Coinminer Trojan


Coinminer is one of the worst types of malware that you can come across is what is known as Trojan Horse. Coinminer is currently on the rise and many users have become victims to it which is why we decided it is important that our readers are well informed with regards to this noxious malware threat.

Coinminer Trojan

The Coinminer Trojan

Now, we know that you have most likely heard about this highly dangerous category of PC viruses but are you aware of their actual characteristics – what they can do, how they are distributed and how one could handle such a threat?In case you want to learn more about any of those aspects, we advise you to read the paragraphs below as they will offer you some important information that you might want to know with regards to Trojans. The main reason we have written the current article is one recently reported Trojan called Coinminer – it is currently on the rise and many users have become victims to it which is why we decided it is important that our readers are well informed with regards to this noxious malware threat.

The Coinminer Trojan

You all know that Trojan Horses are very dangerous and have the potential to cause some pretty nasty problems to the computers they infect. However, what makes a Trojan like Coinminer so devastating?

For starters, you need to understand that malicious programs that fall under this malware group are very, very stealthy. Most users do not even realize that their computers have been compromised. In most cases, the best chance one would have at detecting a Trojan would be if they have a good antivirus that can spot the infection on time. However, even with a reliable antivirus, there’s still no guarantee that the threat would get detected.


The two most important rules when it comes to protecting your PC against any sort of malware are being careful online and having a reliable antivirus program. Therefore, if you want to keep your system safe and sound, make sure that you avoid any suspicious and shady-looking online content (sketchy ads, spam e-mails, questionable update requests, etc.) as well as stay away from sites with low or unknown reputation. Also, as we said above, having a strong security software is also very important so make sure to get that covered if you haven’t already done so.

Typically, the way a Trojan Horse infection occurs is when the user interacts with a file or some online element that carries the infection. Typically, the malware is disguised as something seemingly harmless – a file that you might think is a program or a legitimately-looking update request. Whatever the malware carrier is, hackers try to make it look as safe-looking as possible so that the victim could get tricked into opening it. Once the malicious element gets executed via an account on the computer that has Administrator privileges, the cyber-criminal who’s behind the attack would gain remote access to the targeted machine and would be able to put the Trojan Horse into use. What that use would actually be depends on the agenda of the hacker. Trojans typically can be re-programmed to serve multiple purposes and we cannot really say what such a malware would be used for if it has made it inside your PC. All we can do is give you a general idea regarding the most common ways in which such viruses get utilized.

Trojan Horse uses

Here are several examples of what a typical Trojan Horse program like Coinminer might be able to do. Keep in mind that those aren’t all possible uses that you can expect from such a virus but only the most common and likely ones:

    • System damage – Trojans can oftentimes cause severe damage to the system of your PC by corrupting important data and modifying the Registry. This could lead to crashes, freezes, Blue Screen of Death, slow-down and even to the inability of the PC to load Windows after a reboot.
    • Spying – some of those viruses are also capable of spying on their victims. In this case, your keystrokes might get recorded, screenshots might get taken from your screen and even your webcam might get used for stalking purposes.
    • Distribution of other malware – Trojans are also capable of loading other malware inside the infected machine. For instance, if Coinminer has infiltrated your computer, it might be used do download a Ransomware virus inside it which would then lock up your personal files and blackmail to pay a ransom in exchange for the access to the sealed data.
    • Mining and spam – in addition to all we mentioned already, a Trojan might also force your computer to use all of its RAM, CPU and maybe even GPU memory to mine for a certain cryptocurrency (BitCoin, Ethereum, Monero, etc.). Also, it is possible that your machine gets tasked with sending out spam messages to other unfortunate users.


Name Coinminer
Type Trojan
Danger Level  High (Trojans are often used as a backdoor for Ransomware)
Symptoms  Any suspicious and unusual PC behavior can be due to a Trojan infection.
Distribution Method Malvertising, illegal sites with questionable content, spam messages, etc.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Coinminer Trojan Removal


Coinminer Trojan

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Coinminer Trojan


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab. Try to determine which processes are dangerous. 

Coinminer Trojan

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Coinminer Trojan
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
Coinminer TrojanClamAV
Coinminer TrojanAVG AV
Coinminer TrojanMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Coinminer Trojan

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Coinminer Trojan

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

Coinminer Trojan

Coinminer Trojan

Type msconfig in the search field and hit enter. A window will pop-up:

Coinminer Trojan

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Coinminer Trojan

If there are suspicious IPs below “Localhost” – write to us in the comments.

Coinminer Trojan

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

1 Comment

Leave a Comment