Systems infected with WannaMine

[Windows Central Question]

Systems in my network are getting infected with WannaMine coinminer, utilizing Powershell and WMI for persistence.

 

[ochhanz]

Systems in my network are getting infected with WannaMine coinminer, utilizing Powershell and WMI for persistence.

, install MalwareBytes on every pc, tablet and phone in your network and do a full scan. Also let defender to a Windows Defender Offline Scan (windows defender -> virus & threat protection -> scan options). Optionally also let Spybot Search & Destroy to do a scan.
Just to be sure, periodically do scans with malware bytes / defender afterwards while doing the scans.

Also be careful plugging in external usb / drives, to prevent the malware going in your backups. Also there could be a possibility that your backup drives (/if you have any) are also infected, some sneaky malware wait a bit for shutting down your files etc so they can infect any backup drives/usb-sticks you connect over time.

In the future, be sure to have an adblocker installed for your browser (e.g. Ublock Origin, note not Ublock that is an other adblocker) if you haven't already. Ads/banners can and will sometimes spread malware or link to sites that spread malware.

 

[Ryujingt3]

Did you try the above? What results were found? Did you remove it all?

 

[TechFreak1]

Also what sort of network is it - corporate, small business or personal home network?

As other solutions to put it simply depends on the type of network in question.

 

[Ryujingt3]

I wonder if the OP will get back to us?