Stealth doesn't work

[gamethrower]

Still working after I open Task Manager even tho Stealth is on. CPU load of infected process is dropping to 0% and goes back every 10 seconds or so.

[UnamSanctam]

Hmm, mine just stays down at 0%.

[gamethrower]

I obfuscated it with Confuser, used all features except for packer. Is there a change I broke the file?

[UnamSanctam]

No it can't really do anything to the actual miner. If you use Process Hacker and double click the mining process could you screenshot the same sort of image I sent?

[gamethrower]

CPU drops to 0% when I open Process Hacker. Something wrong with Task Manager detection.

[gamethrower]

I checked using cmd CPU still jumps from 0% to 33% even with Task Manager closed.

[UnamSanctam]

Try and rebuild the miner, ensure that all the settings are correct as well.

[gamethrower]

Same

[UnamSanctam]

If you run it without 'Stealth' what does it show?

[gamethrower]

[UnamSanctam]

Hmm, do you have 'Idle' enabled?

[gamethrower]

No

[UnamSanctam]

It could have something to do with it being Windows 7. I just remembered that it can't detect the Task Manager in Windows 7 since it doesn't have a window class.

[gamethrower]

Maybe, but why does CPU load jump like this?

[gamethrower]

[UnamSanctam]

Do you have a computer that doesn't have Windows 7 that you can test it on? It could have something to do with that.

[gamethrower]

No, I don't have one. Windows 7 is in wide use still you know. It's bad if it's not compatible.

[UnamSanctam]

Yes a few uses it but in my Windows 7 VM it works, I don't know if you have updated it any or not. Still, most people don't use the default Task Manager for Windows 7 but I guess I could search for the Window Name but that means it would still only work on English versions, blame Microsoft for not creating a window class for their Task Manager.

[gamethrower]

Why not look for process? Also I don't think this CPU jumps is related to Win 7.

[UnamSanctam]

Yes, looking for the process handle by window class is what I do but some Windows 7 Task Managers don't have a window class it seems like. I haven't seen those CPU jumps before in neither my Windows 10 or 7 nor have any other people reported it so far so the natural guess would be that is has something to do with your setup.

[UnamSanctam]

I will try to recreate it with different Windows 7 service packs incase that happens on older ones.

[gamethrower]

[UnamSanctam]

Yeah ok you have the service pack 1 which I guess could be the reason. I'll try it on older ones like SP1 and see.

[UnamSanctam]

Stealth will now also search for window titles so it will at least hide from the Task Manager when the window title is in English, the CPU fluctuation might have been fixed as well.

[UnamSanctam]

Seems like this problem has to do with the keepalive option for some pools in the 'Remote Configuration', try disabling keepalive.

[gamethrower]

Yeah nanopool doesn't support keepalive. Everything works now.

I suggest adding a fake error option. It seems like using file joiner to add simple program with error messagebox does increase detection rate.

[UnamSanctam]

I might be able to do the fake error efficiently now since I've reworked the program flow, just have to find somewhere in the builder to put it and what options it should have.

[dyachenkomark]

I also have the second computer with win7 1 SP and the program doesnt want to start. I have tried it on 2 different computers with Win10 and its work, but it doesnt work on win7. Maybe there is some secret?

[UnamSanctam]

No it should work as long as they have at least .NET Framework 4.5

[gamethrower]

Since someone opened the issue again here's another question. What is the purpose of WinRing0x64.sys file? Can it be removed?

[dyachenkomark]

It has already worked when i tested it with Minergate, but when i change it to nanopool, it doesnt start. I will try to do it again.

[UnamSanctam]

It's a driver that increases the hashrate by configuring MSR registers, though on most computers this requires administrator permisisons, you can read more here:https://xmrig.com/docs/miner/randomx-optimization-guide/msr

[dyachenkomark]

As i understood, i cant know amount and information of computers in nanopool with using silentXMRminer?

[UnamSanctam]

Yes you won't really be able to know that from any pool no matter which miner.

[dyachenkomark]

I have tried to change filename, try to restart computer but it doesnt want to start on Win7 1SP. i also dont use stealth mod, jusy try to test. What does whatdog mean? maybe i should turn it off.

[UnamSanctam]

No that won't really do anything. Check that the computer is both 64-bit and has at least .NET Framework 4.5, you can also use Process Hacker and search for --cinit in the top right search bar to see if any miners are running.

[dyachenkomark]

Yes, i have found it, it works, i have waited some time and it started to work. Thank you! what does "donate level" mean? are we giving a percent for you or what?

[UnamSanctam]

XMRig has a standard donation and that sets the level, that string used to be there so that the miner could see if any miners were running so it didn't start twice (it checked if any processes contained 'donate-level' and that's how it knew if any miners were running), it also used to be used as a configuration option back when I didn't want to make my own, so --donate-level=4 disabled Idle Mining and --donate-level=5 enabled it. Though that string isn't used anymore so it can technically be removed.