Closed Toxenskiy closed 3 years ago
Is your pool address and wallet correct?
yes, it runs the file for some reason.
it drops the file and doesn't run it.
Hmm is "Install" and "Watchdog" enabled or not?
install yes, Watchdog no.
Firstly, why not? Secondly, it doesn't auto-start it without the Watchdog anymore since Windows Defender instantly detects it if it does.
and after restarting the pc, will he start it?
Yeah if the miner entry exists in "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" in the registry it will start with Windows, You can check with regedit.
Also, if you enable the Watchdog it will automatically start the miner if it's closed down and will copy it back if removed. And GPU mining Monero isn't very profitable anymore, GPU mining Ethereum or something else is better (though it requires a good GPU).
you can just glue 2 miners xd
1 per processor, other per video card. this miner mines only on the CPU, if not then how to disable gpu mining
You enabled GPU mining in the Monero builder. But yes if you build both the Monero miner and the Ethereum miner I linked and bind them together it will mine on both CPU (Monero) and GPU (Ethereum).
but how to glue them together so that there are not many detections so?
Well some File Binders will be detected as droppers and others won't but generally it depends if you want to sacrifice some undetectability to be able to mine on both CPU and GPU. I have used https://bytecode77.com/pe-union before it can be a bit advanced.
I remember this application +12 detections
Yeah because people scan it with virustotal so it gets detected but you can use any .NET Obfuscator on it to decrease detections.
Well, that's what I do.
Yeah but trying different obfuscators and settings in the obfuscator can decrease it more but if you can't get it to decrease then just spreading the Monero miner by itself is fine.
File died after obfuscation
Try turning off "Compress & Encrypt Resources" since they're already encrypted.
helped
bruh
All that remains is to find a normal eth-proxy for linux. The last eth-proxy update six years ago was just
https://github.com/Atrides/eth-proxy actually still works.
Set it up and use the 'http' scheme in the builder and it should all work. Of course there might be bugs since it's quite old but I mined with it for about an hour and it worked.
and after installing the proxy, what should I specify here?
one more question, is there a way to make the file encrypt itself at startup and start itself? Or how to implement it differently. It's just that obfuscation does not work more than 2-3 times, then defender already detects
if it is defender that is causing issue why not disable it with nyan x cat script :)
You should usually select the 'http' scheme for proxies. The miner is unfortunately really already as encrypted as it can be. What does the antivirus detect the file as? It will usually say what it thinks it is. You could also try using other settings in the obfuscator since sometimes it detects the things like 'Anti ILDASM'.
By the way, I recently saw another watchdog from another miner, he wrote the program into a notepad via base64 and then recovered due to this (even if all processes are closed, it will still start)
Well I could but then I would have to add the Watchdog into the registry I guess. I would have to test it out.
How is it going?
on YouTube, it seems like I saw such a code, the video was called "work custom malware"
Yeah it does make the miner easier to remove though since they can more easily find the watchdog.
I have 2 questions, 1)How to remove the miner from watchdog !!!kdopskapdoas 2)Where in the source code can you add additional processes from which the miner will hide?
The watchdog reads the miners code into memory at the start.
The programs which it "hides" from is coded into the XMRig, currently it's only Task Manager for the XMR miner since Windows doesn't seem to appreciate too many calls at a high frequenzy.
but how to remove it from memory?
End the process called "sihost64.exe"
And when will the function of random worker nicknames appear in the builder?
it's just that this function is only available in the ETHEREUM miner
No you can use {%RANDOM%} or {%COMPUTERNAME%} in both builders.
ok, fix it
I know that it doesn't say it, technically I don't believe most pools support having too many worker names which is why I haven't added it. I would only recommend using either if you don't plan on having too many workers or are using xmrig-proxy.
i know what you mean and yes i use xmrig proxy
i use vds 23$/year
Yeah then using {%RANDOM%} or {%COMPUTERNAME%} will be fine as long as it isn't passed on to the pool. Might add it into the tooltip though I probably need to say that mining directly to a pool with many worker names might get you banned.
i know ;)))
it would be great to have a custom build so others don't kill it.
by the way, why every time the miner is restarted a different name, I thought it should be the same
Doesn't work at all.