Tag Archives: bitcoin

WiseManager’s CfjdkPfhrU.exe is a Bitcoin Miner – Removal Instructions

freefixer, Uncategorized,

I found yet another Bitcoin miner this morning. You might have spotted it because of a new file called WiseManager.exe running at startup or the high CPU usage by CfjdkPfhrU.exe as shown in the screenshot of the Task Manager below:

CfjdkPfhrU.exe CPU Setup Task Manager

The Wise Manager files are located in C:\Users\%USER%\AppData\Roaming\WiseManager\ and C:\Users\%USER%\AppData\Roaming\WiseManager\CGMInerDLLs.

wisemanager cgminerdlls folder

Currently no anti-virus detects the two main files, WiseManager.exe and CfjdkPfhrU.exe when I uploaded them to VirusTotal, but I assume the scanners will start picking them up sooner than later. WiseManager.exe is digitally signed by Moresta Holdings LimitedCfjdkPfhrU.exe is unsigned.

By the way, CfjdkPfhrU.exe sounds like it been given a random file name. Does your computer show another file hogging the CPU?

Removing WiseManger.exe and CfjdkPfhrU.exe is easy with FreeFixer. Just check WiseManager.exe and CfjdkPfhrU.exe for removal and click the Fix button and the problem is solved.

wisemanager.exe startup in the roaming folder wisemanager.exe and cfjdkPfhrU.exe processes

Now you can remove the C:\Users\%USER%\AppData\Roaming\WiseManager\ folder manually in Explorer.

I found the Wise Manager Bitcoin miner while testing a free download. WiseManager was bundled inside the download. How did you get Wise Manager and CfjdkPfhrU.exe on your computer?

DGen.exe 100% CPU Usage? – Bitcoin Miner Removal

freefixer, , , , ,

Do you see a process named dgen.exe running at 99% or even 100% CPU usage? If that is the case someone is mining Bitcoins on your machine!

dgen.exe high cpu usage in the task manager

The dgen.exe Bitcoin miner has been around for some time. I first spotted it about a month ago, but for some reason I chose not to blog about it at that time. However, today I found it again, bundled with another download, so I thought I should post about it after all. Many of the anti-virus programs detect it as you can see in the scan result from VirusTotal:

dgen.exe virus total scan

How did you get dgen.exe on your machine? Please share by posting a comment.

To remove the dgen.exe bitcoin miner you can check the dgen.exe process and the starthelp.exe service for removal in FreeFixer. This will also fix the high CPU usage that you probably see on your machine.

dgen.exe-process

The starthelp.exe service appear as “Protect Monitor”:

starthelp.exe service called "ProtectMonitor" or "Protect Monitor".

Here’s a video where I show FreeFixer in action while removing dgen.exe and starthelp.exe:

Hope you found this useful. Thank you for watching!

Update 2014-08-11: I’ve seen a few cases where other filenames appear in the “c:\Program Files\PCDapp”  folder:

  • cudaminer.exe