Remove Virus-CoinMiner (Web-Miner.GEMIUS)

This article can help you to remove Virus. The step by step removal works for every version of Microsoft Windows.

It seems that everybody’s mining cyber-currencies. Even the websites do it. A new technology dubbed Drive-by-Mining is trying to replace the classic online advertisements. The idea is simple. Instead of being forced to see online ads, you can mine coins for the website you visit. It sounds great, doesn’t it! Instead of being forced to endure numerous advertisements, you can spare a small percentage of your CPU power to mine coins for the website’s owner. Unfortunately, the crooks have found a way to exploit this technology. They have created parasites that not only mine when you visit special websites, it also force your device to mine when you exit the page. website spreads one such parasite. Your anti-virus app might also detect it as Web-Miner.GEMIUS. This coin miner enters your OS and corrupts your web browser. The parasite uses your trusted browser as a gateway to your system and forces it to mine coins ceaselessly. And guess what, it doesn’t limit its resource consumption. The parasite works like a Trojan horse. It enters your device unnoticed and works behind your back. However, unlike other Trojan horses, the pest has very obvious symptoms. This intruder causes system underperformance, odd alerts, and program failures. You might also experience unexpected system crashes and data loss. Can you imagine getting any work done in such conditions. Do not put up with this situation. Remove this miner the first chance you get! The sooner it’s gone, the better!


How did I get infected with?

The virus slips into your computer when you visit corrupted websites. It is also distributed through software bundles, torrents and fake updates. The good old spam emails are also a possible cause of the infection. The thing is, you could have prevented these methods from succeeding. The spam emails, for example, rely on your naivety. The crooks write on behalf of well-known organizations and hope that you’ll follow their instructions. Yet, bear in mind that they no longer rely on corrupted files. They use them, but you are more likely to receive a message containing a corrupted hyperlink. Therefore, be very careful how you interact with your inbox. Before you even open a message, take a moment to verify the sender. You can simply enter the questionable email address into a search engine. If it was used for shady business, someone might have complained online. Also, if the message is from an organization, go to their official website and compare the email addresses listed there with the one you’ve received a letter from. If they don’t match, delete the pretender immediately. The Internet is a dangerous place. You can never know where an infection might strike from. Therefore, don’t let your guard down. Stay away from shady websites. No one can protect you if you act recklessly. The key to a secure and virus-free computer is caution. Always do your due diligence!

Why is this dangerous?

The miner is very annoying. It interferes with every aspect of your day to day computer-related activities. Every time you as much as touch your browser, your system becomes slow and unresponsive; your apps take forever to load (if they load at all); strange system warnings pop up with no apparent reason; and on top of that, you are forced to reboot your system repeatedly. But a simple restart won’t fix your problem. The parasite has infected your system and always starts in the background. The only thing you can do now is to remove it. If you don’t, there will be consequences. The coin mining process is very intensive. The above-mentioned issues are merely the obvious side effects. Something much darker is happening behind your back. Check your machine now, it radiates heat, doesn’t it? As you know, that heat is not good for your hardware., however, does not pause its intensive processes. It uses your CPU at very high temperatures and by doing so, it shortens your hardware’s life significantly. The extensive heat may cause frequent system crashes, which, consequently, lead to data loss and the dreaded Blue Screen of Death. The coin mining is profitable only if you don’t use your own resources. uses yours. Its publishers make a mint at your expense. Do not become their sponsor. Remove this parasite ASAP!

Manual Removal Instructions

The infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down related processes in the computer memory

STEP 2: Locate startup location

STEP 3: Delete traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.


  • Write down the file location for later reference.

Step 2: Locate startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


  • A dialog box should open. Type “Regedit”


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:


Step 4: Undo the possible damage done by

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!


  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.

Leave a Comment