Games lagging? Steam.exe hogging resources? Your PC may now be a Bitcoin mining bot!

Davva2004

New member
Some new malware has been found in the wild, and reported on the Oneplus forum where a gamer found his games were lagging badly, and the culprit was steam.exe

bitcoin-miner.jpg


But he didn't have Steam installed!

Here's his post, quoted as is...

https://forums.oneplus.net/threads/steam-exe-be-aware-everyone.268205/

my opo friends there's some new malware going around that uses your GPU to mine for BitCoins. Even when idle, you'll see spikes around 90-95% in GPU usage.
During games, this can be devastating and reduce your performance to almost nothing. EDIT: its not for Steam, it just disguise in its name.
it has been a long time that i played games on pc, today i was showing Battle Field 4 to a friend and it lagged like hell! i closed everything and it's still the same, i rebooted the pc.. same. i opened msi kombuster and it showed 90% of usage and a 50 degree C temp, even that its freezing in here. i freaked out! i opened the task manager and started killing processes while monitering the msi kombuster, the usage returned to 0% when i killed steam.exe, i dont recall having steam, i did find it in the program. uni. nor at the start up services, i started digging and it was at (AppData\Roaming\Steam\Reversed) i uploaded it to virustotal.com and got this

https://www.virustotal.com/en/file/...265a6630a886b9baaf77f62201fd27948ec/analysis/

after hours of searching on google it was clear that It somehow installs itself and mines for BitCoins. That's pretty much it. i changed its extension to .txt and found this inside.

steam_zps86796b79.jpg


btw even the mightiest AV didn't catch it like AVIRA, AVG, Super Anti Spyware and Malware Bytes you have to remove it manually

Navigate to \AppData\Roaming\Steam\Reversed. Once there, delete it. It doesn't appear in msconfig as far as I can tell, so you'll have to manually remove it from the directory.
U can also find it in appdata/winrar and appdata/adobe folders.
Edit: It also stores itself in System32/Tasks folder.
You'll have to delete these as well to prevent it from updating and re-installing again.

just thought about sharing. well, sharing is caring :)

As far as I can tell from the posts and links here it appears genuine, so if you suddenly start noticing lag in games or constant GPU activity then please check your PC for this malware.
 
Back
Top