.

[freakovision]

Miner doesn't work when try to run it on RAT-infected computers. I use AsyncRAT by NyanCat. When I tried do drop it on disk and run through reverse shell it said "MpPreference not found" or something like that, it was a long ass error, can't tell exactly rn. I tried miner with and without admin privilege, RAT had admin privilege, all computers had Windows 10 64 bit on it.

P.S. It works on my PC tho.

[freakovision]

[main]
algo=rx/0
pool=xmr-eu1.nanopool.org
port=14433
wallet=wallet.Remote
password=
keepalive=false
nicehash=false
ssltls=true

[UnamSanctam]

That looks correct, you could try xmr-eu2.nanopool.org as well to use the backup pool. Do you still get no shares? You could change the wallet address in case the wallet address got banned.

[freakovision]

It's not banned. I still get hashrate from other sources.

[UnamSanctam]

So you're not getting any from the Remote worker?

[freakovision]

Yep

[UnamSanctam]

How many are mining with the Remote worker? Has that worker worked before with those same miners? Also keep in mind that if it can't mine with the 'Remote Configuration' for some reason then it will mine with the settings you entered in the builder.

[freakovision]

At least 3 workers mining to Remote, they did work before. Now they don't even with backup settings.

[UnamSanctam]

If everything was working before but just suddenly stopped working without you doing anything then the only thing it can be is the pool.

[freakovision]

Did nanopool ever banned botnets?

[UnamSanctam]

Not that I've ever seen or heard, though of course they will if there is evidence or something since otherwise they will get in trouble.

[freakovision]

I'm getting more hashrate than workers reporting. Is it possible that some of my Remote workers just ignore the worker name in config?

[UnamSanctam]

It shouldn't but there could be something happening on nanopools side.

[freakovision]

I tested the miner again, injected process is closing after like 5 minutes of work.

[UnamSanctam]

Hmm, the injection is just pure XMRig and I've never heard of XMRig crashing before (if it crashes after 5 minutes then it's nothing I have changed in it). Does it close on your computer after mining as well?

[freakovision]

Yes

[UnamSanctam]

Send your file here, there must be something wrong with your settings.

[freakovision]

https://dropmefiles.com/ Password is shit

[freakovision]

It's submitting shares with 2miner pool but keeps reopening every ~5 minutes.

[UnamSanctam]

Hmm, well it's not restarting for me, also I don't think 2miners supports the normal worker name way but only rig-id which isn't inside the 'Remote Configuration' which would explain why there are no workers for 2miners. You can add --rig-id="{%COMPUTERNAME%}" inside the "Advanced Parameters" of the miner if you want a worker name in 2miners.

[freakovision]

I didn't use worker name for 2miners, its working but the miner keep reopening.

[UnamSanctam]

conhost.exe closes down and sihost64.exe starts up services64.exe which then injects the miner? I've been running it for 12 minutes and it's still running.

[freakovision]

Yes, exactly. This happening not only for me but for slaves too.

[UnamSanctam]

Can you take a video? In the 2 years I've been maintaining the miner I've never seen that happen before.

[freakovision]

https://dropmefiles.com/

[UnamSanctam]

Hmm, that looks like a bug in xmrig since none of my code runs at those kinds of intervals, I know there are some unexplained segfaults in xmrig and xmrig-proxy (the normal ones). I will try to mine for some time on some other computers to see if I can replicate it in any way.

[freakovision]

Abnormal build. Sad, because I already spread it. Waste of hashrate :(

[UnamSanctam]

Well, from what you sent you barely lose any hashrate since it restarts, I guess you would lose like 0.5% hashes per hour or less.

[UnamSanctam]

And I've been mining for 30 minutes now and haven't been able to see a crash yet. Weird that it would happen not only on your computer but your clients as well.

[freakovision]

I didn't get any hashrate at all with nanopool. When I tried minergate it was working fine for a few minutes and then worker disappeared. With 2miners I got a few shares and didn't test any more.

[freakovision]

Is it ok? Memory fluctuate again O_o

[UnamSanctam]

It shouldn't really fluctuate unless it's losing connection to the pool. It should be stable at around 2GB of RAM for the RandomX Huge Pages. Have you tried injecting it into something else to see if there is some difference? Windows could be doing something with certain processes.

[freakovision]

Checked his memory amount through remote shell. Returns 4294967296, probably enough. Pinged nanopool, nothing blocked.

Miners without remote config works fine with conhost.

I only have 2 slaves left since I don't use RAT anymore. Another one constantly enables and disables VPN and I don't get hashrate from him, but miner consuming 2GB of RAM stable.

[UnamSanctam]

Yeah if it's using 2GB of RAM then it's working correctly. The 'Remote Configuration' is only retrieved when the miner is started so if it doesn't crash within the first seconds then the 'Remote Configuration' works since it doesn't affect anything after that so that isn't the problem. If you're using WMI then 4294967296 is the max int that it can return so it could be higher than that.

[freakovision]

Do you know how to check process CPU usage with cmd?

[UnamSanctam]

Not any easy way, you can use WMI or typeperf but none of them are easy to get working correctly from when I've used it.

[freakovision]

Used tasklist /fi "pid eq PID" /fi "CPUTIME ge 00:00:00" /v Can't understand, is it mining?

[UnamSanctam]

That doesn't really say much but since it's using 2GB of RAM that means it's connected to the pool so it should be mining.

[freakovision]

Yeah this one seems to mine but the other one is reconnecting constantly.

[freakovision]

After some time miner releases all the memory and start to slowly get it back (very slow). In this time it doesn't make any hashrate but using the CPU time. What is this?

[freakovision]

Miner was in idle mode at that time.

[UnamSanctam]

It won't use 2GB of RAM all the time, it's some trickery with the Huge Pages, some jobs seem to reset it. I usually get those around 12-14 times per day on the normal XMRig though I still get hashrate. Also at around 90 minutes it will disconnect and then reconnect to the pool to reset the memory and to fix anything in case something has happened.

[freakovision]

The memory was slowly crawling from like 30mb to 150mb in 1 minute and more. I don't think it's enough memory to mine. I just closed it and it restarted back with 2gb and started mining.

[UnamSanctam]

That could be fractured huge pages or it could be running it in light mode. Check again later and see if it happens again and write here if it does.

[freakovision]

Miner closed after about an hour of working.

[UnamSanctam]

Then that is probably some sort of segfault or something, I can't really test it since it seems that it has to do with the computer you're running it on and I can't really check through my code to see if it causes it since it should be coming from XMRig's code.

[UnamSanctam]

I also asked someone on Discord with a lot of miners if they have experienced it and they haven't, how many clients does the crashing happen on?

[freakovision]

3 as far as I know.

[UnamSanctam]

Hmm, do they all have something in common or something? Like some old version of Windows or anything? It's the only thing I can think of. The guy I asked has around like 13000 currently active miners and while he of course didn't check all of them, the ones he did check have been running for a few hours.

[freakovision]

Nope, they all have Windows 10. I'm probably cursed or something.

[UnamSanctam]

Yeah usually I can at least think of some reason why it might crash but I really can't think of any this time, especially with the varying intervals of the crashes or shutdows or whatever they are. I know there are some weird possible crashes in the normal XMRig but that shouldn't happen nearly that often.

Last resort I can think of is to try another pool and another cryptocurrency to see if it has anything to do with that at all, you can find the algorithms here if you want to try that: https://xmrig.com/docs/algorithms. I will investigate if I can find someone else who has also experienced crashes or weird behavior, I'll also check through the code to see if I can fine something even if it feels unlikely.