda1aa8b92f4f1f6eb7f0e2293fb41bf | 10 |
13. | XMR Silent Miner by Tigerzplace.exe | 4c624ced3b2e239cf9c6b6488c37d97e | 8 |
14. | services64.exe | 476bcd9e66d06651a37cf588de4e9228 | 8 |
15. | services64.exe | d915eb706a9ad54f27c85a84e2a75704 | 7 |
16. | services64.exe | 38eb4933c8e20922767a048147216c1e | 7 |
17. | Desktop-64.exe | 2c9550a1516bcc5590379fb0e968118b | 6 |
18. | ja.exe | a06f3792c7e517bca2f7b7e519630f07 | 6 |
19. | services64.exe | ac1858b76946d2e020ae43f7b6e0495d | 5 |
20. | skinsunlocked.exe | f1a545f5d7a0443cc0bded7704c1022e | 4 |
21. | services64.exe | e9eaa08be20f5400a6b1690f77ec2858 | 3 |
22. | services64.exe | c02209a8a6d41787b6f8408b68337a65 | 3 |
23. | service.exe | 1e9f5d2feffeca445c5ddf1c3854e0e5 | 3 |
24. | Update.exe | f1dcd42899ff80dd03925b3e5c4ea81e | 3 |
25. | services64.exe | c1c38b9e03e2243a9bbe766d6aaa1b9a | 2 |
26. | services64.exe | 8ede703abe476280aa7a19ef70cda9d4 | 2 |
27. | services64.exe | 9bd9a85ef25e55df371cd8d9bb717492 | 2 |
28. | services64.exe | 4ce11aab13eac647a62d628923530b31 | 2 |
29. | services64.exe | 4bd2a4b6ffd91f7c4ddc8b2eb2daa105 | 2 |
30. | service.exe | f7a86d16bc207b5c867bdd4e39b726f7 | 2 |
Registry Details
Directories
Trojan.Bitcoinminer may create the following directory or directories:
%ALLUSERSPROFILE%\Application Data\clr_optimization_v4.0.30318_64 |
%ALLUSERSPROFILE%\Application Data\clr_optimization_v4.0.52760_64 |
%ALLUSERSPROFILE%\Application Data\wrdjdgyrmg |
%ALLUSERSPROFILE%\AudioDriver |
%ALLUSERSPROFILE%\DirectX11b |
%ALLUSERSPROFILE%\Flashas |
%ALLUSERSPROFILE%\Flashe |
%ALLUSERSPROFILE%\FrameworkHostPro |
%ALLUSERSPROFILE%\Guard Tool |
%ALLUSERSPROFILE%\Guardm |
%ALLUSERSPROFILE%\Haalety |
%ALLUSERSPROFILE%\Intel(R)Usb3.0 |
%ALLUSERSPROFILE%\IntelD |
%ALLUSERSPROFILE%\JetMedia |
%ALLUSERSPROFILE%\Logiteh |
%ALLUSERSPROFILE%\Micro Foundation 7 |
%ALLUSERSPROFILE%\MicrosoftCorporation |
%ALLUSERSPROFILE%\ModuleGS |
%ALLUSERSPROFILE%\PhysicalDeviceAdapter |
%ALLUSERSPROFILE%\SRAPO64srrstr |
%ALLUSERSPROFILE%\ServiceProfiles |
%ALLUSERSPROFILE%\Systema Natives |
%ALLUSERSPROFILE%\SystemaRev |
%ALLUSERSPROFILE%\Systemfiles |
%ALLUSERSPROFILE%\Task.Manager.Helper |
%ALLUSERSPROFILE%\UHASecurity |
%ALLUSERSPROFILE%\Windows64 |
%ALLUSERSPROFILE%\WindowsAppCertification |
%ALLUSERSPROFILE%\clr_optimization_v4.0.30318_64 |
%ALLUSERSPROFILE%\eizzbvEmWK |
%ALLUSERSPROFILE%\flashes |
%ALLUSERSPROFILE%\flashi |
%ALLUSERSPROFILE%\hkrfjnygtg |
%ALLUSERSPROFILE%\lpmti |
%ALLUSERSPROFILE%\mg32 |
%ALLUSERSPROFILE%\playersclub |
%ALLUSERSPROFILE%\securityhealth |
%ALLUSERSPROFILE%\sqlncli11imageres |
%ALLUSERSPROFILE%\task |
%ALLUSERSPROFILE%\wincss |
%ALLUSERSPROFILE%\wintcpautoproxysvc |
%ALLUSERSPROFILE%\wrdjdgyrmg |
%ALLUSERSPROFILE%\zvmimcgqez |
%ALLUSERSPROFILE%\{4FCEED6C-B7D9-405B-A844-C3DBF418BF87} |
%ALLUSERSPROFILE%\{CB28D9D3-6B5D-4AFA-BA37-B4AFAABF70B8} |
%APPDATA%\8mFuF |
%APPDATA%\AMDProcess |
%APPDATA%\Adobe32 |
%APPDATA%\Adobe32x64 |
%APPDATA%\Alix |
%APPDATA%\Aplfone |
%APPDATA%\AsCDPro |
%APPDATA%\AudioHDriver |
%APPDATA%\Auto1Feed |
%APPDATA%\DPTopologyApp |
%APPDATA%\Defender |
%APPDATA%\Dibifu_9 |
%APPDATA%\Faqelo |
%APPDATA%\Fujelo |
%APPDATA%\Google\GoogleUpdates |
%APPDATA%\IdleProcess |
%APPDATA%\Ie1Servise |
%APPDATA%\IeMiss2 |
%APPDATA%\IeServise |
%APPDATA%\Logiteh |
%APPDATA%\Maik |
%APPDATA%\Microsoft Help\hs_module |
%APPDATA%\Microsoft\Windows\Start Menu\Programs\IdleBuddy |
%APPDATA%\Microsoft\Windows\Start Menu\Programs\id_buddy |
%APPDATA%\Microsoft\Windows\Start Menu\Programs\idle--buddy |
%APPDATA%\Miicrosoft |
%APPDATA%\MingC |
%APPDATA%\Nanera |
%APPDATA%\Olesya |
%APPDATA%\OneMisc |
%APPDATA%\RarZip |
%APPDATA%\Sorsur |
%APPDATA%\Svcms |
%APPDATA%\Sysfiles |
%APPDATA%\System Process |
%APPDATA%\Systema Natives |
%APPDATA%\SystemaRev |
%APPDATA%\TelemetricSys |
%APPDATA%\Vatico |
%APPDATA%\Versions Watcher |
%APPDATA%\Vive |
%APPDATA%\WinZIP_32 |
%APPDATA%\WindowsFirewall |
%APPDATA%\WindowsHelp |
%APPDATA%\Windows_x64_nheqminer-5c |
%APPDATA%\ZSystemDll |
%APPDATA%\adobe\nvv8 |
%APPDATA%\adobe\x64e |
%APPDATA%\adobe\x64r |
%APPDATA%\adobe\x64rx |
%APPDATA%\brhost |
%APPDATA%\bvhost |
%APPDATA%\com.flash.WidgetBrowser |
%APPDATA%\com_shell |
%APPDATA%\jetmedia |
%APPDATA%\jsonminify |
%APPDATA%\jswUpdate |
%APPDATA%\mercya |
%APPDATA%\microsoft\teamviewer |
%APPDATA%\myinstall |
%APPDATA%\rundll32.exe |
%APPDATA%\shell\0\0\0\0\0\googlerec |
%APPDATA%\sppui |
%APPDATA%\svhost |
%APPDATA%\systemdata\searcher |
%APPDATA%\uconhosts |
%APPDATA%\vbhost |
%APPDATA%\vghost |
%APPDATA%\winrar_tools |
%APPDATA%\x11 |
%APPDATA%\xBooster |
%APPDATA%\xmlframwork |
%APPDATA%\xszman |
%AppData%\AsToolCD |
%AppData%\ClearMe |
%AppData%\Microsoft\Protect\Upd64 |
%AppData%\MineCor |
%Appdata%\Avira Antivir |
%COMMONPROGRAMFILES%\myinstall |
%COMMONPROGRAMFILES(x86)%\myinstall |
%HOMEDRIVE%\Chrome\XMR |
%HOMEDRIVE%\Users\Default\AppData\Roaming\System |
%HOMEDRIVE%\XMR |
%HOMEDRIVE%\dapp |
%HOMEDRIVE%\ness\miner |
%LOCALAPPDATA%\ESET-NOD32 |
%LOCALAPPDATA%\Logiteh |
%LOCALAPPDATA%\Roaming\Cache |
%LOCALAPPDATA%\cypjMERAky |
%LOCALAPPDATA%\minergate-cli |
%PROGRAMFILES%\BRTSvc |
%PROGRAMFILES%\IdBuddy |
%PROGRAMFILES%\Idle-Buddy |
%PROGRAMFILES%\IdleBuddy |
%PROGRAMFILES%\Jetmedia |
%PROGRAMFILES%\LaCie Private Public |
%PROGRAMFILES%\PQwick1.1 |
%PROGRAMFILES%\System Native\Main Services |
%PROGRAMFILES%\SystemNanoPacks |
%PROGRAMFILES%\Systema Natives\MServices X |
%PROGRAMFILES%\SystemaRev |
%PROGRAMFILES%\SystemaRev\RevServicesX |
%PROGRAMFILES%\bridlebuddles |
%PROGRAMFILES%\ibuddy |
%PROGRAMFILES%\id_buddy |
%PROGRAMFILES%\idle--buddy |
%PROGRAMFILES%\idledbuddy |
%PROGRAMFILES%\idlenessbuddy |
%PROGRAMFILES%\idlingbuddy |
%PROGRAMFILES%\inteldriverpack |
%PROGRAMFILES%\jsstmedia |
%PROGRAMFILES%\overidlebuddies |
%PROGRAMFILES(x86)%\BRTSvc |
%PROGRAMFILES(x86)%\Hardware Driver Management |
%PROGRAMFILES(x86)%\IdBuddy |
%PROGRAMFILES(x86)%\Idle-Buddy |
%PROGRAMFILES(x86)%\IdleBuddy |
%PROGRAMFILES(x86)%\Jetmedia |
%PROGRAMFILES(x86)%\LaCie Private Public |
%PROGRAMFILES(x86)%\PQwick1.1 |
%PROGRAMFILES(x86)%\System Native\Main Services |
%PROGRAMFILES(x86)%\SystemaRev |
%PROGRAMFILES(x86)%\bridlebuddles |
%PROGRAMFILES(x86)%\ibuddy |
%PROGRAMFILES(x86)%\id_buddy |
%PROGRAMFILES(x86)%\idle--buddy |
%PROGRAMFILES(x86)%\idledbuddy |
%PROGRAMFILES(x86)%\idlenessbuddy |
%PROGRAMFILES(x86)%\jsstmedia |
%PROGRAMFILES(x86)%\overidlebuddies |
%Public%\Avast! -Antivirus |
%TEMP%\WindowsData1 |
%TEMP%\WindowsTask |
%USERPROFILE%\Documents\TransactionServices Inc |
%USERPROFILE%\OneDrive\Documents\SystemServices Inc |
%USERPROFILE%\OneDrive\Documents\TransactionServices Inc |
%WINDIR%\HashStrem |
%WINDIR%\SysWOW64\HS\hs_module |
%WINDIR%\SysWOW64\xmr64 |
%WINDIR%\System32\Tasks\Microsoft\Windows\sysem\ssrec\a |
%WINDIR%\fonts\cao |
%WINDIR%\hs_module |
%WINDIR%\speechstracing |
%WINDIR%\system32\HS\hs_module |
%WINDIR%\system32\SecureBootThemes |
%WINDIR%\system32\SysprepThemes |
%WINDIR%\system32\config\systemprofile\Documents\TransactionServices Inc |
%WINDIR%\system32\config\systemprofile\appdata\local\bjihiwsdsu |
%WINDIR%\syswow64\config\systemprofile\appdata\local\bjihiwsdsu |
%WINDIR%\wdms |
%WINDIR%\{DE03ECBA-2A77-438C-8243-0AF592BDBB20} |
%allusersprofile%\altruistic |
%appdata%\VideoDrivers |
%appdata%\appcontainer\storage\microsoft.microsoftedge_8wekyb3d8bbwe\children\001\internet settings\cpu |
%appdata%\silent |
%appdata%\wow64_microsoft-windows-vssproxystub |
%appdata%\zgs |
%homedrive%\0_miner_mondero |
%localappdata%\TMeter |
%programfiles%\Altrst |
%programfiles%\Altst |
%programfiles%\altruist |
%programfiles%\altruistic |
%programfiles%\altruistics |
%windir%\pcdata |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.