These days, Chinese hackers has compromised more that 50,000 PHPMyAdmin and MS SQL to mine the TurtleCoin as a campaign of large scale cryptojacking named Nansh0u Miner. To know more about this crypto-miner malware, go through this expert's guide completely.
| Threat Profile of Nansh0u Miner | |
| Threat Name | Nansh0u Miner |
| Category | Trojan, Malware, Crypto-miner malware |
| Danger Level |  |
| Discovered On | February 26th, 2019 |
| Related | Bitcoin Collector Scam, Olympic Destroyer, Trojan.Winreg.SUP etc. |
| Mainly Targeted | PHPMyAdmin and Windows MS SQL server |
| Originated From | China |
| Primary Goal | Tricks MS SQL and PHPMyAdmin server to access PC remotely and mine TurtleCoin. |
| Notorious Actions |
|
| Deletion | Possible using Windows Scanner Tool. So, use it for the successful deletion of Nansh0u Miner. |
Descriptive Note on Nansh0u Miner
Nansh0u Miner is a new malware campaign which is mainly linked to the PHPMyAdmin and Windows SQL based system. It's attack was discovered in February 2019 and from then it has infected more that 50,000 Systems which means it's attack is wide. This malware is mainly originated from China because it uses EPL programming language and includes 2 feature including Chinese binaries and log files but it doesn't mean that it cannot affect other Country user. It is regarded as worst malware created by attacker with evil intention.
Propagation Tendencies of Nansh0u Miner
Nansh0u Miner is another worst malware that capable to gain the remote access on targeted machine. To penetrates inside the machine, it uses various tricky method but mainly uses the CVE-2014-4113 vulnerability to enter inside the machine. Another most common ways through which it gains privileges on machine are software bundling, torrent attacker, drive-by-downloads, fake software updater, pirated software, contaminated devices and much more.
Get Familiar With Primary Goal of Nansh0u Miner
After penetrating inside the machine, it secretly download and install the cryptocurrency ming application that primary aim to collect the TurtleCoin. This malware is also capable to gaining online revenue from the XMRig, an open source script of Monero cryptocurrency mining. Since, it is a part of malicious malware, so it's developer has several evil intention. Once getting inside the machine, it causes hundreds of serious issues like information tracking, System freezes up, modification in crucial settings and many more. But you can avoid it's attack or make your machine safe for future, by following below described an effective Nansh0u Miner removal instruction.
>>Free Download Nansh0u Miner Scanner<<
Steps to Remove Nansh0u Miner
Step 1>> How to Boot Windows in Safe Mode to isolate Nansh0u Miner
Step 2>> How to View Hidden Files created by Nansh0u Miner
for Windows XP
- Exit all Program and Go to Desktop
- Select My Computer icon and Double Click to Open it
- Click on the Tools Menu and now select and Click on Folder Options.
- Select on View Tab that appears in New Window.
- Check mark on the box next to Dispaly the Contents of System Folders
- Now Check the box in order to Show Hidden Files and Folders
- Now press on Apply and OK to close the Window.
- As soon as these steps are performed, you can view the files and folders that were created by Nansh0u Miner and hidden till now.
for Windows Vista
- Minimize all Window and Go to Desktop
- Click on the Start Button which can be found in lower lef Corner having Windows Logo
- Click on the Control Panel on the Menu and Open it
- Control Panel can be opened in Classic View or Control Panel Home View.
- If you have Selected Classic View, follow this
- Double Click on the Folder icon to open it
- Now select the view tab
- Click on Option to Show Hidden Files or Folders
- If you have Selected Control Panel Home View, follow this
- Appearance and Personalization link is to be Clicked
- Select on Show Hidden Files or Folders
- Press Apply Option and then Click on OK.
This will Show all the Folders including those created by Nansh0u Miner
Know how to view Hidden Folders on Windows 7, Win 8 and Windows 10
(Following the above steps are necessary to view all the files created by Nansh0u Miner and that is known to exist on Compromised PC.)
- Open the Run Box by holding together the Start Key and R.
- Now Type and input appwiz.cpl and press on OK
- This will take you to the Control Panel, Now Search for Suspicious programs or any entries related to Nansh0u Miner. Unistall it once if you happen to find it. However be sure not to Uninstall any other program from the list.
- In the Search Field, Type msconfig and press on Enter, this will pop-up a Window
In the Startup Menu, Uncheck all the Nansh0u Miner related entries or which are Unknown as Manufacturer.
Step 3>> Open the Run Box by Pressing Start Key and R in Combination
- Copy + Paste the following Command as
- notepad %windir%/system32/Drivers/etc/hosts and press on OK
- This will Open a new file. If your system has been hacked by Nansh0u Miner, certain IP’s will be displayed which can be found in the bottom of the screen.
Look for the suspicious IP that is present in your Localhost
Step 4>> How to Terminate Nansh0u Miner Running Processes
- Go the Processes Tab by pressing on CTRL+SHIFT+ESC Keys Together.
- Look for the Nansh0u Miner Running Processes.
- Right Click on Nansh0u Miner and End the Process.
Step 5>> How to Remove Nansh0u Miner Related Registry Entries
- Open Registry by Typing Regedit in the Run box and Hit Enter Key
- This will open all the list of entries.
- Now Find and search the entries created by Nansh0u Miner and cautiously delete it.
- Alternatively, you can manually search for it in the list to delete Nansh0u Miner Manually.
Unfortunately, if you are unable to remove Nansh0u Miner, Scan your PC Now
Also submit question and let us know in case you are having some doubt. Our Experts will definitely respond with some positive suggestions for the same. Thanks!
Related Posts
Remove PyXie Trojan from Windows 10 : Take Down PyXie Trojan- Killua Backdoor Uninstallation: Tutorial To Delete Killua Backdoor In Just Few Steps
- Remove Gon Malware from Windows 7
- EYE Malware Removal: Help To Remove EYE Malware Completely
- Delete CSPY Downloader Manually
- Possible Steps For Deleting Win32/Bundpil from Windows 10