base on Program designed for search and kill silent miners # Miner Search [Русский](README.ru.md) | English | [Chinese](README.cn.md) This program is designed to find and destroy hidden miners. It is an auxiliary tool for searching suspicious files, directories, processes, etc. and is NOT an antivirus. ## News about updates now in the Telegram! https://t.me/MinerSearch_blog ## ⬇  ### NET Framework 4.7.1 is required  Version 1.4.7.92 \[patch\] - Improvement of process handling rules - Detection and removal of new miners - Fixed incorrect classification of the copilot address in the hosts file - Fixed a short-term hang when generating reports on the threat summary form - More information about scheduler tasks with the --verbose option - Other minor fixes Version v1.4.7.91 - Fixed application crashes when reading files and directories. - Fixed a visual bug with an incorrect number of threats found - Improved algorithm for detecting suspicious files - Improved stability processing of third-party network services - Added language switching functionality. Create a language.cfg (the content should be EN or RU) - Removed restrictions of Windows Defender are no longer duplicated in the log - Added the --no-check-hosts argument - skips checking the hosts file - Added an identifier key (Devide ID) to the short report form for quick report processing (more details here) - Implemented a mechanism for unblocking the task manager and registry editor - The normal color of the Collapse button ----------------------------------------- ## How to use Completely unzip the archive with the program into a separate folder and launch the application. Wait for the scan to complete. When using the program for the first time, you are offered to report the results of the scan to the author at your wish. After completion, a form will be shown with a brief report on the threats that have been eliminated. You can view the detailed log by clicking on the "Show log" button. Clicking on the "Quarantine" button will open the Quarantine Manager, in which you can completely delete the file or restore it. ---------------- How to switch language in the app? 1) Create language.cfg file if not exist 2) Open it with any text editor 3) Choose your preferred language: EN or RU ---------------- The application also supports additional launch parameters (listed below). To use them, you should: 1) Run the command line (cmd) as administrator 2) Hold down shift and right-click on the application - select "Copy as path" 3) Paste the path into the command line and add the necessary parameters* after a space Additional command line args (usually is not required): | Startup params | Description | |----------------|-------------| | -h --help | This help message | | -nl --no-logs | Don't write logs in text file | | -nstm --no-scantime | Scan processes only | | -nr --no-runtime | Static scan only (Malware dirs, files, registry keys, etc) | | -nse --no-services | Skip scan services | | -nss --no-signature-scan | Skip scan files by signatures | | -nrc --no-rootkit-check | Skip checking rootkit present | | -nch --no-check-hosts | Skip checking hosts file | | -p --pause | Pause before cleanup | | -ret --remove-empty-tasks | Delete a task from the Task Scheduler if the application file does not exist in it | | -so --scan-only | Display malicious or suspicious objects, but do nothing | | -fs --full-scan | Add other entire local drives for signature scan | | -ras --run-as-system | Start scannning with SYSTEM privilege (for advanced users) | | -s --select | Only selected folder will be scanned, including subfolders | | -si --silent | Enables silent (background) mode without any dialog forms. The app switches to background mode, messages will not be displayed, but will still be written to the log file. Incompatible with --select or --winpemode options | | -d= --depth=<number> | Where <number> specify the number for maximum search depth. Usage example -d=5 (default 8) | | -v --verbose | Displays more info to the console and a log file, | | | including lines about files that are not considered malicious. It may increase the size of the log file. | | -w --winpemode | Start scanning in WinPE environment by specifying a different drive letter | | | (without scanning processes, registry, firewall and task scheduler entries) | * Not necessarily in strict order -------------------------------------------------------------- Symbols in logs | Hint | Description | |-----------|----------| | [!] | Minor warning | | [!!] | A warning worth paying attention to | | [!!!] | Threat detected | | [!!!!] | A rootkit has been detected | | [Reg] | Scan the registry key(s) | | [+] | Successful completion of the action (treatment, removal, etc.) | | [x] | Error | | [xxx] | Critical error: for example, when running in the sandbox | | [#] | Status | | [.] | Description | | [_] | Unblocking the directory and deleting if empty | | [i] | Info | | [$] | Scan elapsed time | ---------------------------- ## Screenshots Stop and remove malicious processes and his support components, that makes deletion malware harder  Final report form  ", Assign "at most 3 tags" to the expected json: {"id":"13513","tags":[]} "only from the tags list I provide: [{"id":77,"name":"3d"},{"id":89,"name":"agent"},{"id":17,"name":"ai"},{"id":54,"name":"algorithm"},{"id":24,"name":"api"},{"id":44,"name":"authentication"},{"id":3,"name":"aws"},{"id":27,"name":"backend"},{"id":60,"name":"benchmark"},{"id":72,"name":"best-practices"},{"id":39,"name":"bitcoin"},{"id":37,"name":"blockchain"},{"id":1,"name":"blog"},{"id":45,"name":"bundler"},{"id":58,"name":"cache"},{"id":21,"name":"chat"},{"id":49,"name":"cicd"},{"id":4,"name":"cli"},{"id":64,"name":"cloud-native"},{"id":48,"name":"cms"},{"id":61,"name":"compiler"},{"id":68,"name":"containerization"},{"id":92,"name":"crm"},{"id":34,"name":"data"},{"id":47,"name":"database"},{"id":8,"name":"declarative-gui "},{"id":9,"name":"deploy-tool"},{"id":53,"name":"desktop-app"},{"id":6,"name":"dev-exp-lib"},{"id":59,"name":"dev-tool"},{"id":13,"name":"ecommerce"},{"id":26,"name":"editor"},{"id":66,"name":"emulator"},{"id":62,"name":"filesystem"},{"id":80,"name":"finance"},{"id":15,"name":"firmware"},{"id":73,"name":"for-fun"},{"id":2,"name":"framework"},{"id":11,"name":"frontend"},{"id":22,"name":"game"},{"id":81,"name":"game-engine "},{"id":23,"name":"graphql"},{"id":84,"name":"gui"},{"id":91,"name":"http"},{"id":5,"name":"http-client"},{"id":51,"name":"iac"},{"id":30,"name":"ide"},{"id":78,"name":"iot"},{"id":40,"name":"json"},{"id":83,"name":"julian"},{"id":38,"name":"k8s"},{"id":31,"name":"language"},{"id":10,"name":"learning-resource"},{"id":33,"name":"lib"},{"id":41,"name":"linter"},{"id":28,"name":"lms"},{"id":16,"name":"logging"},{"id":76,"name":"low-code"},{"id":90,"name":"message-queue"},{"id":42,"name":"mobile-app"},{"id":18,"name":"monitoring"},{"id":36,"name":"networking"},{"id":7,"name":"node-version"},{"id":55,"name":"nosql"},{"id":57,"name":"observability"},{"id":46,"name":"orm"},{"id":52,"name":"os"},{"id":14,"name":"parser"},{"id":74,"name":"react"},{"id":82,"name":"real-time"},{"id":56,"name":"robot"},{"id":65,"name":"runtime"},{"id":32,"name":"sdk"},{"id":71,"name":"search"},{"id":63,"name":"secrets"},{"id":25,"name":"security"},{"id":85,"name":"server"},{"id":86,"name":"serverless"},{"id":70,"name":"storage"},{"id":75,"name":"system-design"},{"id":79,"name":"terminal"},{"id":29,"name":"testing"},{"id":12,"name":"ui"},{"id":50,"name":"ux"},{"id":88,"name":"video"},{"id":20,"name":"web-app"},{"id":35,"name":"web-server"},{"id":43,"name":"webassembly"},{"id":69,"name":"workflow"},{"id":87,"name":"yaml"}]" returns me the "expected json"