Tweet
NsCpuCNMiner32.exe is a Trojan and Monero mining software that uses your computer's CPU processor to mine the Monero digital currency. This Trojan is spread as an executable called Photo.scr, which when started will copy itself to all drives on the infected computer. It will then extract a executable called NsCpuCNMiner32.exe to the %Temp% folder and launch it. When NsCpuCNMiner32.exe is launched it will use all of the available CPU processing power to mine the Monero digital currency.
NsCpuCNMiner32.exe Monero Miner Removal Guide
NsCpuCNMiner32.exe is a Trojan and Monero mining software that uses your computer's CPU processor to mine the Monero digital currency. This Trojan is spread as an executable called Photo.scr, which when started will copy itself to all drives on the infected computer. It will then extract a executable called NsCpuCNMiner32.exe to the %Temp% folder and launch it. When NsCpuCNMiner32.exe is launched it will use all of the available CPU processing power to mine the Monero digital currency.
What makes this PUP concerning is that this program will use your CPU card all of the time. This causes your computer to consume extra electricity, generate unnecessary heat, and could potentially damage your hardware due to its constant utilization. It's fine if you are choosing to use your computer to make revenue for yourself, but for another program to do it on your computer without your permission is the same thing as stealing from you.
Furthermore, the Photo.scr will be configured to start automatically when you login into Windows. This will also automatically launch the miner as well. While running, Photo.scr will scan the Internet for FTP servers and when it encounters one it will try to login to it. If it is able to, and has write access, it will upload a copy of itself and possibly hack web site files to further spread the malware.
Unfortunately, it is not always easy to tell if you are infected the NsCpuCNMiner32.exe/Photo.scr infection. The only symptoms of being infected are:
How did the NsCpuCNMiner32.exe get on my computer?
NsCpuCNMiner32.exe spreads by copying itself to all drives, including mapped network drives, on an infected computer. It will then hack FTP sites and web sites located on them, so that the Photo.scr executable can be distributed from the web site when a visitor browses the web page. As the web site is hacked to automatically prompt the visitor to download the file, visitors may accidentally launch it.
Thankfully, a lot of antivirus engines detect this Trojan. Below is a list of security programs and how they detect this Trojan.
Without a doubt, NsCpuCNMiner32.exe a computer infection and not one that you want on your computer. Not only does it use your computer's resources for the developer's own benefit, but it could permanently damage the infected computer. Even worse, it will use a victim's computer to hack FTP sites in order to distribute itself further. If you feel that are infected with this Trojan, you can use this removal guide to remove it for free.
Array
View Associated NsCpuCNMiner32.exe Files [downloaded_location]\Photo.scr%Temp%\NsCpuCNMiner32.exe%Temp%\pools.txtFile Location Notes:
%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\\AppData\Local\Temp in Windows Vista, Windows 7, and Windows 8.
View Associated NsCpuCNMiner32.exe Registry Information HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Run [downloaded_location]\Photo.scr
Click here to view the article.
NsCpuCNMiner32.exe Monero Miner Removal Guide
- Mon, 12 Sep 2016 20:47:11 EDT
- Read 170 times
NsCpuCNMiner32.exe is a Trojan and Monero mining software that uses your computer's CPU processor to mine the Monero digital currency. This Trojan is spread as an executable called Photo.scr, which when started will copy itself to all drives on the infected computer. It will then extract a executable called NsCpuCNMiner32.exe to the %Temp% folder and launch it. When NsCpuCNMiner32.exe is launched it will use all of the available CPU processing power to mine the Monero digital currency.
What makes this PUP concerning is that this program will use your CPU card all of the time. This causes your computer to consume extra electricity, generate unnecessary heat, and could potentially damage your hardware due to its constant utilization. It's fine if you are choosing to use your computer to make revenue for yourself, but for another program to do it on your computer without your permission is the same thing as stealing from you.
Furthermore, the Photo.scr will be configured to start automatically when you login into Windows. This will also automatically launch the miner as well. While running, Photo.scr will scan the Internet for FTP servers and when it encounters one it will try to login to it. If it is able to, and has write access, it will upload a copy of itself and possibly hack web site files to further spread the malware.
Unfortunately, it is not always easy to tell if you are infected the NsCpuCNMiner32.exe/Photo.scr infection. The only symptoms of being infected are:
- A process called NsCpuCNMiner32.exe or Photo.scr running in Task Manager.
- Your CPU using 100% of its utilization all of the time.
- Your computer acting very slow and sluggish.
How did the NsCpuCNMiner32.exe get on my computer?
NsCpuCNMiner32.exe spreads by copying itself to all drives, including mapped network drives, on an infected computer. It will then hack FTP sites and web sites located on them, so that the Photo.scr executable can be distributed from the web site when a visitor browses the web page. As the web site is hacked to automatically prompt the visitor to download the file, visitors may accidentally launch it.
Thankfully, a lot of antivirus engines detect this Trojan. Below is a list of security programs and how they detect this Trojan.
| AVG | Generic36.AAVT | GData | Trojan.AgentWDCR.ERF |
| Avira | TR/BitCoinMiner.fra | Kaspersky | Trojan.Win32.Miner.ays |
| Baidu | Win32.HackTool.CoinMiner.a | Malwarebytes | Trojan.BitCoinMiner |
| BitDefender | Trojan.AgentWDCR.ERF | McAfee | Trojan-CoinMiner |
| DrWeb | Tool.BtcMine.431 | Sophos | Mal/Miner-C |
| ESET-NOD32 | Win32/BitCoinMiner.BX | Symantec | Trojan.Coinbitminer |
| Emsisoft | Trojan.AgentWDCR.ERF (B) | Tencent | Win32.Trojan.Bitconer.Yyqp |
| F-Prot | W32/Adware.ALRW | TrendMicro | WORM_COINMINER.RT |
| F-Secure | Trojan.AgentWDCR.ERF | VBA32 | Trojan.BitCoinMiner |
| Fortinet | Riskware/BitCoinMiner | VIPRE | Trojan.Win32.Generic!BT |
Array
View Associated NsCpuCNMiner32.exe Files [downloaded_location]\Photo.scr%Temp%\NsCpuCNMiner32.exe%Temp%\pools.txtFile Location Notes:
%Temp% refers to the Windows Temp folder. By default, this is C:\Windows\Temp for Windows 95/98/ME, C:\DOCUMENTS AND SETTINGS\\LOCAL SETTINGS\Temp for Windows 2000/XP, and C:\Users\\AppData\Local\Temp in Windows Vista, Windows 7, and Windows 8.
View Associated NsCpuCNMiner32.exe Registry Information HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Run [downloaded_location]\Photo.scr
Click here to view the article.