Win64/CoinMiner.ABL removal tips

The Win64/CoinMiner.ABL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win64/CoinMiner.ABL virus can do?

Unconventionial language used in binary resources: Chinese (Simplified)
The binary likely contains encrypted or compressed data.
The executable is compressed using UPX

How to determine Win64/CoinMiner.ABL?


File Info:
crc32: BAF5A87A
md5: 887af57b27d6fd4d7dfb6774d2d1ace5
name: sqlservrs.exe
sha1: a3cf2a615c841b136e76a8a8b59de45d8fdeb8b8
sha256: 3c725253d3cdc0868192534693fb904c9486d0827a1b825a8ae1d43ffa47ec13
sha512: 7f0c5e6e488f9f91a5340e47728088c42c0473aaeb4cf0cb808c44ec3ff56e4d016e8263016a0eeb9240b2bf94a63439c91f63a18c0ec499c655decd9a370023
ssdeep: 12288:GUIksZ1+1PLFLgxTxe0srWC+mvN9zOBEAA6RPHR3FRZ/xiW8S:gKjFiBsUmvN9a86RxZp
type: PE32+ executable (console) x86-64, for MS Windows

Version Info:
LegalCopyright: Microsoft Corp. All rights reserved.
InternalName: SQLSERVR
FileVersion: 2011.0110.3128.00 ((SQL11_SP1_GDR).121228-2010 )
CompanyName: Microsoft Corporation
ProductName: Microsoft SQL Server
ProductVersion: 11.0.3128.0
FileDescription: SQL Server Windows NT - 64 Bit
OriginalFilename: SQLSERVR.EXE
Translation: 0x0000 0x04b0

Win64/CoinMiner.ABL also known as:

FireEye	Generic.mg.887af57b27d6fd4d
McAfee	Artemis!887AF57B27D6
Cylance	Unsafe
K7GW	Trojan ( 005647911 )
CrowdStrike	win/malicious_confidence_80% (W)
Invincea	heuristic
Symantec	Trojan.Gen.2
APEX	Malicious
Kaspersky	not-a-virus:RiskTool.Win32.BitCoinMiner.ocmm
Alibaba	Trojan:Application/CoinMiner.8903b5b4
AegisLab	Riskware.Win32.BitCoinMiner.1!c
Endgame	malicious (moderate confidence)
Sophos	Generic PUA KD (PUA)
F-Secure	Trojan.TR/CoinMiner.qmthb
McAfee-GW-Edition	BehavesLike.Win64.Fake.jc
Trapmine	malicious.high.ml.score
Ikarus	Trojan.Win64.CoinMiner
eGambit	Unsafe.AI_Score_82%
Avira	TR/CoinMiner.qmthb
ZoneAlarm	not-a-virus:RiskTool.Win32.BitCoinMiner.ocmm
Microsoft	Trojan:Win32/CoinMiner.C!cl
Acronis	suspicious
ESET-NOD32	Win64/CoinMiner.ABL
Rising	PUA.CoinMiner!8.4639 (TFE:dGZlOgXMIb1l5+IOGg)
Fortinet	Adware/CoinMiner
AVG	FileRepMalware
Cybereason	malicious.15c841
Paloalto	generic.ml
Qihoo-360	Generic/HEUR/QVM202.0.8CA9.Malware.Gen

How to remove Win64/CoinMiner.ABL?

Win64/CoinMiner.ABL removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X