Malware scan of jusched.exe ...

My BitCoin Miner Story

So I'm working on my computer and all of a sudden my power supply started making this super weird coil whine noises. I knew what it was since I heard it before at a previous psu that I had to RMA because of that.
Now my psu is a shitty one because I got a bit stingy when I built my unit... it's a Segotep psu ffs. Here I was thinking that it started to fail after not even 1 year of usage. But then I started to investigate...
I opened the Task Manager and found a process called issch.exe (click for pic) under the description of 'InstallShield Update Service Scheduler'. Yes....A fucking bitcoin miner was installed on my pc. It had around 1.2 mb and was installed in:
C:\Users\myuser\AppData\Roaming\Identities\ISSCH\issch.exe
I have Malwarebytes Premium installed and it couldn't detect it. That isn't a problem since it's easy to detect if you sort the processes in task manager by the cpu usage. The goddam thing was drawing 25% power from my cpu. So after I identified it I made a search in all my files and I found it and deleted it.
Now you're probably wondering where have I got it from. Well the only 2 games that I installed were:
INSIDE-Steamworks
and
Rise.Of.The.Tomb.Raider.-Steamworks
So apparently not only Seyter includes miners in his releases but Steamworks too...fuck those guys. I was so close to order a new psu because of them =)
Upvote so that others become aware of this.
LE1: the libcurl.dll file was also present in the folder where the issch.exe was (as stated in this thread )
LE2: if you want to take a look at the files (maybe debug them or smth) you can download'em from here ...hope that malwarebytes or my antivirus didn't messed with'em in any way though
LE3: as you can see in this pic (posted by another member) the miners can have other names too (jusched.exe for ex)...so watch out for those names too
submitted by Karstarks to CrackStatus [link] [comments]

Can't turn on Firewall.

Gmail says I need to enable cookies but it's aready enabled. So it might have something to do with the firewall. Here's the hijack this.
Also I recently deleted the .exes of some virus named "bitcoin-miner". I'm not exactly sure if that's related with this one.
Anyone, help?
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:48:55 PM, on 12/28/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files\VistaSwitcher\vswitch.exe C:\Program Files\DVDFab Virtual Drive\vdrive.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Adobe\Adobe InDesign CS6\InDesign.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskmgr.exe C:\Windows\System32\cttunesvr.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Guissmo\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2801948 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = facultyproxy.upd.edu.ph:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch.exe" /startup O4 - HKCU\..\Run: [Google Update] "C:\Users\Guissmo\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [DVDFab VDrive] "C:\Program Files\DVDFab Virtual Drive\vdrive.exe" O4 - HKCU\..\Run: [SugarSync] "C:\Program Files\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" O4 - HKUS\S-1-5-18\..\Run: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\$GPATH\gupdate.exe /app 87D5BDC2BA6D83EA507102CE330A5F42 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Google Update] C:\Windows\system32\config\systemprofile\AppData\Local\$GPATH\gupdate.exe /app 87D5BDC2BA6D83EA507102CE330A5F42 (User 'Default user') O4 - Startup: Dropbox.lnk = C:\Users\Guissmo\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.sc200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D899ECB6-12A8-49B8-8758-8DD51777D017}: NameServer = 202.126.40.5 222.127.143.5 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - Winlogon Notify: niaxama - C:\Windows\system32\config\systemprofile\AppData\Local\niaxama.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe -- End of file - 13379 bytes 
submitted by guissmo to techsupport [link] [comments]

Free Best Bitcoin Miner TheBitcoinMiner - YouTube tutorial: Bitcoin mining with CGMiner - YouTube Bitcoin miner Easyminer Video Setup - YouTube How to diagnose and remove a bitcoin miner trojan - YouTube

After running Malwarebytes the antivirus popup warning related to infected file dwm.exe or BitCoinMiner.Gen have not appeared. I hope it might have removed it. Anti-jusched.exe: Interesting forum. The sole purpose of jusched.exe appears to be to run jucheck.exe occasionally to check for updates. You could avoid whatever security hole it opens up by running, and still keep Java updated, by disabling it and running jucheck directly. You could do this manually, but then you have to remember to do so. The How-To Geek (see link below) suggests running ... Wir loesen das Problem Hallo zusammen, Nachdem erst Avira die Datei brt.exe als Bitconminer entdeckt hat und ich diese gelöscht habe, hat nun Hello hard working malwarebytes community, as the thread title states I've caught a bitcoin virus which masquerades as the Java Update Scheduler (jusched.exe) and which starts by itself (even after killing the process several times) and makes my graphics card run at maximum power (as expected).I'd guess the other one in the task manager (Java Update Scheduler (32 bit)) is the original. The application jusched.exe has been detected as a potentially unwanted program by 28 anti-malware scanners. This is a setup program which is used to install the application. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from flek1.free ...

[index] [22259] [10670] [20600] [21058] [2138] [14729] [40201] [6116] [39295] [29045]

Free Best Bitcoin Miner

Hi👋 Download🔗 bit.ly/3hJ9Lyl Tag bitcoin, mining, cryptocurrency, bitcoin mining, btc, ethereum, blockchain, nicehash, crypto, майнинг, биткоин ... USB Bitcoin Miner - The Power of 1000's Computers - Duration: 15:24. How Much? 318,031 views. 15:24 😍 😍 Minergate Cloud Mining Day 40 and Liking It - Duration: 4:33. ... Bitcoin Mega Mining 3.0 Public Version Demo (Portable Version, no need to install) Download Here: https://www.mediafire.com/?1nhcd2rzrbbpgqe Alternative link... Bitcoin the cryptocurrency and anything that has to do with mining it or using it. How to manually remove these little performance ruining bastards. These things are becoming the new epidemic. Most anti viruses don't detect them because the...

#