How to Remove XMRig Miner Virus

Home ยป Trojan ยป How to Remove XMRig Miner Virus
Updated
January 8 2026
Author
Brandon Skies

If a process or file called XMRig miner has suddenly appeared on your computer, particularly after installing unfamiliar software from the internet, you should treat it as suspicious and follow this guide carefully to understand what it is and how to remove it safely.

XMRig began life as a legitimate open-source miner for the privacy-focused cryptocurrency Monero, using ordinary CPUs and GPUs. In the โ€œXMRig miner virusโ€ scenario, criminals quietly deploy altered builds of this tool to turn victimsโ€™ computers into unpaid mining rigs. The code is smuggled in via software bundles, fake security installers, pirated games on torrent sites, contaminated USB drives and, in some campaigns, direct attacks on vulnerable servers.

Once running, it can push the processor to maximum load for long periods, making the system feel frozen, forcing fans to spin constantly, and in extreme cases risking overheating or hardware failure. Some variants arrive together with aggressive advertising modules and data-harvesting components that track browsing, searches, and keystrokes. Others, such as Altrusis App and Altrusis Service, bury themselves in system folders under random names and relaunch at every reboot, while evading basic antivirus checks.

In this overview I describe how to recognize, remove, and prevent XMRig-based mining infections. If you would rather automate the process, you can use SpyHunter 5, which can detect and remove XMRig Miner Virus with only a few clicks.

We tested that SpyHunter successfully removes XMRig* and we recommend using it. It will block XMRig from reinstalling itself and it will make sure your device is clean from any malware.

SpyHunter Logo Try Free For 7 Days*

Buy now15% OFF if you buy straight without trial.

Advanced Anti-Malware Protection

Blocks Harmful Websites

Custom Malware Fixes Just For You

Prevents Re-installation

OFFER*Source of claim SH can remove it. Trial w/Credit card, no charge upfront; full terms.

Manual XMRig Removal Guide

Begin with Windowsโ€™ normal uninstall options and see whether XMRig miner virus can be removed like a regular application. This first pass is quick and low risk, and even if it does not clear everything, it often gets rid of obvious components before you move on to deeper cleanup.

Remove XMRig from Apps & Features

15 mins
    Remove XMRig from Apps & Features1

  1. 1
    1.1
    Start by checking whether XMRig is listed among your installed programs: open the Start Menu, go to Settings, and open the main panel where Windows groups system and app options.
  2. 2
    1.2
    In Settings, choose Apps. The page shows every installed application and lets you sort or filter entries by name, size, or installation date so recent additions are easier to review.
  3. 3
    1.3
    Change the sort order to Installation date so the newest items appear at the top. This makes it simpler to spot programs added around the time the issue started.
  4. 4
    1.4
    When you locate an unwanted or suspicious program, select it, click Uninstall, and follow the prompts to completion. Let the uninstaller remove bundled components and avoid closing it early.
  5. 5
    1.5
    Afterward, open C:\Users\YourUsername\AppData\Local\Programs and review the folders there. Remove leftover directories or executables tied to software you have just uninstalled.
  6. 6
    1.6
    If any related folder remains, delete it manually. Restart Windows afterward so locked files are released and to check that the removed program no longer tries to start with the system.

After the reboot, confirm that the program you removed no longer appears in Apps & Features or starts with Windows. If any traces remain, treat them as normal for persistent threats and move on to the next steps to clear hidden components and relaunch points.

SUMMARY:

Name XMRig
Type Trojan
Detection Tool

anti-malware offerOFFER Read more details in the first ad on this page, EULA, Privacy Policy, and full terms for Free Remover.
Complete XMRig Miner Virus Removal video

How to Completely Remove XMRig

When the malicious processes are still running, you can observe where they live and how they start in real time. With XMRig active, its files, launch entries, and helper components are easier to identify, giving you a clearer map of what needs to be removed.

1. Getting your system ready to remove XMRig

15 mins
    Getting your system ready to remove XMRig1

  1. 1
    1.1
    folder options htr
    Enable full visibility so leftover pieces of XMRig are easier to spot. Search for Folder Options from the Start Menu, open it, switch to the View tab, and turn on Show hidden files, folders, and drives to reveal hidden items that may hold unwanted components.
  2. 2
    1.2
    Locked files can slow removal, so install LockHunter to handle items Windows reports as in use. The tool is free, does not require registration, and integrates into the context menu so you can see what locks a file and remove stubborn executables or DLLs safely.

If you prefer to rely mainly on built-in Windows tools, most of the guide stays manual and under your control. For particularly stubborn files, this utility is simply an extra option that can remove items Windows marks as in use.

LockHunter remains free, does not show ads, and does not require an account. Downloading and installing it usually takes only a short moment.

Stop XMRig Processes in Task Manager

Ending only one visible process rarely solves the problem, because related helpers and scheduled entries can immediately bring it back. The steps below show how to locate the executable tied to XMRig, remove the files that back it, and then close the process so it cannot restart easily.

2. Stop suspicious XMRig processes and delete their files

15 mins
    Stop suspicious XMRig processes and delete their files1

  1. 1
    2.1
    To see how XMRig behaves, press Ctrl + Shift + Esc to open Task Manager and review the list of running processes and their resource usage.
  2. 2
    2.2
    If Task Manager opens in its compact view, click More details. The expanded window shows background processes, publishers, and startup impact, which makes it easier to judge what each item is doing.
  3. 3
    2.3
    example suspicious process
    Sort the list by CPU or Memory usage and look for unfamiliar names, odd publishers, or unusually high consumption. Malicious processes frequently try to blend in but still stand out through their resource use.
  4. 4
    2.4
    Right-click any suspicious entry and choose Open file location. Examining the folder path and the fileโ€™s properties helps you quickly distinguish legitimate system components from unwanted software.
  5. 5
    2.5
    Try deleting the folder that contains the executable. If Windows refuses because the file is in use, run LockHunter, select Whatโ€™s locking this file?, release the lock, and remove the file and its folder from inside the tool.
  6. 6
    2.6
    Return to Task Manager and click End task on the same process. Ending it after deleting its executable reduces instant restarts and prepares the system for the later cleanup steps.

We tested that SpyHunter successfully removes XMRig* and we recommend using it. It will block XMRig from reinstalling itself and it will make sure your device is clean from any malware.

SpyHunter Logo Try Free For 7 Days*

Buy now15% OFF if you buy straight without trial.

Advanced Anti-Malware Protection

Blocks Harmful Websites

Custom Malware Fixes Just For You

Prevents Re-installation

OFFER*Source of claim SH can remove it. Trial w/Credit card, no charge upfront; full terms.

Delete XMRig Virus Files From Windows

Intrusions often place helpers in startup locations and user folders so they launch automatically whenever you sign in. Cleaning these directories removes shortcuts, loaders, and temporary executables tied to XMRig, which greatly lowers the chance that the unwanted program returns after a reboot.

3. Clean startup and program folders linked to XMRig

15 mins
    Clean startup and program folders linked to XMRig1

  1. 1
    3.1
    Begin with the common startup locations that XMRig may use to relaunch itself: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup and C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup. Remove shortcuts or executables you do not recognize.
  2. 2
    3.2
    In each Startup folder, leave desktop.ini in place and remove any unfamiliar entries. When Windows refuses to delete an item, call LockHunter to unlock it and remove the file safely.
  3. 3
    3.3
    Next, review the main program locations – C:\Program Files and C:\Program Files (x86) – and look for recently created, empty, or strangely named folders that are not associated with software you intentionally installed.
  4. 4
    3.4
    Also check user-level paths such as C:\Users\YourUsername\AppData\Local\, C:\Users\YourUsername\AppData\Local\Programs, and C:\Users\YourUsername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs, which often store launchers, update helpers, or small scripts.
  5. 5
    3.5
    delete temp files
    Finally, clear temporary files: open C:\Users\YourUsername\AppData\Local\Temp, press Ctrl + A to select everything, delete the selected items, and then empty the Recycle Bin.

Remove XMRig Miner Virus Scheduled Tasks

Scheduled tasks can quietly launch code linked to XMRig even after you delete its visible files. Reviewing these entries shows which commands are executed, which accounts they run under, and where the payload is stored so you can remove both the triggers and their targets.

4. Turn off scheduled tasks that restart XMRig

15 mins
    Turn off scheduled tasks that restart XMRig1

  1. 1
    4.1
    task scheduler
    Launch Task Scheduler to look for triggers that might start XMRig again. Search for it from the Start Menu, open the console, and expand the Task Scheduler Library to view tasks under your account and system folders.
  2. 2
    4.2
    Double-click any listed task to open its Properties window. On the Actions tab, check which executable or script is launched and whether additional parameters are passed.
  3. 3
    4.3
    Pay special attention to entries that point into AppData or Roaming folders, especially when the task name or path looks unfamiliar. Legitimate vendors rarely place core launchers in unusual user subfolders.
  4. 4
    4.4
    If a task is clearly unwanted, copy the full path shown under Actions, then delete the task from Task Scheduler so it can no longer start automatically.
  5. 5
    4.5
    Next, browse to that copied path and remove the referenced executable or script. Removing both the task and its file ensures it cannot be triggered again after a restart.
  6. 6
    4.6
    Repeat this review for every folder under the Task Scheduler Library, including additional subfolders created by installers, because persistence mechanisms are often hidden behind generic or misleading names.

Remove the XMRig Malware Entries From the Windows Registry

After deleting files and startup entries, Registry values linked to XMRig can still instruct Windows to launch the program or its helpers. Carefully adjusting only suspicious autostart locations lets you disable these runs while keeping essential services and drivers untouched.

5. Delete XMRig remnants with Registry Editor

15 mins
    Delete XMRig remnants with Registry Editor1

  1. 1
    5.1
    Open Registry Editor so you can see autostart entries that might keep XMRig running: press Win + R, type regedit, and press Enter.
  2. 2
    5.2
    Press Ctrl + F and search for the exact name of the program you removed earlier. This often reveals leftover service, shell, or configuration keys.
  3. 3
    5.3
    When the search locates a match, select the key in the left pane and delete it. Continue scanning with F3 until no more results are found in any hive.
  4. 4
    5.4
    Repeat the same search-and-delete routine for other dubious programs identified earlier in the guide. Removing their Registry traces prevents helper components from restoring missing files.
  5. 5
    5.5
    Perform one last search for the specific threat name. Deleting any remaining value or path reference reduces the chance that components are recreated at startup.
  6. 6
    5.6
    Manually review these frequently used Registry locations for autostart and policy-based launch entries:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
  7. 7
    5.7
    For each of these locations, check the right pane for values that point to unknown executables or strange directories. Delete only the specific value entries you identify as unwanted so essential components remain intact.

Restart Windows to complete the cleanup. Confirm that the system starts normally, that no unexpected pop-ups or relaunches appear, and that your browsers and applications behave as usual. If anything suspicious persists, use an offline malware scanner to look for hidden drivers, repair altered settings, and verify that no unwanted scheduled tasks remain.

blank

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Is Your PC Secure?

Protect your PC & prevent malware with SpyHunter (Try Free For 7 Days*)

Download SpyHunter Now
(Windows)