2
Got called out to a small office in Portland where every PC was suddenly crawling
It was a Tuesday morning and the owner said his 12 workstations were moving so slow they couldn't even open a web page. I got there and the network was fine, but each machine was at 100% CPU. Opened Task Manager and saw a process called 'svchost.exe' eating everything, but something felt off. I dug deeper with Process Explorer and found it was actually a crypto miner hiding in a temp folder, likely from a bad email attachment someone clicked. I had to isolate the network, run a script to kill the process on each machine, and then do a full scan with Malwarebytes. Took about 4 hours total. Has anyone else run into a miner that good at pretending to be a system file lately?
3 comments
Log in to join the discussion
Log In3 Comments
morgan89822d ago
Man, that's wild. I used to just check Task Manager and call it good. Seeing svchost at 100% would make me think it was a Windows update gone wrong. Your story shows you gotta dig deeper every single time now. These things are getting way too sneaky. Makes me double check everything now, no shortcuts.
7
the_linda20d ago
Remember when you could trust the basic system stuff? Now even the normal looking processes need a second look, it's like nothing is safe anymore.
2