{"id":4602,"date":"2018-06-02T17:30:13","date_gmt":"2018-06-02T12:00:13","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=4602"},"modified":"2025-06-19T17:34:39","modified_gmt":"2025-06-19T12:04:39","slug":"brutal-crypto-mining-malware-crashes-your-pc","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/","title":{"rendered":"A Cryptomining Malware Named WinstarNssmMiner is Brutally Hijacking Computers"},"content":{"rendered":"
\"WinstarNssmMiner<\/div>\n

A new kind of Cryptominning malware is spreading fastly, infecting nearly 500,000 computers in just three days. Researchers have named it as ‘WinstarNssmMiner,’ and it is built based on an open-source and legitimate Monero mining utility named XMRig.<\/p>\n

‘WinstarNssmMiner’ malware<\/strong> <\/em>is found to crash computers the moment antivirus products attempt to remove it. It turns OFF antivirus protection in the victim’s computer and backs off when there is a powerful antivirus in the machine. Hence, users who don’t have good antivirus software installed on their PCs would experience slowness and blue screens on their computers.<\/p>\n

Once into the victim’s computer, the ‘WinstarNssmMiner’ malware launches the svchost.exe process which is used to manage system services. Then it injects a malicious code into the file (svchost.exe). One of the injected processes begins mining Monero cryptocurrency<\/strong><\/em> while the other process runs in the background to evade detection by antivirus software.<\/p>\n

Next, the ‘WinstarNssmMiner’ sets the spawned process\u2019 attribute to CriticalProcess. Even if a computer savvy user tries to terminate it, the system will crash since it is a CriticalProcess.<\/p>\n

Once the ‘WinstarNssmMiner’ enters a computer, it carefully scans the compromised PC for antivirus products. If the victim’s computer has any decent antivirus software<\/a> offered by reputable companies such as Comodo, the ‘WinstarNssmMiner’ quits automatically.<\/p>\n

However, if the victim’s computer as weaker antivirus software, the malware starts the crash process and blue screens while the mining Monero cryptocurrency on the hacker’s behalf by using the victim computer’s CPU power.<\/p>\n

It\u2019s unclear how the ‘WinstarNssmMiner’ infection spreads, but once it executes on a targeted computer, it starts the process of injecting malicious code into svchost.exe.<\/p>\n

In recent times there has been a sharp rise in the number of cyber attacks aimed at mining cryptocurrencies. Due to the financial frenzy caused by cryptocurrencies such as Bitcoin, hackers have turned to crytominers to earn money.<\/p>\n

It is advisable that you install a good antivirus software like Comodo Antivirus to protect your PC from such attacks. Apart from Comodo Antivirus, no other antivirus software or virus removal software<\/a> can completely protect your computer from the ever-evolving array of cyber attacks from savvy hackers. Even an advanced web or email content filter tool with up-to-date virus signatures is still no match for the ever-evolving and sophisticated malware variants.<\/p>\n

In case of “Default Allow” security posture used by almost all other anti virus software<\/a>, unknown malicious files will be allowed to access sensitive information from the user’s computer. Comodo uses “Default Deny” security posture that quickly contains unknown files in a containment.<\/p>\n

Comodo Antivirus can help protect your PC against viruses, and other types of Malware that can be deployed through a zero-day vulnerability. Zero-day vulnerabilities are hard to fix on-time as the security flaw is previously not known to the developers. (https:\/\/hungryenoughtoeatsix.com<\/a>) Timely release of the security patch depends on the developers, i.e., how quickly they can come up with a patch if a security flaw shows up.<\/p>\n

Comodo antivirus leverages containment technology to detect and contain malware including the zero-day malware such as ‘WinstarNssmMiner.’ Install Comodo Antivirus today!<\/p>\n

 
\n\"comodo<\/a><\/p>\n

\"comodo<\/a><\/p>\n

Related Resources:<\/strong>
\nAntivirus Software<\/a><\/p>\n

Website Backup<\/a><\/p>\n

Website Malware Scanner<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

A new kind of Cryptominning malware is spreading fastly, infecting nearly 500,000 computers in just three days. Researchers have named it as ‘WinstarNssmMiner,’ and it is built based on an open-source and legitimate Monero mining utility named XMRig. ‘WinstarNssmMiner’ malware is found to crash computers the moment antivirus products attempt to remove it. It turns […]<\/p>\n","protected":false},"author":5,"featured_media":2744,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[186,26],"class_list":["post-4602","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-comodo-news","tag-cryptomining","tag-malware"],"yoast_head":"\nBrutal Crypto Mining Malware WinstarNssmMiner Crashes Your PC<\/title>\n<meta name=\"description\" content=\"A Brutal Crypto Mining WinstarNssmMiner malware has been found to crash computers the moment antivirus products attempt to remove them from a user\u2019s PC.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Brutal Crypto Mining Malware WinstarNssmMiner Crashes Your PC\" \/>\n<meta property=\"og:description\" content=\"A Brutal Crypto Mining WinstarNssmMiner malware has been found to crash computers the moment antivirus products attempt to remove them from a user\u2019s PC.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-02T12:00:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-19T12:04:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/\",\"name\":\"Brutal Crypto Mining Malware WinstarNssmMiner Crashes Your PC\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png\",\"datePublished\":\"2018-06-02T12:00:13+00:00\",\"dateModified\":\"2025-06-19T12:04:39+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"A Brutal Crypto Mining WinstarNssmMiner malware has been found to crash computers the moment antivirus products attempt to remove them from a user\u2019s PC.\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png\",\"width\":225,\"height\":170,\"caption\":\"iloveyouvirus\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Cryptomining Malware Named WinstarNssmMiner is Brutally Hijacking Computers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Brutal Crypto Mining Malware WinstarNssmMiner Crashes Your PC","description":"A Brutal Crypto Mining WinstarNssmMiner malware has been found to crash computers the moment antivirus products attempt to remove them from a user\u2019s PC.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/","og_locale":"en_US","og_type":"article","og_title":"Brutal Crypto Mining Malware WinstarNssmMiner Crashes Your PC","og_description":"A Brutal Crypto Mining WinstarNssmMiner malware has been found to crash computers the moment antivirus products attempt to remove them from a user\u2019s PC.","og_url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2018-06-02T12:00:13+00:00","article_modified_time":"2025-06-19T12:04:39+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png","type":"image\/png"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/","url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/","name":"Brutal Crypto Mining Malware WinstarNssmMiner Crashes Your PC","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png","datePublished":"2018-06-02T12:00:13+00:00","dateModified":"2025-06-19T12:04:39+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"A Brutal Crypto Mining WinstarNssmMiner malware has been found to crash computers the moment antivirus products attempt to remove them from a user\u2019s PC.","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/2017\/08\/shadowpad-malware-prevention.png","width":225,"height":170,"caption":"iloveyouvirus"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/brutal-crypto-mining-malware-crashes-your-pc\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A Cryptomining Malware Named WinstarNssmMiner is Brutally Hijacking Computers"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4602","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=4602"}],"version-history":[{"count":18,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4602\/revisions"}],"predecessor-version":[{"id":21971,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4602\/revisions\/21971"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/2744"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=4602"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=4602"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=4602"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}