Other issues in this category (70)
A mining problem
Monday, June 1, 2020
A user contacted our technical support service because his important files were lost for some reason. As it turned out, the file loss was caused by a hard disk failure. But we also found indications that malware was present in the system. To find out more, our technical support engineers needed additional information.
We need to gather additional information about suspicious activity in your system.
To accomplish this, download and install the Dr.Web utility.
Launch the utility and press “Start Scanning”. Once the utility task is completed, it will forward a report to us automatically.
You will only need to indicate in the query that scanning has been completed.
Analysis of the collected data revealed the presence of a rogue mining application.
C:\programdata\windows\Archicad.exe is a cryptocurrency mining program. You can delete the application if you do not personally use it.
How did the mining program get into the computer? The user explains:
“My problems began when I started to receive warnings and blackmail letters because I was using an illegal copy of Autodesk 3D Max (I installed it for evaluation purposes). It then switched to Grafisoft - Archicad, the solution in which the mining application was hiding.”
No more details about blackmail letters were provided, but the origins of the mining application are clear. It was a pirated version containing a mining file whose name is identical to the software title.
Funny enough (although not entirely unexpected), having received a reply from Doctor Web, the user did not want to remove the pirated software (which was installed for “evaluation purposes”), and asked support engineers to pluck the malware out of the application).
— Keep Autodesk 3D Max and Grafisoft Archicad and remove the mining application. “I do realise that it can't be just uninstalled but perhaps there is a way to use registry entries to remove the malware and keep the other files?”
A custom Dr.Web utility build was used to remove the mining application but no further information is available about whether the pirated version actually worked without the file.
The Anti-virus Times recommends
- Do not install illegal software copies. The above example demonstrates how doing so may lead to dangerous consequences.
- Avoid downloading software distributions from third-party sites (those that do not belong to the respective software developers and publishers) or via torrent trackers.
- When installing software, read all the contents of wizard installation dialogues and check all installation settings.
- If you have doubts about a distribution file you have downloaded, don't rush to install the software. First, scan it with your installed anti-virus or upload and examine it at virustotal.com, which hosts anti-virus scanners from almost all respected security software developers.