Categories > Exploiting > Roblox >
How to remove the Anubis "Exploit" (Monero Miner)
Posted
Since everyone mistakes Anubis as a "Bitcoin Miner"- I'll state that it mines Monero, not Bitcoin. I reversed this program entirely with one of the other Shadow developers to ensure everything was accurate and removes this program entirely. There were threads explaining to just remove "Service.exe" from "Run" which is definitely a good start and it's included in this thread, but it also runs a driver for some of those running the program.
So here are the informative steps on how to remove this exploit monero miner. It's very simple and shouldn't take much time at all for any of those who know how to use a computer very well.
- Removing the Registry Value(s) stored from Anubis.
1) Open the "Registry Editor"- Just type "regedit" in your windows search bar and it'll pop up.
2) Go to Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the file referencing "Service.exe"- Make sure the file leads to "%AppData%\Roaming" before deleting it.
Now since you disabled Anubis from starting up, you should go to your %AppData% folder to delete the stored files and drivers.
- Removing the Executable and (potentially) Driver.
1) Type "run" in your windows search bar and open the application then enter "%appdata%" and press the "ok" button. It'll take you to roaming. You should see the file here, it will be called "Service.exe" or "tempfile.exe"- Remove either of these.
(Warning: Only do this if you have a folder called "WinCFG" in your folder that wasn't there before.)
2) Download the file "Process Hacker" on the internet. Once installed and ran, go to "Services" and search for "WR64" or "WR64.sys" and disable and delete this- It's a driver that is ran in the monero miner.
3) Once disabled and deleted, go back to your "AppData" folder and delete the "WinCFG" folder.
And now you've successfully removed this disgusting malware from your machine completely. I might make a program to automate this entire process if anyone who ran it can't figure out how to do it via this explanation.
Replied
yessssssssirr <3
Cancel
Post
Discord : Fadh#1107
Youtube : Fadh
Learning :Â C#Â &Â Lua
Replied
this is why you use trusted exploits like shadow, coco z, krnl and oxygen u
Cancel
Post
JustMarie#0709
Â
Replied
Thanks Reversed, very cool
Cancel
Post
i own SynX & NoobHaxx(let's commit crash on print)
i do very basic C# trying to learn tho
also do some html ig
Replied
Good Release. I don't understand kids that mine Monero is worth nothing
Cancel
Post
Learning C++, C#, JavaScript Developer
I develop random stuff
Discord: Unidentified#1091
Replied
Vouch and this will help many users.
Cancel
Post
https://media.discordapp.net/attachments/1010636204225601659/1012865624797610044/sKQybOLT.gif
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post