I even checked all my running processes and autostarts with VirusTotal using "Autoruns.exe" but nothing suspicious came up. So I ran all those scanners again, blocked the port dwm.exe was using (it just used another one after that), killed the process just to have it restarted immediatly afterwards. Upon opening it I was greeted by the text "Mining Pool Online". I noticed, that dwm.exe does not only connect to googles DNS server (8.8.8.8.), but also to a pretty weird URL: static.27.12.130.94.
Today I decided to look into this a little bit and opened dwm.exe with Process Explorer. Better just wait a while before reinstalling windows".
Or maybe it's just a bug in the last Windows Update. So I though to myself: " I guess I do have another Miner Maleware on my PC, which isn't being detected by the removal tools. But after updateing all my drivers and even reducing the graphic effects to a minimum nothing changed.īooting into Safe Mode though seems to solve this problem.
That suspicious process didn't show up after that anymore.īut it seems like that is not the end of the story: a few weeks ago I noticed that my dwm.exe process is eating up around 30-40% of my CPU and needs between 2-4GB of RAM.ĭwm.exe should have no reason to use so much of my resources, especially since I am using a Intel i7 9700K (OC) and I have Hardware Acceleration enabled.Īfter some google searches I found out that bad drivers or some graphic settings might ause this problem. I used TcpView and ProcessExplorer to nail it down to a specific *.exe file and blocked the ports as well as removed the file.
.jpg "launcher.exe darksiders 2")
It disguised itself as a windows process, installed itself into system32 and ran it's process with a fake Windows identification.Īfter countless Virus Removal Tool Scans none of them found that virus so I just removed it manually. 1 or 2 months ago I noticed that I infected my computer with a CryptoCoinMiner.
0 kommentar(er)
