How to remove “Risktool.Bitcoinmin.21104”?

The Risktool.Bitcoinmin.21104 is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Risktool.Bitcoinmin.21104 virus can do?

The binary contains an unknown PE section name indicative of packing
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Risktool.Bitcoinmin.21104?


File Info:
name: CAE3B35EEA06E32442D2.mlw
path: /opt/CAPEv2/storage/binaries/d080c23b61997a77c487b75913562ce3135563091d18348a725a858f0712d6be
crc32: 4D110CDE
md5: cae3b35eea06e32442d23a9c9b7ba852
sha1: a058c8fbcabfe1f61a8a2fd3edf954311f693104
sha256: d080c23b61997a77c487b75913562ce3135563091d18348a725a858f0712d6be
sha512: c66cacf28140cf8518d84b7bef6376572616f0bb9ceb75a1c42a90819312516fbbbf5abe0b8fae8c7f346998a2259401ead869860e115825ac0edd3462312569
ssdeep: 24576:agfonj1m+O8tcmOSQZplCMqdnT6uz9/sHKs0jwjV:agfon5m+kxZoF6qs0jwx
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T141455C54EB8758B6DE53197246DFE37F2B34EA04C213CF86EF14196AED23EA25A44304
sha3_384: b4b2ccefb613ac119a3ab9943774ea57eec35594dc82d3e31f7685132554db3c100d3848576141a6aa8f5be73c75fbca
ep_bytes: 5589e583ec18c7042401000000ff1500
timestamp: 2014-09-24 03:45:03

Version Info:
FileVersion: 1.0.0.9
ProductVersion: 1.0.0.9
OriginalFilename: DcUpdate.exe
InternalName: DcUpdate.exe
FileDescription: DcUpdate.exe
CompanyName:  
LegalCopyright: Copyright (c) 2009
ProductName:  
Translation: 0x0000 0x04b0

Risktool.Bitcoinmin.21104 also known as:

Elastic	malicious (high confidence)
FireEye	Generic.mg.cae3b35eea06e324
CAT-QuickHeal	Risktool.Bitcoinmin.21104
Cylance	Unsafe
K7AntiVirus	Unwanted-Program ( 004d38111 )
Alibaba	RiskWare:Win32/Miners.b294540f
K7GW	Unwanted-Program ( 004d38111 )
Cybereason	malicious.bcabfe
Symantec	ML.Attribute.HighConfidence
ESET-NOD32	a variant of Win32/CoinMiner.BF potentially unwanted
Kaspersky	not-a-virus:HEUR:RiskTool.Win32.CoinMiner.gen
Avast	Multi:BitCoinMiner-C [PUP]
Sophos	Bitcoin Miner (PUA)
VIPRE	Trojan.Win32.CoinMiner.ba (v)
McAfee-GW-Edition	BehavesLike.Win32.PUP.th
SentinelOne	Static AI – Suspicious PE
Jiangmin	RiskTool.BitCoinMiner.bh
Antiy-AVL	Trojan/Generic.ASMalwS.2B49E0F
Gridinsoft	Ransom.Win32.Gen.sa
ViRobot	Adware.Coinminer.1272464.A
GData	Win32.Application.Agent.XV0DS2
McAfee	Artemis!CAE3B35EEA06
TrendMicro-HouseCall	TROJ_GEN.R002H0CLB21
Rising	HackTool.CoinMiner!1.CA68 (CLASSIC)
Ikarus	Trojan.Rogue
eGambit	Unsafe.AI_Score_99%
Fortinet	Riskware/Miner
AVG	Multi:BitCoinMiner-C [PUP]

How to remove Risktool.Bitcoinmin.21104?

Risktool.Bitcoinmin.21104 removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X