Eclipse Community

We are living in 2025 on planet Earth (not faeryland).
Guys releasing software for free are really really really few.. and today its a problem trying to find new software and be sure that it is free of miners.
I was used to get portables of every software.... but today I cant trust on anyone that release a commercial software portable "just for free", and just as easy as "click" "download" "unrar". Everyone want to become rich mining crypto currencies nowadays.

Of course using an AV, malwarebites or similar toys are for kids (the evil greedy guys are not idiots of course, and they check against these tools).
I bet that many 3D gamers are not aware of the problem.. powerful GPUs/CPUs dozen of fans making noise constantly.... for me would be hard in these machines to detect the presence of that malware.

So my question is:
what are you using nowadays to detect miners running on your computers when idle?

It depends on coinminer. If it is jabbajavascript based on some website you can tell if it tried get too much cpu time. Best you can do is block JS by default with something like Ematrix, disable WASM and try avoid untrusted sites that try force on JS.

As for programs there is no 100% working way as it is mix of things. First of all I would have something like process hacker 2 for monitoring full network traffic. Then using something else to monitor GPU idle usage like hwmonitor. If gpu usage keep cranking up high while idle that is usually sign of some process utilizing it. For network you need understand what is normal and what is not normal connections and I cant really explain it properly, but you can detect if some program that should not make requests keep making them constantly to some odd ip address. It might also be telemetry or other spyware activity.

Nokiamies wrote: *

18 Sep 2025, 12:24

It depends on coinminer. If it is jabbajavascript based on some website you can tell if it tried get too much cpu time. Best you can do is block JS by default with something like Ematrix, disable WASM and try avoid untrusted sites that try force on JS.

Just use NoScript

There is also this list for uBlock Origin:
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt

You can also use some alternate DNS server like Quad9, Adguard or DNS.Watch which are blocking malware sites, ads and trackers.


That's for a browser but for a software there is not much you can do. You can block it from accessing the internet with a firewall, also use alternate DNS servers as seen before if internet access is required but the best is to download and use stuff from a trusted source

Duke wrote: *

18 Sep 2025, 19:00

Nokiamies wrote: *

18 Sep 2025, 12:24

It depends on coinminer. If it is jabbajavascript based on some website you can tell if it tried get too much cpu time. Best you can do is block JS by default with something like Ematrix, disable WASM and try avoid untrusted sites that try force on JS.

Just use NoScript

There is also this list for uBlock Origin:
https://raw.githubusercontent.com/hoshsadiq/adblock-nocoin-list/master/nocoin.txt

It highly depends what do you want. If you want allow certain CDN or other on certain sites and deny it on other and also control Media, css, frames etc. eMatrix will sweep floor with noscript. There is version for "modern firefox" webextension (umatrix) but I still roll on UXP based browser.

Downside is of course amount of work per site eMatrix requires but it is fine for me since there is very few sites I use and most are pretty basic.

I'm not sure I've run into a malicious coinminer before. r3dfox (Firefox) has built in cryptominer blocking and I also block ads and stuff with uBlock Origin, but even on phone where I run Vivaldi with the built in adblock, it's never been an issue. For software I download, I run it through Virustotal, which scans it with everything.

If something got past all of that, then I would notice my CPU or GPU pinned to 100%, or hell even 25% if they try to be smart. I'd notice the fan noise and slowness that would cause. I'd go to task manager and see what is using up all of that. This has yet to happen to me.

My question is:
Is this actually an issue?

K4sum1 wrote: *

19 Sep 2025, 00:30

I'm not sure I've run into a malicious coinminer before.

This has yet to happen to me.

My question is:
Is this actually an issue?

I simply cannot resist a semi-sarcastic half-truth smart-alec answer -- "Yes, it's an issue on p0rn sites."

Nokiamies wrote: *

18 Sep 2025, 12:24

It depends on coinminer. If it is jabbajavascript based on some website you can tell if it tried get too much cpu time. Best you can do is block JS by default with something like Ematrix, disable WASM and try avoid untrusted sites that try force on JS.

As for programs there is no 100% working way as it is mix of things. First of all I would have something like process hacker 2 for monitoring full network traffic. Then using something else to monitor GPU idle usage like hwmonitor. If gpu usage keep cranking up high while idle that is usually sign of some process utilizing it. For network you need understand what is normal and what is not normal connections and I cant really explain it properly, but you can detect if some program that should not make requests keep making them constantly to some odd ip address. It might also be telemetry or other spyware activity.

The suspicious activity of GPU is the main way I use to check these miners.. I would also recomend check with different GPU usage monitors.. because some of them does not show all the activity of your GPU... or bypass some apps (the evil guys that include miners abuse of that "weakness").

K4sum1 wrote: *

19 Sep 2025, 00:30

My question is:
Is this actually an issue?

For me yes.. because I use really weak computers (atom netbooks/celerons) and I need all the hardware performance to do my tasks not theirs.



Another big problem are "lite/gaming tweaked OS". Many of these relases includes the crap. A pity... because stripped OS releases were great in the past.. a simply wat to boost your computer (microXP days)

kmuland wrote: *

19 Sep 2025, 16:55

K4sum1 wrote: *

19 Sep 2025, 00:30

My question is:
Is this actually an issue?

For me yes.. because I use really weak computers (atom netbooks/celerons) and I need all the hardware performance to do my tasks not theirs.

I don't mean it like that, I mean are coinminers actually something you'd come across enough to need to look out for one?

Shift the focus away from the GPU and look soely at what's happening on your machines network interface. Because cryptominers would have to get their information across the internet, else it would be useless, sitting on a metal box below some desk, right?

Now if you want to become boss of your system, you have to check for every connection that your computer is doing and decide, whether you want to have it in your system or whether to dump it.

Can recommend Wireshark as a good tool for looking at network traffic. Then you need to figure out a solution for actually blocking connections.

Regardless of cryptominers, you will free up ressources this way, which especially old machines are grateful for.

Bird wrote: *

20 Sep 2025, 07:59

Shift the focus away from the GPU and look soely at what's happening on your machines network interface. Because cryptominers would have to get their information across the internet, else it would be useless, sitting on a metal box below some desk, right?

miners that I detected into lited OSes uses the GPU even in offline computers. Probably the miner will share their finding when connected

K4sum1 wrote: *

19 Sep 2025, 23:20

kmuland wrote: *

19 Sep 2025, 16:55

K4sum1 wrote: *

19 Sep 2025, 00:30

My question is:
Is this actually an issue?

For me yes.. because I use really weak computers (atom netbooks/celerons) and I need all the hardware performance to do my tasks not theirs.

I don't mean it like that, I mean are coinminers actually something you'd come across enough to need to look out for one?

Sorry me, I didnt understand you (Im not english language native)

In my case I rely on stripped OSes to upgrade my computers when I have to use newer programs beyond XP... and belive me that today it is really hard to find lited OSes without miner included.Since last 5 years almost all OS modders that I knew include miners. I deleted tons of releases cause that. I cannt trust in nobody. I know that we are living hard times... and really few people do releases for the community and not for his own benefit.

If this is a problem in modded OSes... I can imagine that rest of software will not be free of that plague

For me, I've tried like 5 or more different stripped down Windows 10 ISOs, and as far as I can tell none of them had any cryptominers. Most recently I've been using Windows X-Lite (19045.3757) 'Micro 10' SE [x64] by FBConan.iso and I have it on a Windows 10 gaming PC, and various VMs used for compiling stuff (r3dfox mostly). I'm big into debloating and having minimal background usage, so I'd notice if a cryptominer started running and was using up resources.

kmuland wrote: *

20 Sep 2025, 08:15

miners that I detected into lited OSes uses the GPU even in offline computers. Probably the miner will share their finding when connected

Hm, you're right, that would be really sophisticated, but it is possible, if the miners would actually do work even when being offline, especially since on Windows 10 "Shut Down" doesn't mean shutting down the computer anymore.
In that case, you'd see any activity by monitoring network traffic over a longer period, maybe a whole day.

kmuland wrote: *

20 Sep 2025, 08:23

Since last 5 years almost all OS modders that I knew include miners.

Could you name some names? Those deserve to be called out!

I've ran "micro" and "lite" and "tiny" and *several* FBConan OS's.
When it comes right down to it, I personally DO *NOT* TRUST ANY OF THEM !!!
MORE IMPORTANTLY, I GET MUCH BETTER RESULTS DOING THE MOD'S MYSELF !!!
Just DO IT YOURSELF and make your OWN mod'd OS using things like NTLite and WinReducer.

Bird wrote: *

21 Sep 2025, 16:12

kmuland wrote: *

20 Sep 2025, 08:23

Since last 5 years almost all OS modders that I knew include miners.

Could you name some names? Those deserve to be called out!

Ill not point anyone with my finger.

Just think about youtube.
There are people that upload a video someday.. when they are happy, when they have time to share something interesing for the community.
In the other hand there are people that upload several videos daily... because his job is to make videos... because a channel with more videos will receive more money. (I think you get what I mean)

So ... think about these guys that release a new OS modded version each week/month. Like a weekly full job as OS modder.

My full respect for all the good guys and friendly souls that continue releasing things for free and does not look for his own benefit, but the happiness of the community.
Of course OS modders and computer enthusiasts that try to improve and help people to use a less bloated OS exist... so my blessings to all these good guys that survive.

kmuland wrote: *

23 Sep 2025, 11:12

Ill not point anyone with my finger.

I strongly disagree!

If something like an FBConan OS becomes so "popular" here at Eclipse Community that "several" of us start using it because they heard about it from HERE (Eclipse Community), then if anybody finds it to upload telemetry to whoknowswhere, then the ECLIPSE COMMUNITY *owes it* to the ECLIPSE COMMUNITY to share that finding!

The-10-Pen wrote: *

21 Sep 2025, 19:49

I've ran "micro" and "lite" and "tiny" and *several* FBConan OS's.
When it comes right down to it, I personally DO *NOT* TRUST ANY OF THEM !!!
MORE IMPORTANTLY, I GET MUCH BETTER RESULTS DOING THE MOD'S MYSELF !!!
Just DO IT YOURSELF and make your OWN mod'd OS using things like NTLite and WinReducer.

I tried it myself in the 1809-2004 days, and found the results to be unreliable at best. So I just use these premade ones since they're better than what I could do.

Sounds like you should release your mod here if you feel so strongly about it.

The-10-Pen wrote: *

23 Sep 2025, 11:21

If something like an FBConan OS becomes so "popular" here at Eclipse Community that "several" of us start using it because they heard about it from HERE (Eclipse Community), then if anybody finds it to upload telemetry to whoknowswhere, then the ECLIPSE COMMUNITY *owes it* to the ECLIPSE COMMUNITY to share that finding!

Only Microsoft telemetry

K4sum1 wrote: *

23 Sep 2025, 11:45

Sounds like you should release your mod here if you feel so strongly about it.

I basically *DID*, even some process-count and RAM-consumption screencaps.
I shared the config files on how to create and what software to use.
OVER NINE HUNDRED downloads but no replies.
So I moved on, nobody here wants to do the legwork, they just want to download an .iso instead of creating that .iso.
I personally disapprove of that approach - I'll take instructions any day of the week so that I can walk through them and witness how "trustworthy" they are.

K4sum1 wrote: *

20 Sep 2025, 22:49

Most recently I've been using Windows X-Lite (19045.3757) 'Micro 10' SE [x64] by FBConan.iso and I have it on a Windows 10 gaming PC, and various VMs used for compiling stuff (r3dfox mostly).

Does it speed up build time compared to regular build?

I've not built r3dfox on a stock 10, so I can't say. I'd assume there's an improvement just from the shit in the background of stock 10 but idk exactly. I started off on 8.1 (Updated v1 from here), then 10 1709 (Nexus LiteOS), then 10 22H1 (or 22H2, I can't remember which) (Nexus LiteOS), then 10 22H2 (X-Lite), and I don't think there was any big difference between any.

I find X-Lite to work the best and it's the slimmest. My main reason for going to it was so I could shrink the partition size by like 16GB and more easily keep multiple VMs to build different versions or experiment.

I trial-ran one of the Nexus releases.
I forget which one but I'm "majority-percent" sure that it was 22H2.

The experience HIT ME IN THE FACE with an expired license and a solicitation to purchase StartIsBack.
Something I never requested to be installed in the first place!

Ever since, any trial-run (INCLUDING X-LITE!) that INCLUDES anything that I never requested to be installed is THROWN IN THE TRASH BIN.
Without Prejudice!


a) did the creator of StartIsBack use this as a method of distribution to SOLICIT for his product to be purchased? (ie, a "bundle")
b) did the creator of StartIsBack AUTHORIZE his product to be distributed in this manner? (should Microsoft sue StartIsBack for this "bundle"?)
c) did the lite-os creator distribute his personal preference software with an unauthorized third-party distribution?
d) maybe that third-party license won't expire, then shouldn't the third-party creator be suing for an unauthorized distribution and hacked license?
e) et cetera...