-4
Do you recognize the program "C:\Program Files\Java\sidebar.exe" - I can't find anything about it by searching, and nothing in my event logs suggests what might have causes this file to exist. Apparently I had a restart just before the time it was created, but I didn't have any installs in the session prior to that restart.
I noticed it due to my CPU fan rising fast. Stuck around 13% CPU usage. Virus total: https://www.virustotal.com/da/file/26c7282daa667210785080f0dbe8e6f85c8a3949e433b198ee91d9ebffd1b5b5/analysis/1372769247/
Currently I handle it as a virus. (resolved, see comments below)
Elias ringhauge
Posted 2013-07-02T12:49:55.770
Reputation: 1
2So what's your question exactly? If it's a virus or some kind of malware? – matan129 – 2013-07-02T12:52:00.277
Why don't you just remove Java then reinstall Java. Be sure to delete the Java directory between these operations. – Ramhound – 2013-07-02T13:47:12.953
@Ramhound He has a bitcoin miner virus, it's unrelated to Java. He needs to clean his system. – Darth Android – 2013-07-02T14:35:43.507
@mantan129 Whether you recognized the program or not. Lack of information makes it difficult for me to trace what its functionality is and how I got it. #Darth Android Thanks, I have also come to that conclusion after studying that topic a bit more. Using FileInsight I found the config folder, and it is uses http://www.ztex.de/btcminer/ and https://github.com/progranism/Open-Source-FPGA-Bitcoin-Miner/tree/master/projects/X6000_ztex_comm4/hdl
The userid used in the bit files are not resembling a bitcoin user id, (ex: 0xFFFFFFFF) - The program doesn't seem to be dangerous in it self.
@DarthAndroid - Based on its location I would also gather its a virus written in Java. Which is part of the reason I told him to reinstall Java, since its very likely, he is using an vulerable version of Java. – Ramhound – 2013-07-02T15:17:23.977
@Ramhound If it's a virus, then its location is meaningless. Viruses install wherever they think they can hide best. – Darth Android – 2013-07-02T15:29:48.867