What is Crackonosh
Crackonosh is the name of a trojan stealthily distributed inside cracked software installers. Upon successful installation, its purpose is to inject the XMRIG miner and start mining Monero cryptocurrency for the threat actors. As of now, statistics show that this miner has helped cybercriminals mine the amount of Monero worth roughly two million dollars. A couple of words on how the trojan does its malicious job: After the installer of cracked software is launched, it places an installer and script onto the targeted system, which then changes the Windows Registry settings to turn off hibernation mode and activate Crackonosh in Safe Mode at the next system start-up. This way, the trojan deactivates Windows Update and Windows Defender and is even able to uninstall third-party antivirus programs (e.g., Avast, Bitdefender, Kaspersky, McAfee, and Norton) in order to reduce the chance of getting detected and blocked. To conceal its presence, it erases system log files, serviceinstaller.msi
files, and maintenance.vbs
files. As a result, some infected systems may display error messages indicating issues with the aforementioned files. In addition, Crackonosh may also halt Windows Update services and substitute the Windows Security icon with a fake green system tray icon. The main symptoms that should attract your attention and lead you to suspect something is wrong with your system are usually slower and laggy PC performance, increased CPU/GPU/RAM usage, overheating, unexpected crashes, and other related issues. Thus, if any of these symptoms are present, make sure to read our guide below and eliminate the potential crypto-mining trojan from your computer.
How Crackonosh infected your computer
According to available research, the Crackonosh trojan has been spread via installers of pirated games like Call of Cthulhu, Euro Truck Simulator 2, Fallout 4 GOTY, Far Cry 5, Grand Theft Auto V, Jurassic World Evolution, NBA 2K19, Pro Evolution Soccer 2018, The Sims 4, The Sims 4 Seasons, and We Happy Few. Though, it is also possible that Crackonosh occupies other installers of pirated games and programs to distribute itself. In addition, malware like Crackonosh may also be disseminated through other means, such as phishing e-mail spam letters, trojans, deceptive third-party downloads, pirated/cracked downloads, fake software cracking tools, fake software updates/installers, backdoors, keyloggers, botnets, system exploits, and other channels as well. To prevent various infiltrations and drive-by (stealth) installations of malware, it is advised to avoid downloading software from unofficial resources (Peer-to-Peer websites, torrent pages, landing pages, etc.) and beware of opening content that looks suspicious. Scroll down to the main section of our guide and learn removal along with protection procedures to deal with such threats in the future.
- Download Crackonosh Removal Tool
- Use Windows Malicious Software Removal Tool to remove Crackonosh
- Use Autoruns to remove Crackonosh
- Files, folders and registry keys of Crackonosh
- Other aliases of Crackonosh
- How to protect from threats, like Crackonosh
Download Removal Tool
To remove Crackonosh completely, we recommend you to use SpyHunter 5. It can help you remove files, folders, and registry keys of Crackonosh and provides active protection from viruses, trojans, backdoors. The trial version of Spyhunter 5 offers virus scan and 1-time removal for FREE.
Download Alternative Removal Tool
To remove Crackonosh completely, we recommend you to use Malwarebytes Anti-Malware. It detects and removes all files, folders, and registry keys of Crackonosh and several millions of other malware, like viruses, trojans, backdoors.
Remove Crackonosh manually
Manual removal of Crackonosh by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.
Remove Crackonosh using Windows Malicious Software Removal Tool
- Type
mrt
in the search box near Start Menu. - Run mrt clicking on found item.
- Click Next button.
- Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
- Click Next button.
- Click on View detailed results of the scan link to view the scan details.
- Click Finish button.
Remove Crackonosh using Autoruns
Crackonosh often sets up to run at Windows startup as an Autorun entry or Scheduled task.
- Download Autoruns using this link.
- Extract the archive and run Autoruns.exe file.
- In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
- Search for suspicious entries with weird names or running from locations like:
C:\{username}\AppData\Roaming
. - Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
- Switch to Scheduled Tasks tab and do the same.
- To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.
Remove files, folder and registry keys of Crackonosh Crackonosh files and folders
maintenance.vbs
serviceinstaller.msi
serviceinstaller.exe
StartupCheckLibrary.DLL
wksprtcli.dll
winlogui.exe
winscomrssrv.dll
winrmsrv.exe
{randomname}.exe
Crackonosh registry keys
no information
Aliases of Crackonosh Win32:Agent-BCNQ [Trj], Generic.Application.CoinMiner.1.956FF3B6, Win64/CoinMiner.RQ, HEUR:Trojan.Win32.Miner.gen, PUA:Win32/CoinMiner How to protect from threats, like Crackonosh, in future
Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove Crackonosh. However, if you got infected with Crackonosh with existing and updated security software, you may consider changing it. To feel safe and protect your PC from Crackonosh on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below: