Upgrade for Free

Cybercrime is evolving. So is your protection. *Offer for existing members for the remainder of your subscription. Terms apply.

Protection against the Coinminer malware

Applicable for: Windows

What is CoinMiner malware?

Coinminers (also called cryptocurrency miners) are programs that generate Bitcoin, Monero, Ethereum, or other cryptocurrencies that are surging in popularity. When intentionally run for one's own benefit, they may prove a valuable source of income.
However, malware authors have created threats and viruses which use commonly-available mining software to take advantage of someone else's computing resources (CPU, GPU, RAM, network bandwidth, and power), without their knowledge or consent (i.e. cryptojacking).

What are the types of coin miners?

There are many different ways to force a computer or device to mine cryptocurrency. These are the three main types of miners:

  • Executables: These are typical malicious or Potentially Unwanted Application (PUA) executable files (.exe) placed on the computer and designed to mine cryptocurrencies.

  • Browser-based Cryptocurrency Miners: These JavaScript (or similar technology) miners perform their work in an Internet browser, consuming resources for as long as the browser remains open on the website. Some miners are used intentionally by the website owner in place of running ads (e.g. Coinhive), while others have been injected into legitimate website without the website owner's knowledge or consent.

  • Advanced Fileless Miners: Malware has emerged that performs its mining work in a computer's memory by mis-using legitimate tools like PowerShell. One example is MSH.Bluwimps, which carries out additional malicious acts in addition to mining.

How do I know if my device is being used for coin mining?

Coinminers run on various platforms, including:

  • Windows

  • Mac

  • Linux

  • Android

  • Internet of Things (IoT) devices

Norton products typically raise a warning when files related to coin mining are found, to bring them to your attention; though open-source and widely-used, mining software may be Potentially Unwanted Applications (PUA).
Indications that a computer is mining include:

  • High CPU and GPU usage

  • Overheating

  • Crashes or frequent restarts

  • Slow response times

  • Unusual network activity (e.g. connections to mining-related websites or IP addresses).

Am I protected against this malware?

Norton protects you against the Coinminer malware. Run LiveUpdate to make sure that your Norton definitions are up-to-date and run full scan.

  • Close the browser tab in which the detected URL is open. You should avoid visiting the detected website.

  • The detected potential Coinminer malware program or file should be removed from your computer. You should avoid using the program.

STEP 1

Run LiveUpdate

  1. Open your Norton device security product.

    If you see the My Norton window, next to Device Security, click Open.

  2. In the Norton product main window, double-click Security, and then click LiveUpdate.

  3. When Norton LiveUpdate is finished, click OK.

  4. Run LiveUpdate until you see the message, "Your Norton product has the latest protection updates".

  5. Exit all programs, and restart the computer.

STEP 2

Run Full Scan

  1. Open your Norton device security product.

    If you see the My Norton window, next to Device Security, click Open.

  2. In the Norton product main window, double-click Security, and then click Scans.

  3. In the Scans window, select Full Scan and click Go.

  4. When the scan is finished, click Finish.

How can I exclude this website or program?

Exclusions reduce your level of protection and should be used only if you have a specific need.

If you want to access a website, file, or program blocked by your Norton product then do one of the following:

How can I whitelist this website or program?

If a software or website is incorrectly detected by your Norton product as malicious, you can report it as a false positive. For more information, see Respond to incorrect Norton alerts that a file is infected or a program or website is suspicious.
DocID: v125881893
Last modified: 05/27/2025

Was this article helpful?

Download
Manage my account
Buy & renew
Contact us
Community
Support scams
Norton rescue tools
Think you have virus?
Problem launching on Windows