Great Discover

Trojan
July 23, 2021
by Brandon Skies
Anti-virus offerOFFERWe tested that Spyhunter successfully removes parasite,* and we recommend using it. Manual removal without a program may take hours, it can harm your system if you are not careful, and parasite may reinstall itself at the end if you fail to delete its core files.
Download SpyHunter (Free Remover)
7-day Free Trial w/Credit card, no charge upfront or if you cancel up to 2 days before expiration; Subscription price varies per region w/ auto renewal unless you timely cancel; notification before you are billed; 30-day money-back guarantee; Read full terms and more information about free remover.

*Source of claim SH can remove it.

Great Discover

Great Discover is a cryptocurrency-mining malware program that uses the resources (RAM, CPU, GPU) of your computer to generate cryptocurrencies for its creators. Great Discover can be used for mining Bitcoin, Monero, Ethereum, Litecoin, etc., which could severely impact the performance of your system.

The Great Discover Virus

The goal of Great Discover isn’t to damage your computer – it doesn’t delete any files, corrupt the system, or spy on you. Its sole purpose is to mine cryptocurrency by exploiting the resources of your machine. On a more powerful computer, the user may not even notice the presence of the virus unless he/she tries to run some resource-intensive program that requires lots of RAM, CPU, or GPU to run.

What is Great Discover?

Great Discover is a type of cryptocurrency-mining virus that engages the computer’s RAM, GPU, and CPU to mine Bitcoin, Ethereum, Monero, XRP, and other cryptocurrencies. To evade detection, Great Discover may be set to operate only when the computer isn’t being used.

The reason why a lot of users that have the Great Discover virus may not be aware of its presence in the system is exactly this – the cryptocurrency-mining process could be set to only start when the computer isn’t being used. Some users may not even mind the fact that Great Discover is on their computer, so long as it doesn’t impact the system performance when they are using the computer. It should be noted, though, that even if you aren’t noticing the presence of Great Discover, the rogue program is still there, running its processes without your permission, and it wouldn’t be too far-fetched to assume that at a certain point it may attempt to do something else without requesting approval from you (such as downloading more undesirable programs on the computer).

The Great Discover app

The Great Discover app is rogue software that carries a cryptocurrency-mining Trojan that forces the computer to generate Bitcoin, Dask, Litecoin, Monero, and other cryptocurrencies. The Great Discover app should be removed from the computer immediately because it causes severe slow-downs and performance issues.

The Great Discover app can be any app that is used to deliver the Trojan into the users’ computers – it carries the Trojan as a bundled component and installs it automatically on the computer, oftentimes without the user’s informed approval. For this reason, it’s crucial to always pay attention to the installation settings and options when running the installer of a new program. Never allow an installer to add bonus software to your system on top of the main program that is getting installed unless you think you may want to get that bonus software.

The Great Discover virus

The Great Discover virus is a sneaky Trojan Horse designed to leech resources (GPU, CPU, RAM) off your system and use them for mining Monero, XRP, Bitcoin, Ethereum, and other cryptocurrencies. Having the Great Discover on a computer typically causes slow-downs, freezes, and even crashes.

The behavior and performance impact that Great Discover may have on your computer varies depending on which version of the Trojan you may have. In some cases, you may barely notice that the Trojan is there, but in other instances, the system may become almost unusable due to severe slow-downs and freezes caused by the excessive use of system resources. Regardless of what your exact situation is, removing Great Discover is still the best course of action.

There are quite a few other similar rogue programs that may get installed alongside Great Discover, so it may be a good idea to check your computer for the following list of unwanted/hazardous software components that are commonly associated with this Trojan. If you find any of them on your computer, follow the provided links to find out how to delete them.

Is Great Discover a virus?

Great Discover is a virus program that gets delivered into the system by a rogue app of the same name. The Great Discover virus silently uses large amounts of CPU, RAM, and GPU to generate Bitcoin, Monero, Ethereum and other cryptocurrencies, for its creators.

One other thing that has led researchers to categorize this rogue program as a Trojan Horse virus is its ability to remain in the system and even re-install itself automatically in spite of the users’ attempts to remove it. There is an uninstaller for Great Discover, but simply running it to delete the program typically isn’t enough. There would still be files, settings, and Registry items left after you’ve seemingly removed Great Discover that could allow it to return to your computer. For that reason, it’s important to find and delete everything linked to this Trojan in order to be sure that it has truly left your system.

SUMMARY:

NameThe Great Discover Virus
TypeTrojan
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.

*Source of claim SH can remove it.

How to uninstall Great Discover

To uninstall Great Discover, these are the steps you’d need to perform:

  1. Uninstall the program from Programs and Features or using this uninstaller: C:\Program Files\Devine Software Oy\Great Discover\Uninstaller.exe.
  2. End any remaining Great Discover processes.
  3. Clean the Startup items, the DNS settings, and the Hosts file, and delete any remaining Great Discover files.
  4. To uninstall Great Discover, the last you must do is search the Registry for “Great Discover” and “Devine” items and delete them.

You will probably need some more details about the steps above, so we recommend reading the following lines to gain a better insight into what exactly you are supposed to do in order to eliminate this virus.

Step 1: Run the Uninstaller

The first thing you need to do is try to use the .exe uninstaller of the Great Discover program and remove the majority of this Trojan with its help. There are two ways you can do this:

  1. Search for Programs and Features in the Start Menu, open the first item, find Great Discover in the list of programs, select it, and click Uninstall – this will start the uninstaller, and you must complete the steps in it.
  2. If the first method doesn’t work, or you don’t see a Great Discover entry in the list, go to this location C:\Program Files\Devine Software Oy\Great Discover, open the Uninstaller.exe executable, and complete the uninstallation process.
Programs 1

Note 1: if you are offered by the uninstaller to keep anything related to the program on your computer, refuse any such offers – you must make sure that everything that may be related to this program gets removed.

Note 2: It’s possible that another rogue/unreliable program is responsible for getting Great Discover installed on your computer, so it is a good idea to check the Programs and Features list once again for any other recent installs that seem questionable and that may be related to the Trojan virus. If you see anything that may not be welcome on your computer and/or that is unfamiliar to you, you should uninstall it.

Step 2: Search for Great Discover processes

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Running the Uninstaller.exe and uninstalling Great Discover with its help should end any related processes, but it’s still worth checking the Task Manager for rogue processes just in case. Note that running the uninstaller won’t fully get rid of the Great Discover Trojan, so there are more things to be done to complete the removal.

Open the Task Manager with the help of the Ctrl + Shift + Esc combination from the keyboard and go to the Processes tab. First, search the shown processes for anything named Great Discover or Devine and if you find such an item (or items), right-click it, select Open File Location, right-click the process again, and now select End Process. After that, delete the File Location folder that you opened.

If you didn’t find any Great Discover or Devine processes, look for other suspicious entries (especially ones with high CPU and/or memory usage) that have unusual names or names you don’t recognize. If you find anything you that raises your suspicion, tell us about the process in the comments section, or simply look up its name to see if security researchers have warned about it being rogue.

Another thing you could do is go to the File Location of the process (like we showed you above) and scan the files there with a reliable malware scanner. We recommend the scanner posted below. It is free to use on our site and requires no installation – just drag and drop any file you want to get scanned. Obviously, if even a single file from the file location of the process is detected as a threat, this means that the process must be stopped and its folder – deleted.

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Full ScanUpload New File
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.
    Processes

    Hopefully, by now, you should have a good idea of whether the suspected process is indeed harmful or not. If it is, you already know what to do, but if you didn’t find anything that suggests it may be a threat, it’s better to leave it be as it may be a legitimate system process that mustn’t be touched.

    Step 3: Safe Mode

    To prevent the Trojan from starting any rogue processes again, we recommend that you get the system into Safe Mode and operate from within that mode during the rest of this guide.

    Step 4: Clean system settings

    There are several types of system settings that may have been altered by the virus and that you need to restore to their regular states.

    First, you need to check the Hosts file – to find and open it, first go to the hard drive where Windows is installed (on most computers that’s the C: drive). Then find and open this folder: Windows/System32/Drivers/etc. There, you will see the Hosts file – double-click on it, and when asked to select a program, click on Notepad to open the file with it.

    Next, see if there are any strange IP addresses or other questionable text at the bottom of the file (right below the “Localhost” lines). If you find anything there, copy it and send it in the comments below – we will have a look and tell you if the text/IPs are from the virus. If they are, you will have to delete them from the file and save the changes you’ve made.

    Hosts 1

    The next thing you must check is the DNS settings – you can do this by typing ncpa.cpl in the Start Menu, click the first thing, right-click on the icon of the network you typically use, and go to Properties. Here, you must click on the Internet Protocol Version 4 item and have a look at its properties (click the next Properties button). In the next window, there should be an option labeled Obtain DNS server automatically – if that option isn’t enabled, click on it to enable it and then go to Advanced. In the Advanced window, select DNS, delete any IPs that may be listed in the list there, and save the changes by selecting OK on everything.

    Dns 1 1024x564

    The third thing you should check is the list of Startup items – go to it by typing msconfig in the Start Menu, pressing Enter, and then clicking on the Startup tab from in the System Configuration window that opens. There, look through the list and if there are any items named Great Discover or Devine, uncheck them. Also, look for other suspicious or unknown items and uncheck them as well. Additionally, pay attention to the Manufacturer column – anything with an unknown manufacturer or with Devine as the manufacturer must also be unchecked. Once all potentially rogue items have been deselected, click on OK.

    Msconfig 1

    Step 5: Delete leftover files

    There are several files that Great Discover has likely left on your computer after you uninstalled it in Step 1 – you must find and delete those files. Before that, however, we suggest “unhiding” the hidden files and folders on your computer. For that, type Folder Options in the Start Menu, press Enter, and click the View tab in the newly-opened window. Look through the listed options, find the one labeled Show hidden files, folders, and drives, enable it, and then click on OK.

    Folder Options

    Now, depending on the version of Great Discover that you have, the files that may have been left behind are likely to differ. Here are the files left behind by the different versions of the Trojan:

    • 1.4.0.6
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe
      • C:\Program Files\Devine Software Oy\Great Discover\msvcp140.dll
      • C:\Program Files\Devine Software Oy\Great Discover\Uninstaller.exe
      • C:\Program Files\Devine Software Oy\Great Discover\vcruntime140.dll
      • C:\Program Files\Devine Software Oy\Great Discover\vcruntime140_1.dll
    • 1.4.0.2
      • C:\Program Files\UserNamee Software Oy\Great Discover\Great Discover App.exe
      • C:\Program Files\UserNamee Software Oy\Great Discover\Great Discover.exe
      • C:\Users\UserName\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Great Discover App.exe.log
    • 1.4.1.6
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe
      • C:\Program Files\Devine Software Oy\Great Discover\msvcp140.dll
      • C:\Program Files\Devine Software Oy\Great Discover\Uninstaller.exe
      • C:\Program Files\Devine Software Oy\Great Discover\vcruntime140.dll
      • C:\Program Files\Devine Software Oy\Great Discover\vcruntime140_1.dll
    • 1.4.0.1
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe
      • C:\Program Files\Devine Software Oy\Great Discover\Uninstaller.exe
    • 1.4.0.8
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover – Copy.exe
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe
      • C:\Program Files\Devine Software Oy\Great Discover\Great Discover.exe
      • C:\Program Files\Devine Software Oy\Great Discover\msvcp140.dll
      • C:\Program Files\Devine Software Oy\Great Discover\Uninstaller.exe
      • C:\Program Files\Devine Software Oy\Great Discover\vcruntime140.dll
      • C:\Program Files\Devine Software Oy\Great Discover\vcruntime140_1.dll

    Note 1: If you have chosen to install Great Discover in a different folder, then the Great Discover folder will be located there and that’s where you must search for the remaining files.

    Note 2: If you don’t know which version of Great Discover you have on your computer, then simply go to C:\Program Files\Devine Software Oy\Great Discover (or in whatever other folder you’ve installed the program, and delete that folder with everything that’s in it.

    Note 3: If anywhere in the system you find files that seem suspicious and you think they could be related to Great Discover, do not hesitate to use the aforementioned free malware scanner that’s on our site to test them for malicious code and to delete them if the scanner flags them as threats.

    Step 6: Clean the Registry

    The last thing to do in this guide is to go the Registry Editor tool and use it to clean the Registry of your computer from Great Discover items. Open the Editor by searching for the regedit.exe executable in the Start Menu and selecting the first app that gets shown. Once asked for permission, click on Yes and the Editor will start.

    In the Registry Editor window, go to Edit from the top and select Find. Search for Great Discover and delete any items that may get found. Note that after every deleted item, you must search again to ensure there aren’t more remaining items. Once there are no more search results for Great Discover, search for Devine and delete any items that you may find.

    Regedit 1

    Next, use the sidebar to the left to manually navigate to the following Registry directories and keys. The entries listed below should have already been deleted by you when you searched for Great Discover and Devine, but it’s still recommended trying to find them manually, just in case anything has been left undeleted. Again, the entries that may be left behind depend on the Great Discover version that you may have:

    • 1.4.0.6
      • HKEY_CURRENT_USER\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Great Discover
      • HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe.ApplicationCompany
      • HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Devine Software Oy\Great Discover\Great Discover App.exe.FriendlyAppName
      • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Great Discover\ImagePath
    • 1.4.1.6
      • HKEY_CURRENT_USER\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Great Discover_RASAPI32
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Great Discover_RASMANCS
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Great Discover
      • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Great Discover\ImagePath
    • 1.4.0.8
      • HKEY_CURRENT_USER\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Great Discover
      • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Great Discover\ImagePath
    • 1.4.0.1
      • HKEY_CURRENT_USER\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Great Discover
      • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Great Discover\ImagePath
    • 1.4.0.2
      • HKEY_CURRENT_USER\Software\Great Discover
      • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Great Discover
      • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Great Discover\ImagePath

    Once you’ve checked for those Registry items and deleted any of them you may have found, restart your computer and see if the Trojan is gone from it.

    If Great Discover is still active on the computer

    If you notice that the Great Discover is still leeching resources from your system to mine cryptocurrencies, it may be best if you get a specialist to have a look at your system or use a professional removal tool to take care of the Trojan miner.

    We cannot help you with the latter option, but we can recommend you a strong and reliable anti-malware tool that can find and get rid of any rogue data that may still be present on the computer. You can find the anti-malware tool linked throughout the guide, so give it a go if you are still having problems with Great Discover and would like to get rid of it once and for all.

    blank

    About the author

    blank

    Brandon Skies

    Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

    View all posts

    11 Comments

    • hi hello, thank you so much for this article/page. i appreciate it so much. i did step 4, where you asked to paste this in the run box (notepad %windir%/system32/Drivers/etc/hosts) and found those weird IPs. can spyhunter handle/remove these IPs for me or could you help me in any way? again, thanks so much.

      Reply

      • Hi Irdina, can you please post the suspicious IPs in your hosts file here so maybe I can tell you if they pose any threat or no. If you have any questions regarding SpyHunter 5 you can ask them here

        Reply

    • Hi, these are the IP address in my Host file below Host IP:

      127.0.0.1 lmlicenses.wip4.adobe.com
      127.0.0.1 lm.licenses.adobe.com
      127.0.0.1 na1r.services.adobe.com
      127.0.0.1 hlrcv.stage.adobe.com
      127.0.0.1 practivate.adobe.com
      127.0.0.1 activate.adobe.com

      Please let me know if these are safe?

      Reply

    • Hii, so i tried uninstall it but it keep giving me a unistall page and when i insert recaptcha it say it was wrong and close the screen… how can i uninstall it anyway??

      Reply

    • Hi this is for the step 4

      # Copyright (c) 1993-2009 Microsoft Corp.
      #
      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
      #
      # This file contains the mappings of IP addresses to host names. Each
      # entry should be kept on an individual line. The IP address should
      # be placed in the first column followed by the corresponding host name.
      # The IP address and the host name should be separated by at least one
      # space.
      #
      # Additionally, comments (such as these) may be inserted on individual
      # lines or following the machine name denoted by a ‘#’ symbol.
      #
      # For example:
      #
      # 102.54.94.97 rhino.acme.com # source server
      # 38.25.63.10 x.acme.com # x client host

      # localhost name resolution is handled within DNS itself.
      # 127.0.0.1 localhost
      # ::1 localhost

      Reply

      • Hi Enzo,
        as of what you have posted, there aren’t any hostile links in the file. Is that all from the files ?

        Reply

    • 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
      0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
      0.0.0.0 media.opencandy.com
      0.0.0.0 cdn.opencandy.com
      0.0.0.0 tracking.opencandy.com
      0.0.0.0 api.opencandy.com
      0.0.0.0 api.recommendedsw.com
      0.0.0.0 rp.yefeneri2.com
      0.0.0.0 os.yefeneri2.com
      0.0.0.0 os2.yefeneri2.com
      0.0.0.0 installer.betterinstaller.com
      0.0.0.0 installer.filebulldog.com
      0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
      0.0.0.0 inno.bisrv.com
      0.0.0.0 nsis.bisrv.com
      0.0.0.0 cdn.file2desktop.com
      0.0.0.0 cdn.goateastcach.us
      0.0.0.0 cdn.guttastatdk.us
      0.0.0.0 cdn.inskinmedia.com
      0.0.0.0 cdn.insta.oibundles2.com
      0.0.0.0 cdn.insta.playbryte.com
      0.0.0.0 cdn.llogetfastcach.us
      0.0.0.0 cdn.montiera.com
      0.0.0.0 cdn.msdwnld.com
      0.0.0.0 cdn.mypcbackup.com
      0.0.0.0 cdn.ppdownload.com
      0.0.0.0 cdn.riceateastcach.us
      0.0.0.0 cdn.shyapotato.us
      0.0.0.0 cdn.solimba.com
      0.0.0.0 cdn.tuto4pc.com
      0.0.0.0 cdn.appround.biz
      0.0.0.0 cdn.bigspeedpro.com
      0.0.0.0 cdn.bispd.com
      0.0.0.0 cdn.bisrv.com
      0.0.0.0 cdn.cdndp.com
      0.0.0.0 cdn.download.sweetpacks.com
      0.0.0.0 cdn.dpdownload.com
      0.0.0.0 cdn.visualbee.net
      # unchecky_end

      Reply

    • # Corel Blocker Key Verificator
      127.0.0.1 iws.corel.com
      127.0.0.1 mc.corel.com
      127.0.0.1 apps.corel.com
      127.0.0.1 deploy.akamaitechnologies.com
      127.0.0.1 compute-1.amazonaws.com
      127.0.0.1 origin-mc.corel.com
      127.0.0.1 ipm.corel.com
      127.0.0.1 dev1.ipm.corel.public.corel.net
      127.0.0.1 tsccloud.cloudapp.net
      127.0.0.1 2.18.12.147
      127.0.0.1 googletagmanager.com
      127.0.0.1 corelstore.com
      127.0.0.1 http://www.corelstore.com

      Also i dont know how should i save the file. There is no file extension for the original file but notepad wants to save as .txt. When i choose all files and select hosts directly it says this file is read-only. How should i save?

      Reply

    Leave a Comment

    We are here to help! Use SpyHunter to remove malware in under 15 minutes.

    Not Your OS? Download for Windows® and Mac®.

    * See Free Trial offer details and alternative Free offer here.

    ** SpyHunter Pro receives additional removal definitions and manual fixes through its HelpDesk in cases where they are needed.

    Spyware Helpdesk 1