X
Tap here to go to the mobile version of the site.

Support Forum

Help with probably cryptocurrency mining malware

Posted

37.26 KB OK so I frequently find my mid 2014 MBP with it's fan spinning away madly, especially when unattended with the internet connection left on. I look at the Activity Monitor and see a process titled "firefox" is eating 65% of my CPU (and every time this happens, it is always exactly 65%) so I close firefox. But that doesn't kill the process. And there is this other thing called Firefox Web Content (Not Responding) which is always eating gigabytes of my memory. I suppose it could just be a buggy firefox, but methinks it is some cryptocurrency mining malware that jumped into my system via javascript, especially since I visit various crypto sites researching stuff because I do legit mining myself.

I’ve scanned with Malwarebytes and Comodo and Sophos, and they don’t catch anything. I could just kill the processes and wipe my cache and firefox web history and maybe that would fix it, but I want to submit this to virus/malware scanners. But I don't know what to submit, there are too many files.

So inspecting these two offending processes, there is a long list of files they have open. Maybe someone here can look at this and tell me what is going on. First I'll paste the "firefox" process, and then after that the "Firefox Web Content"

(OK so I tried to paste it here but there is a limit with this box. So you have to look here: https://pastebin.com/jYu5Px33 Also look here for some images, because that functionality isn't working on this page either. (I'm using Chrome) https://imgur.com/a/CPJZg

37.26 KB OK so I frequently find my mid 2014 MBP with it's fan spinning away madly, especially when unattended with the internet connection left on. I look at the Activity Monitor and see a process titled "firefox" is eating 65% of my CPU (and every time this happens, it is always exactly 65%) so I close firefox. But that doesn't kill the process. And there is this other thing called Firefox Web Content (Not Responding) which is always eating gigabytes of my memory. I suppose it could just be a buggy firefox, but methinks it is some cryptocurrency mining malware that jumped into my system via javascript, especially since I visit various crypto sites researching stuff because I do legit mining myself. I’ve scanned with Malwarebytes and Comodo and Sophos, and they don’t catch anything. I could just kill the processes and wipe my cache and firefox web history and maybe that would fix it, but I want to submit this to virus/malware scanners. But I don't know what to submit, there are too many files. So inspecting these two offending processes, there is a long list of files they have open. Maybe someone here can look at this and tell me what is going on. First I'll paste the "firefox" process, and then after that the "Firefox Web Content" (OK so I tried to paste it here but there is a limit with this box. So you have to look here: https://pastebin.com/jYu5Px33 Also look here for some images, because that functionality isn't working on this page either. (I'm using Chrome) https://imgur.com/a/CPJZg

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36

More Information

Pkshadow
  • Top 10 Contributor
1057 solutions 14618 answers

Helpful Reply

Please consider turning on send info to Mozilla before posting a question. This helps us help you. As I have no info from your system that would help see things that cause issues. When you do I have most of the information I need to help you.

It is probably not malware but Firefox and is a bug.

Check to : See if Multi-Processor Support is turned on. Multi-processor support feature may be disabled depending on your setup (it was for me) - you can check this by launching Firefox, then enter in "about:support" in the address bar; near the bottom, you should see a heading that says: "Multiprocess Windows", then look at the value next to it. If it says "0/1", then that means it's disabled. 0/2 and higher = on unless says it is off.

Then check the Task Manager and see how many instances of Firefox is running and what the memory numbers are like.

If need to can turn off multiprocessor : You can try to modify multi-process settings to see if this has effect. You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.

set dom.ipc.processCount to 1 if it is currently set to a higher value (4) disable multi-process windows in Firefox

You can disable multi-process windows in Firefox by setting these prefs to false on the about:config page.

browser.tabs.remote.autostart = false browser.tabs.remote.autostart.2 = false

http://kb.mozillazine.org/about:config Also can reverse everything this tells you to enable it. http://www.ghacks.net/2016/07/22/multi-process-firefox/

What you pasted to the url's well ,easier to do a screenshot of the Task Manager/or what ever the Mac is.

This is what you do with suspected stuff that you can not read from Malwarebytes : https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do- now/

http://kb.mozillazine.org/about:config Also can reverse everything this tells you to enable it. http://www.ghacks.net/2016/07/22/multi-process-firefox/

Please let us know if this solved your issue or if need further assistance.

Please consider turning on send info to Mozilla before posting a question. This helps us help you. As I have no info from your system that would help see things that cause issues. When you do I have most of the information I need to help you. It is probably not malware but Firefox and is a bug. Check to : See if Multi-Processor Support is turned on. Multi-processor support feature may be disabled depending on your setup (it was for me) - you can check this by launching Firefox, then enter in "about:support" in the address bar; near the bottom, you should see a heading that says: "Multiprocess Windows", then look at the value next to it. If it says "0/1", then that means it's disabled. 0/2 and higher = on unless says it is off. Then check the Task Manager and see how many instances of Firefox is running and what the memory numbers are like. If need to can turn off multiprocessor : You can try to modify multi-process settings to see if this has effect. You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue. set dom.ipc.processCount to 1 if it is currently set to a higher value (4) disable multi-process windows in Firefox You can disable multi-process windows in Firefox by setting these prefs to false on the about:config page. browser.tabs.remote.autostart = false browser.tabs.remote.autostart.2 = false http://kb.mozillazine.org/about:config Also can reverse everything this tells you to enable it. http://www.ghacks.net/2016/07/22/multi-process-firefox/ What you pasted to the url's well ,easier to do a screenshot of the Task Manager/or what ever the Mac is. This is what you do with suspected stuff that you can not read from Malwarebytes : https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do- now/ http://kb.mozillazine.org/about:config Also can reverse everything this tells you to enable it. http://www.ghacks.net/2016/07/22/multi-process-firefox/ Please let us know if this solved your issue or if need further assistance.