Recently a prominent repack group "SEYTER" has been found to use bitcoin miners inside their repacks especially with Just Cause 3 XL and ROTTR one's.
Other groups like "Mr. DJ"m "SteamWorks" & even "Fitgirl" was found with one in recent past so be aware.
As there has been a lot of talk going on many forums as well as reddit on the same matter and im sharing their prominent findings here for all your benefit.
Do a scan especially if your PC has slowed down recently........ and as always Corepack is free from all miners or viruses.
How to check if you are infected or not :
1. Use Malwarebytes ρrémíùm to scan the system as it best detects bitcoin miners.
2. Type "Schedule Tasks" in start menu and see if a task named "InstallShield Updater" is present & delete it if you see it.
3. Use "Everything" search by voidtools to search for all folders that contain "issch.exe" and "libcurl.dll" in the SAME folder and delete it.
But be careful as not to delete system files with same names. The real issch.exe file should be no larger than 100kB and whereas miner issch.exe file is around 1MB in size.
The bitcoin miner installs to either "\Users\User\AppData\Roaming" or "\Users\User\AppData\Local\".\ or "C:\Users\myuser\AppData\Roaming\Identities\ISSCH\issch.exe"
Other groups like "Mr. DJ"m "SteamWorks" & even "Fitgirl" was found with one in recent past so be aware.
As there has been a lot of talk going on many forums as well as reddit on the same matter and im sharing their prominent findings here for all your benefit.
Do a scan especially if your PC has slowed down recently........ and as always Corepack is free from all miners or viruses.
How to check if you are infected or not :
1. Use Malwarebytes ρrémíùm to scan the system as it best detects bitcoin miners.
2. Type "Schedule Tasks" in start menu and see if a task named "InstallShield Updater" is present & delete it if you see it.
3. Use "Everything" search by voidtools to search for all folders that contain "issch.exe" and "libcurl.dll" in the SAME folder and delete it.
But be careful as not to delete system files with same names. The real issch.exe file should be no larger than 100kB and whereas miner issch.exe file is around 1MB in size.
The bitcoin miner installs to either "\Users\User\AppData\Roaming" or "\Users\User\AppData\Local\".\ or "C:\Users\myuser\AppData\Roaming\Identities\ISSCH\issch.exe"
Last edited: