Windows 10 ALERT

windows 10

Windows 10 ALERT – ‘Invisible’ virus can slow your PC until it becomes UNUSABLE

Windows 10 fans have been put on alert about malicious software that can slow their computers to a snail’s pace and is invisible to them. The adware was discovered by analysts from Bleeping Computer. Who revealed it can drain CPU resources by up to 80 per cent.

The malware has been dubbed FileTour and the software steals processing power in order to mine for cryptocurrency. The adware, which is of Russian origin, creates a Windows autorun that launches the Google Chrome browser in a way that’s invisible to the victim.

The browser launches without a window appearing on the desktop every time a user logs in. Once open Chrome then runs a CoinCube mining script. The adware steals up to 80 per cent of processing power to mine for Bitcoin rival Monero. Depending on the amount of RAM the victim has on their machine, affected PCs can slow down considerably.

And because Chrome opens in an invisible state it could be a long time till victims realise what is hogging up their resources. While the Chrome window does not appear when the adware is mining for Monero. There is some way users can discover what is eating up their CPU power.

When task manager is opened it shows that chrome.exe is running and the amount of CPU resources it is using. April 2018 update

 

 

Investigation

Bleeping Computer investigated the Windows 10 adware further and looked at the site being opened by the malicious software. It is a page pretending to be a Cloud flare anti-DDoS verification site which is complete with its own Captcha test.

In a blog post outlining the threat, Bleeping Computer creator and owner Lawrence Abrams said. “FileTour is an adware bundle that is commonly spread as cracks or cheats for games and other software.

“This bundle is notorious for crossing the line between what is traditionally known as adware and PUPs and more dangerous computer infections such as password-stealing Trojans and miners.

“This adware bundle has started to create a Windows autorun that automatically launches Chrome and connects to an in-browser mining page when a user logs into Windows.

“To make matters worse, it does it in a way that makes it so Chrome is invisible to the user.”

Describing how users can stay safe, Abrams added. “Miners are becoming an epidemic and in-browsing mining is only going to continue to get worse.

The Windows 10 adware runs in a secretly opened window that users can’t see

“Therefore, it is important that all users protect themselves by installing antivirus software. That detects when a browser connects to known mining services such as CoinCube.

“Unfortunately, new in-browsing mining services keep popping up and it has become a game of whack-a-mole for the security industry. Therefore, your installed software may not detect the URL or scripts associated with a new in-browser miner.

“To add further protection, you can use an adblocker with Chrome, which will block in-browser mining scripts. For those looking for a more granular approach, you can use the CoinBlockerLists site to download lists of IP addresses and domains affiliated with in-browser mining.”

 

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *