This page aims to help you remove Coinhive “Virus”. Our removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.
Browser hijackers are known to be extremely irritating and hardly anyone who’s ever had to deal with one will tell you otherwise. However, dealing with this particular software type can also be pretty frustrating. For one, its behavior is also often misjudged by users, who wrongly assume they’ve been infected by a virus. Things like the changed Chrome, Firefox, or other browser homepage and newly set default search engine, as well as the parade of online ads that just keeps on going and covering your screen – all of this can very well arouse suspicion of something far more sinister going on. Luckily, that’s not the case and we’ll prove it to you on the example of Coinhive “Virus” – a browser hijacker that’s been bothering a number of users lately. In this article we will aim to explain exactly what this type of software is capable of and whether or not you really should be concerned about your system’s safety. Furthermore, we will also provide those of you who’ve already ended up with Coinhive “Virus” on their computers with a set of removal instructions. You will find them below this article, but before you head over to them, we would advise you to read through the following few paragraphs first.
What do browser hijackers generally do?
Software like Coinhive “Virus” exists for the sole purpose of generating profit for its developers by displaying paid ads on the screens of hundreds and thousands of users, who install it. In doing so, the software also ensures the exposure of various products, services, websites, etc. This is to say that Coinhive “Virus” and other browser hijackers do not run any malicious scripts and have no harmful intentions, which is a major difference between them and actual viruses like ransomware and Trojans, for example. Nevertheless, security experts identify hijackers and similar software as potentially unwanted due to a number of factors. In fact your system resources might have been used to mine the Monero cryptocurrency.
For one, hijackers often like to snoop around the browsing history of the computers they’re on. As a result, they gain information that has to do with the browsing preferences of each individual user. And this, in turn, they need in order to optimize their advertising campaigns. However, as strictly business-driven as this activity may be, most users have no idea about it. Another factor that contributes to programs like Coinhive “Virus” being dubbed PUPs is the manner in which they get distributed. Do you recall ever downloading or installing this particular browser hijacker of your own free will? Did you go online and actually type in the name of the software and then follow a download link to get it? Chances are, you didn’t. But we’ve got some news for you: you still downloaded and installed it on your own.
Coinhive “Virus” Removal
If you are a Windows user, continue with the guide below.
If you are a Mac user, please use our How to remove Ads on Mac guide.
If you are an Android user, please use our Android Malware Removal guide.
Some of the steps will likely require you to exit the page. Bookmark it for later reference.
Reboot in Safe Mode (use this guide if you don’t know how to do it).
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous.
Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:
This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/
After you open their folder, end the processes that are infected, then delete their folders.
Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.
Type msconfig in the search field and hit enter. A window will pop-up:
Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.
Hold the Start Key and R – copy + paste the following and click OK:
A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:
If there are suspicious IPs below “Localhost” – write to us in the comments.
Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.
- Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click Properties.
- The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
- Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.
- After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.
Right click on the browser’s shortcut —> Properties.
NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).
Properties —–> Shortcut. In Target, remove everything after .exe.
Remove Coinhive “Virus” from Internet Explorer:
Open IE, click —–> Manage Add-ons.
Find the threat —> Disable. Go to —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.
Remove Coinhive “Virus” from Firefox:
Open Firefox, click ——-> Add-ons —-> Extensions.
Find the adware/malware —> Remove.
Remove Coinhive “Virus” from Chrome:
Close Chrome. Navigate to:
C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:
Rename it to Backup Default. Restart Chrome.
Type Regedit in the windows search field and press Enter.
Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!
This happens with the help of a simple, yet very clever invention known as program bundling. It means that you downloaded some other piece of programming and attached to its installer was Coinhive “Virus”. Most users skip reading the EULA or even at least the individual installation steps of the wizard and rush through it by repeatedly clicking on ‘Next’. What makes matters worse is that they often choose the Default or Automatic installation option, which gives them little say in the whole process. If you were to select the Advanced or Custom settings, you would have most likely been given the opportunity to opt out of any undesired software that may have been added by the developers. So this is something to keep in mind when installing new programs in the future.
Besides that, there’s also the fact that programs like Coinhive “Virus” don’t generally offer any usefulness for regular users. As a matter of fact, for the most part they just sit there generating ads in the background and collecting data about your browsing habits, and all the while using your PC’s resources. As a result, your system can become much slower over time and you will end up having less free disk space. Not to mention that as a result of the resource consumption, your computer might begin to lag, leading programs to malfunction and crash. Last but not least, browser hijackers can also make your computer more vulnerable to external threats. Moreover, the numerous links and ads that are generated and well as the frequent page redirects could potentially land you on insecure web locations and put you at risk of infection.
|Danger Level||Medium (nowhere near threats like Ransomware, but still a security risk)|
|Symptoms||The first thing users notice is the changed homepage and/or default search engine of their browser|
|Distribution Method||Program bundles are the most popular source, followed by spam emails, other hijackers and adware, online ads, etc.|
Some threats of this type reinstall themselves repeatedly if you don't delete their core files. We recommend downloading SpyHunter to scan for malicious programs. This may save you hours and cut down your time to about 15 minutes.