Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (70)
  • add to favourites
    Add to Bookmarks

A mining problem

Read: 21173 Comments: 9 Rating: 17

Monday, June 1, 2020

A user contacted our technical support service because his important files were lost for some reason. As it turned out, the file loss was caused by a hard disk failure. But we also found indications that malware was present in the system. To find out more, our technical support engineers needed additional information.

We need to gather additional information about suspicious activity in your system.

To accomplish this, download and install the Dr.Web utility.

Launch the utility and press “Start Scanning”. Once the utility task is completed, it will forward a report to us automatically.

You will only need to indicate in the query that scanning has been completed.

Analysis of the collected data revealed the presence of a rogue mining application.

C:\programdata\windows\Archicad.exe is a cryptocurrency mining program. You can delete the application if you do not personally use it.

How did the mining program get into the computer? The user explains:

“My problems began when I started to receive warnings and blackmail letters because I was using an illegal copy of Autodesk 3D Max (I installed it for evaluation purposes). It then switched to Grafisoft - Archicad, the solution in which the mining application was hiding.”

No more details about blackmail letters were provided, but the origins of the mining application are clear. It was a pirated version containing a mining file whose name is identical to the software title.

Funny enough (although not entirely unexpected), having received a reply from Doctor Web, the user did not want to remove the pirated software (which was installed for “evaluation purposes”), and asked support engineers to pluck the malware out of the application).

— Keep Autodesk 3D Max and Grafisoft Archicad and remove the mining application. “I do realise that it can't be just uninstalled but perhaps there is a way to use registry entries to remove the malware and keep the other files?”

A custom Dr.Web utility build was used to remove the mining application but no further information is available about whether the pirated version actually worked without the file.

#VCI #extortion #piracy #support #signs_of_infection

The Anti-virus Times recommends

  1. Do not install illegal software copies. The above example demonstrates how doing so may lead to dangerous consequences.
  2. Avoid downloading software distributions from third-party sites (those that do not belong to the respective software developers and publishers) or via torrent trackers.
  3. When installing software, read all the contents of wizard installation dialogues and check all installation settings.
  4. If you have doubts about a distribution file you have downloaded, don't rush to install the software. First, scan it with your installed anti-virus or upload and examine it at, which hosts anti-virus scanners from almost all respected security software developers.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.