This article has been created to explain what exactly is the Digmine malware threat and how to remove it from your computer permanently.
Malware has evolved dramatically especially with the latest cryptocurrency trend and new type of viruses that are physically devastating computers have appeared in the wild. The viruses aim to use the resources of your computer in order to mine for anonymous cryptocurrencies which are untraceable. One such virus is the well-known Bitcoin miner, and another one is Digimine which is so evolved that it uses Facebook Messenger to infect victims. The virus can not only attack computers but also smartphones which points out to how dangerous it can be if widespread. The Digmine malware has also been reported by Trend Micro(https://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/) researchers to be initially spread in South Korea, according to latest incident reports. The virus is also spread in other regions such as Vietnam, Ukraine and Philippines as well as Thailand and Venezuela. If you believe that your device has been infected by the Digmine malware, recommendations are to focus on removing it immediately using the information provided in this article.
Threat Summary
| Name | Digmine Malware |
| Type | CryptoCurrency miner malware. |
| Short Description | Enters your computer via Facebook Messages on Google Chrome but may also enter via suspicious apps on mobile devices. |
| Symptoms | Your computer or mobile device is heavily obstructed in terms of performance and can slow down or even break down. |
| Distribution Method | Via Google Chrome extensions and malicious mobile applications. |
| Detection Tool |
See If Your System Has Been Affected by malware
Download
Malware Removal Tool
|
User Experience | Join Our Forum to Discuss Digmine Malware. |
How Does Digmine Spread
In order to be spread, the Digmine malware uses a chain of activities that aim to infect your computer primarily via Google Chrome since the attack begins on Facebook Messenger if you use it on your web browser.
The main attack starting the digimne infection is a fake video sent ove in a .zip file via a user with whom you have recently become friends over on Facebook. The user may not write anything to you except send a suspicious file to your computer, like a file, named “video_4213.zip”, for example. In it there is fake .mp4 file which is actually an executable and after you open it, the infection process is initiated by Digmine. Since Digmine is in fact a downloader type of malware, it first connects to a command and control server and then drops it’s malicious files in the following Windows directory:
→ %AppData%\Your Username
Digmine Malware – Malicious Activity
Since Digimne is a downloader type of infection, the malware’s chain of activities is to firstly connect to a C&C server. From there, Digimne may drop the following files In the %AppData% directory of Windows:
- Background.js
- Codec.exe
- Config.json
- Jquery.min.js
- Manifest.json
- Miner.exe
- Updater.exe
After dropping the malicious files, the virus modifies your Windows so that it may begin to automatically run the mining operation without your consent. When the mining operation has been initiated, the Digmine malware may launch Google Chrome along with a malicious extension on it that contains JavaScript code. This JavaScript aims to conduct cryptocurrency mining operation which allows for the virus to connect to a mining pool and mine the cryptocurrency Monero. This results in your computer to begin to immediately slow down. And this is not the only danger, since Digmine may perform other malicious activities as well.
The main malicious activity besides mining for Monero by using your CPU and GPU resources is to also spread furhter onto other computer by send the same fake video file via your Messenger, if installed on your PC. So if you see weird websites like the following fake video website, called “Alien Woman on Mars”, there is a good chance that you have the Digmine infection on your computer:
In addition to this, if you see that you have sent messages to your friends of a video via Facebook Messenger, it is recommended to immediately warn them not to open the .ZIP file, since this is the main method of propagation of this malware and could help preventing it to spread further.
Remove Digmine Malware Fully from Your Computer
In order to remove this malware from your PC, it is strongly advisable to focus on following the removal instructions down below. They are divided in mobile and PC removal instructions and can help you remove this malware either manually or automatically. For maximum effectiveness it is recommended to use the automatic approach and download advanced anti-malware protection in order to scan for and fully erase all malicious objects of Digmine malware from your computer or smartphone.
Ventsislav Krastev
Ventsislav is a cybersecurity expert at SensorsTechForum since 2015. He has been researching, covering, helping victims with the latest malware infections plus testing and reviewing software and the newest tech developments. Having graduated Marketing as well, Ventsislav also has passion for learning new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management, Network Administration and Computer Administration of System Applications, he found his true calling within the cybersecrurity industry and is a strong believer in the education of every user towards online safety and security.
Follow Me:
Preparation before removing Digmine Malware.
Before starting the actual removal process, we recommend that you do the following preparation steps.
- Make sure you have these instructions always open and in front of your eyes.
- Do a backup of all of your files, even if they could be damaged. You should back up your data with a cloud backup solution and insure your files against any type of loss, even from the most severe threats.
- Be patient as this could take a while.
- Scan for Malware
- Fix Registries
- Remove Virus Files
Step 1: Scan for Digmine Malware with SpyHunter Anti-Malware Tool
Step 2: Clean any registries, created by Digmine Malware on your computer.
The usually targeted registries of Windows machines are the following:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
You can access them by opening the Windows registry editor and deleting any values, created by Digmine Malware there. This can happen by following the steps underneath:
Tip: To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value.Step 3: Find virus files created by Digmine Malware on your PC.
1.For Windows 8, 8.1 and 10.
For Newer Windows Operating Systems
1: On your keyboard press + R and write explorer.exe in the Run text box and then click on the Ok button.
2: Click on your PC from the quick access bar. This is usually an icon with a monitor and its name is either “My Computer”, “My PC” or “This PC” or whatever you have named it.
3: Navigate to the search box in the top-right of your PC's screen and type “fileextension:” and after which type the file extension. If you are looking for malicious executables, an example may be "fileextension:exe". After doing that, leave a space and type the file name you believe the malware has created. Here is how it may appear if your file has been found:
N.B. We recommend to wait for the green loading bar in the navigation box to fill up in case the PC is looking for the file and hasn't found it yet.
2.For Windows XP, Vista, and 7.
For Older Windows Operating Systems
In older Windows OS's the conventional approach should be the effective one:
1: Click on the Start Menu icon (usually on your bottom-left) and then choose the Search preference.
2: After the search window appears, choose More Advanced Options from the search assistant box. Another way is by clicking on All Files and Folders.
3: After that type the name of the file you are looking for and click on the Search button. This might take some time after which results will appear. If you have found the malicious file, you may copy or open its location by right-clicking on it.
Now you should be able to discover any file on Windows as long as it is on your hard drive and is not concealed via special software.
Digmine Malware FAQ
What Does Digmine Malware Trojan Do?
The Digmine Malware Trojan is a malicious computer program designed to disrupt, damage, or gain unauthorized access to a computer system. It can be used to steal sensitive data, gain control over a system, or launch other malicious activities.
Can Trojans Steal Passwords?
Yes, Trojans, like Digmine Malware, can steal passwords. These malicious programs are designed to gain access to a user's computer, spy on victims and steal sensitive information such as banking details and passwords.
Can Digmine Malware Trojan Hide Itself?
Yes, it can. A Trojan can use various techniques to mask itself, including rootkits, encryption, and obfuscation, to hide from security scanners and evade detection.
Can a Trojan be Removed by Factory Reset?
Yes, a Trojan can be removed by factory resetting your device. This is because it will restore the device to its original state, eliminating any malicious software that may have been installed. Bear in mind that there are more sophisticated Trojans that leave backdoors and reinfect even after a factory reset.
Can Digmine Malware Trojan Infect WiFi?
Yes, it is possible for a Trojan to infect WiFi networks. When a user connects to the infected network, the Trojan can spread to other connected devices and can access sensitive information on the network.
Can Trojans Be Deleted?
Yes, Trojans can be deleted. This is typically done by running a powerful anti-virus or anti-malware program that is designed to detect and remove malicious files. In some cases, manual deletion of the Trojan may also be necessary.
Can Trojans Steal Files?
Yes, Trojans can steal files if they are installed on a computer. This is done by allowing the malware author or user to gain access to the computer and then steal the files stored on it.
Which Anti-Malware Can Remove Trojans?
Anti-malware programs such as SpyHunter are capable of scanning for and removing Trojans from your computer. It is important to keep your anti-malware up to date and regularly scan your system for any malicious software.
Can Trojans Infect USB?
Yes, Trojans can infect USB devices. USB Trojans typically spread through malicious files downloaded from the internet or shared via email, allowing the hacker to gain access to a user's confidential data.
About the Digmine Malware Research
The content we publish on SensorsTechForum.com, this Digmine Malware how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific trojan problem.
How did we conduct the research on Digmine Malware?
Please note that our research is based on an independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware definitions, including the various types of trojans (backdoor, downloader, infostealer, ransom, etc.)
Furthermore, the research behind the Digmine Malware threat is backed with VirusTotal.
To better understand the threat posed by trojans, please refer to the following articles which provide knowledgeable details.