We checked up the file JHPROTOMINER.EXE and found it hazardous.
The file JHPROTOMINER.EXE must be deleted from the system immediately.
Kill the process JHPROTOMINER.EXE and remove JHPROTOMINER.EXE from the Windows startup.
Malware Analysis of JHPROTOMINER.EXE
Full path on a computer: %Appdata%\Microsoft\Windows\System\Miner\PTS\32bit\jhProtominer.exe
Detected by UnHackMe:
JHPROTOMINER.EXE
Default location: %Appdata%\Microsoft\Windows\System\Miner\PTS\32bit\jhProtominer.exe
Removal Results: Success
Number of reboot: 1
JHPROTOMINER.EXE is known as:
Trojan.BitCoinMiner, RiskTool.BitCoinMiner.OvjZO.8aOrg, RiskTool.BitCoinMiner.129024, Trojan.Miner, Application\Bitcoin, a variant of Win32.BitCoinMiner.AP, W32.BitCoinMiner.AP, Trojan.BitCoinMiner.AP
JHPROTOMINER.EXE hash:
- MD5: 30208797b6ece8a9402dcf21eb314f15
The file tries to connect to the dangerous web site.
How to quickly detect JHPROTOMINER.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\BITS\Start: 0×00000002
Folders:- %Appdata%\Microsoft\Windows\System
- %Appdata%\Microsoft\Windows\System\Miner
- %Appdata%\Microsoft\Windows\System\Miner\PTS
- %Appdata%\Microsoft\Windows\System\Miner\PTS\32bit
- %Appdata%\Microsoft\Windows\System\Miner\PTS\64bit
Files:- %Appdata%\Microsoft\Windows\System\Miner\PTS\32bit\jhProtominer.exe
- %Appdata%\Microsoft\Windows\System\Miner\PTS\64bit\jhProtominer.exe
- %Appdata%\Microsoft\Windows\System\Miner\PTS\svchost.exe
- %Temp%\BIT1.tmp