0

I have noticed now suddenly that a process called minerd.exe*32 runs in my system along with process update.exe*32. These processes eat of a lot of CPU cycles. I googled minerd.exe. I came to know that it is a process used for bitcoins. But I am not using any bitcoins and I have never tried to access any bitcoin site from that machine.
Can anyone give more details as to what that process does? How it works? Is it a malware?

Ashwin
  • 365
  • 2
  • 7
  • 19
  • 1
    The process itself is not malicious but you do have malware that is starting it. Most security software should find it. – Ramhound Feb 02 '14 at 05:34
  • 1
    You've been hit by a botcoin miner thief. – Fiasco Labs Feb 02 '14 at 06:08
  • @FiascoLabs : I think you are right. They need machines that are on 24*7 and that machine is a server running JBOSS. So I was thinking How can I determine when and how it happened? Is there a way to do it? – Ashwin Feb 02 '14 at 17:03
  • http://superuser.com/questions/100360/how-do-i-get-rid-of-malicious-spyware-malware-viruses-or-rootkits-from-my-pc – Ƭᴇcʜιᴇ007 Feb 02 '14 at 17:31

1 Answers1

2

Minerd.exe*32 is a process to mine bitcoins. Basically, the bitcoin network throws a very complex problem at all computers running this, and the first computer (or pool of computers) gets a reward.

Obviously solving a very difficult math problem takes a lot of processing power.

I recommend running malwarebytes and checking for viruses. Formatting your hard drive is the only sure way to be sure it's gone, however.

Jon
  • 9,181
  • 39
  • 95
  • 127
  • Thanks for answering. Is there a way of knowing how and when it got introduced into my system. The system it got introduced into is actually a server which is on 24*7. So, is there any kind of logs or anything to know when and how it go into that server. – Ashwin Feb 02 '14 at 11:30
  • Do a virus scan and find the file that did it. The look at the properties of the file. 99% of viruses are from skids from HackForums (yuck) with a free online crypter, just run malwarebytes and it should be removed. – Jon Feb 02 '14 at 17:05