Posts about cryptojacking
I noticed my computer got periodically slow, often when I was gaming. When opening the task manager I discovered some process called "Windows logon GUI application", which took often majority of the CPU cycles, but usually something like 40%. I think I first noticed this process months, or maybe years ago, I can't recall. I just closed it usually, as I was in middle of online battle. My first googling attempts didn't rise much suspicion about this somehow, and I discarded the idea, but my last searches revealed from multiple sources that most likely it's a crypto miner - using my electricity and computer resources to make money for someone else.
I downloaded Malwarebytes as recommended by the discussions I found. It revealed that the "Windows logon GUI application" is actually a malware, discuised as a windows service. The location it was installed to was:
There was a "winlogui" file in it without an extension. Before letting the antivirus quarantine it, I copied the file to my desktop and renamed it to "winlogui.txt". Opening it with a notepad++ revealed some sort of setup script for the miner. Among this was an address to the mining pool:
<Exec> <Command>winlogui.exe</Command> <Arguments>-o pool.minexmr.com:4444 -u 83N4TNg1xtBbDV3qVxr4ojcvt76AWeANEH5qs7qKYumujYJ1gjAdyYE2CHK1QPrzkJC5PB9eRj9ZNgzEmukUavLAEqgRNMV -p x</Arguments> </Exec>
I don't think I will ever be able to know how much money I lost to that miner, but is there anything I can do to make the life of these lowlifes a little bit less comfortable who are responsible for this. Report this address somewhere? Something else?