what is attrib.exe and why is it running in the background?

[Levitatin]

okay so when ever i close my task manager and reopen it 3 mins later i see attribute utility (attrib.exe) using almost 100% of my cpu for a couple seconds and goes back down to 4-6%... i installed malwarebytes and ran a scan and i keep seeing this popping up. what do i do?

[Tsuki]

sounds like somebody installed a crypto miner on your computer.

 delete it immediately

[Levitatin]

Just now, Tsuki said:

sounds like somebody installed a crypto miner on your computer.

 delete it immediately

okay how??

[Changis]

3 minutes ago, Levitatin said:

okay so when ever i close my task manager and reopen it 3 mins later i see attribute utility (attrib.exe) using almost 100% of my cpu for a couple seconds and goes back down to 4-6%... i installed malwarebytes and ran a scan and i keep seeing this popping up. what do i do?

it's an old command from when dos was integrated, it changes attributes of files.. though it may have been compromized by something else and been exchanged with a virus or something.. 
the domain seems to go to some crypto currency mining thing, so it might be mining software.. but attrib should not access the web..

pack it into a zip/rar and delete it.. it isn't vital for windows so it should only disrupt any programs using it or stop any virus using it..

[Changis]

2 minutes ago, Tsuki said:

sounds like somebody installed a crypto miner on your computer.

 delete it immediately

yup.. from minergate site

Quote

 

About MinerGate

MinerGate is a mining pool created by a group of cryptocoin enthusiasts.

It is the first pool which provides service for merged mining. This means that while mining on our pool you can mine different coins simultaniously without decrease of hashrate for major coin.

 

seems like someone installed a miner on your system.  to be sure, i would just backup and reinstall windows completely.. who knows what else they have changed..
 

[Levitatin]

3 minutes ago, Changis said:

it's an old command from when dos was integrated, it changes attributes of files.. though it may have been compromized by something else and been exchanged with a virus or something.. 
the domain seems to go to some crypto currency mining thing, so it might be mining software.. but attrib should not access the web..

pack it into a zip/rar and delete it.. it isn't vital for windows so it should only disrupt any programs using it or stop any virus using it..

after i deleted it this kept popping up in 4 windows.

[Changis]

Just now, Levitatin said:

after i deleted it this kept popping up in 4 windows.

reinstall windows and start fresh. don't allow others on your computer unless supervised and be very careful of programs you install and any piggybacked programs that try to slide past in the installation screens

[Sir Asvald]

14 minutes ago, Levitatin said:

after i deleted it this kept popping up in 4 windows.

Well you just deleted a system32 file. Which will cause Windows to mess about.. 

[Changis]

3 minutes ago, Abdul201588 said:

Well you just deleted a system32 file. Which will cause Windows to mess about.. 

if it's a real system32 file, windows won't allow you to delete it as it should be owned by trustedinstaller (windows), and it sure wouldn't start checkdisk because attrib.exe was missing...

[Levitatin]

5 minutes ago, Changis said:

if it's a real system32 file, windows won't allow you to delete it as it should be owned by trustedinstaller (windows), and it sure wouldn't start checkdisk because attrib.exe was missing...

yeah i'm reinstalling windows 10 because now i have a process in the back called "helper.exe"

[Levitatin]

13 minutes ago, Changis said:

if it's a real system32 file, windows won't allow you to delete it as it should be owned by trustedinstaller (windows), and it sure wouldn't start checkdisk because attrib.exe was missing...

i took permission to delete it lol