Crypto-Loot Virus (Coinhive Miner) Removal

Crypto-Loot Virus (Coinhive Miner) RemovalCrypto-Loot Virus (Coinhive Miner) RemovalCrypto-Loot Virus (Coinhive Miner) Removal

This page aims to help you remove Crypto-Loot. Our removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

In the event of an infection with a browser hijacker, it’s important not to lose your cool and remain on top of the situation. Many people, once faced with the odd changes to their Chrome, Firefox or other browser, such as the new homepage and search engine, often panic and jump to radical conclusions, such as that they’ve been attacked by a virus of some sorts. The continuous redirections to various sponsored webpages don’t help the situation either. We’d like to begin this article about Crypto-Loot by saying that it is not a virus, in fact it’s very far from it. But there are still a number of reasons why you’d best removed it from your system anyway. That is what we’re about to cover here, before we provide you with a step-by-step removal guide, which will walk you through the process of removing Crypto-Loot from your system. After that you will be able to restore your previous browser settings and return back to your undisturbed web surfing.

Browser hijackers are considered PUPs – here’s why

In continuation of a statement we made in the opening of this article, we’d like to point out that there are significant differences between PUPs and viruses or malware. The latter, such as Trojans, ransomware, spyware, worms, etc., are capable of self-installing on your computer and fulfilling an extensive list of harmful and illegal activities. In fact your system resources might have been used to mine the Monero cryptocurrency. These include but aren’t limited to data theft, data corruption, spying, extortion and this list goes on and on. A browser hijacker like Crypto-Loot can never do any of this. However, it’s not fully in the clear either, because for one – it doesn’t offer any kind of functionality that would be helpful or beneficial to the end user. In addition to that, its actions (as described above) are more often than not seen as annoying, irritating and completely uncalled for.

Crypto-Loot Virus Removal

If you are a Windows user, continue with the guide below.

If you are a Mac user, please use our How to remove Ads on Mac guide.

If you are an Android user, please use our Android Malware Removal guide.

Crypto-Loot Virus (Coinhive Miner) Removal

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Crypto-Loot Virus (Coinhive Miner) Removal


Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 

Crypto-Loot Virus (Coinhive Miner) Removal

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Crypto-Loot Virus (Coinhive Miner) Removal
Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result
Crypto-Loot Virus (Coinhive Miner) RemovalClamAV
Crypto-Loot Virus (Coinhive Miner) RemovalAVG AV
Crypto-Loot Virus (Coinhive Miner) RemovalMaldet

After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Crypto-Loot Virus (Coinhive Miner) Removal

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Crypto-Loot Virus (Coinhive Miner) Removal

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

Crypto-Loot Virus (Coinhive Miner) Removal

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Crypto-Loot Virus (Coinhive Miner) Removal

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Crypto-Loot Virus (Coinhive Miner) Removal

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

Crypto-Loot Virus (Coinhive Miner) Removal

Crypto-Loot Virus (Coinhive Miner) Removal

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

Crypto-Loot Virus (Coinhive Miner) Removal

Properties —–> Shortcut. In Target, remove everything after .exe.

Crypto-Loot Virus (Coinhive Miner) Removal

Crypto-Loot Virus (Coinhive Miner) Removal  Remove Crypto-Loot from Internet Explorer:

Open IE, click  Crypto-Loot Virus (Coinhive Miner) Removal —–> Manage Add-ons.

Crypto-Loot Virus (Coinhive Miner) Removal

Find the threat —> Disable. Go to Crypto-Loot Virus (Coinhive Miner) Removal —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

Crypto-Loot Virus (Coinhive Miner) Removal Remove Crypto-Loot from Firefox:

Open Firefoxclick  Crypto-Loot Virus (Coinhive Miner) Removal  ——-> Add-ons —-> Extensions.

Crypto-Loot Virus (Coinhive Miner) Removal

Find the adware/malware —> Remove.
Crypto-Loot Virus (Coinhive Miner) RemovalRemove Crypto-Loot from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Crypto-Loot Virus (Coinhive Miner) Removal

Rename it to Backup Default. Restart Chrome.

Crypto-Loot Virus (Coinhive Miner) Removal

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!

That is because browser hijackers are developed with the sole purpose of serving their creators. Their aim is to be distributed to as many computers as possible, where they can generate large quantities of online ads like popups and banners that promote a variety of products and services. The developers are often paid per click or per view on these ads, and that really all there is to it. Therefore it shouldn’t come as a surprise that they will try to do everything in their power to accomplish their mission. And oftentimes this includes things like monitoring the browsing patterns of users and gathering so-called traffic data. This, in turn, helps with optimizing the ads that are on display and customizing them to each individual user, which is assumed to make the whole process more profitable and therefore more productive.

But there are also more serious consequences of keeping software like Crypto-Loot on your computer that you should be aware of. For example, hijackers like this are known to alter system registry files to make advertising that much easier. And in doing so, they often lower the defenses of the computer, so as to make the redirection process and such possible. But it’s as a result of those very same redirections that you could end up on various insecure web locations that may potentially have malware on them. And with a weakened defense, your system can easily become infected. So this should be a huge red flag for anyone still considering whether they should even bother removing the hijacker from their computer.

One last thing we need to mention here is how you most likely ended up with Crypto-Loot in the first place. This could happen in a number of ways, including interacting with spam emails and online ads. But most often it happens when you download some free program off an open source download platform or similar site and install that program using its default, predetermined settings. Very often programmers will bundle different less than desirable applications with other programs and hope that the user will simply rush through the installation and not pay enough attention to opt out of these added programs. So, if you would like to have more control over what is integrated with your system from now on, always go for the more detailed Custom, Advanced or Manual settings of the installation wizard. That way you will at some point reach a step that shows you a list of bundled-in programs that you will have the chance to simply leave out of the whole process.


Name Crypto-Loot
Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms  Altered browser settings, in addition to a large number of online ads on the screen and frequent page redirects throughout day-to-day browsing
Distribution Method Mainly with the help of program bundles that you can download for free, but also via spam, other hijackers, etc.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version. More information about SpyHunter and steps to uninstall.


About the author


Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

Leave a Comment