This script is built to remove the most prevalent cryptominers affecting Windows devices.
We have identified some IOCs of the miners and automated the removal.
The IOC's include scheduled tasks, firewall rules, dropped files, established network connections, registry edits, and running processes.
This works for malware related to any of the following keywords:
- XMrig
- Monero
- PCastle
- Mysa
- SDNS
- Powershell bypass -e