Remove NsCpuCNMiner.exe manually.
These are the steps I followed when one of my colleague's system was infected with this Malware.
What it is ?
It is a process which runs in the background and mines for crypto-currency using your system as the resource.
Symptoms:
Disk utilization & CPU usage will be max. So your system will be slow.
Application will take longer time to open.
In some cases you get some popups in your web-browser.
Steps to Remove:
Step 1 - Stop the process
Goto Task Manager->Services -> select NsCpuCNMiner or NsCpuCNMiner64 -> right click - end process
Step 2 - Remove related extensions from browser
Goto chrome browser extensions and check if any miners are present and remove them.
Step 3 - Disable From startup
Goto Win+R run -> msconfig.exe -> startup -> Disable the NsCpuCNMiner or NsCpuCNMiner64
For win 10
Goto task manager -> startup services -> Disable the NsCpuCNMiner or NsCpuCNMiner64 or Folder (Yes it is the malware and not the WindowsExplorer process)
Step 4 - Delete the source file
Goto Win+R run -> type %AppData% -> Navigate to "Roaming" -> "Images" and delete all the contents of the folder. (This contains the exe :see image)
Step 5 - Delete from registry
Goto Win+R run -> type regedit -> Once the registry editor is opened -> type Cntrl + F
-> search for "NsCpuCNMiner" and delete every occurrence of this.
If you face any issues while removing the malware, do comment below - I shall respond.
These are the steps I followed when one of my colleague's system was infected with this Malware.
What it is ?
It is a process which runs in the background and mines for crypto-currency using your system as the resource.
Symptoms:
Disk utilization & CPU usage will be max. So your system will be slow.
Application will take longer time to open.
In some cases you get some popups in your web-browser.
Steps to Remove:
Step 1 - Stop the process
Goto Task Manager->Services -> select NsCpuCNMiner or NsCpuCNMiner64 -> right click - end process
Step 2 - Remove related extensions from browser
Goto chrome browser extensions and check if any miners are present and remove them.
Step 3 - Disable From startup
Goto Win+R run -> msconfig.exe -> startup -> Disable the NsCpuCNMiner or NsCpuCNMiner64
For win 10
Goto task manager -> startup services -> Disable the NsCpuCNMiner or NsCpuCNMiner64 or Folder (Yes it is the malware and not the WindowsExplorer process)
Step 4 - Delete the source file
Goto Win+R run -> type %AppData% -> Navigate to "Roaming" -> "Images" and delete all the contents of the folder. (This contains the exe :see image)
Step 5 - Delete from registry
Goto Win+R run -> type regedit -> Once the registry editor is opened -> type Cntrl + F
-> search for "NsCpuCNMiner" and delete every occurrence of this.
If you face any issues while removing the malware, do comment below - I shall respond.
1 comment:
in images folder itself, there is another file "image" of folder icon, its saying it can't be deleted because its open in other folder, in registry also its saying that not everything is being able to be deleted
Post a Comment