How to Remove RubyMiner Malware

This article can help you to remove RubyMiner Virus. The step by step removal works for every version of Microsoft Windows.

When it comes to coin mining, the tool selection is essential. There are many bogus applications which can cause serious damage to your device. RubyMiner is one such unreliable tool. This malware is a nasty Trojan horse. It targets servers but regular computers may also get infected. The Trojan is quite dangerous. It exploits vulnerabilities in your OS and takes full control of your device. Once on board, RubyMiner corrupts essential for your OS files and processes. It rewrites your System Registry and creates copies of itself. The parasite uses various camouflaging techniques. Once the Trojan is established on your computer, it turns your device into a mining machine. The Parasite uses your PC resources to provide services for the coin server. In exchange, it gets rewarded with small fractions of the coin. This process has a lot of negative side effects. The Trojan doesn’t limit the resource usage. Even when your computer radiates heat, the Trojan does not pause the mining. Thus, it shortens your CPU’s life significantly. Furthermore, if your cooling system is not efficient enough, your device will overheat and crash frequently. This leads to data loss, the dreaded Blue Screen of Death and to irreversible hardware damage. Let’s not forget the electricity consumption too. To carry out its malicious processes, RubyMiner needs a lot of electric power. If you don’t stop it, the Trojan will double even triple your electricity bills. The coin mining process is only profitable if you don’t use your own resources. The crooks are using yours. They are making a mint at your expense. Do not allow this to continue a minute longer. Remove RubyMiner now!

Remove RubyMiner

How did I get infected with?

RubyMiner is a sophisticated Trojan. It may cause serious damage to your computer. Yet, when it comes to its distribution, the Trojan uses the classic strategies. Software bundling. Fake software updates, drive-by downloads, and, of course, the good old spam emails. Your caution can prevent these techniques from succeeding. Needless to say, you should not visit questionable websites. Avoid using torrents. Download your software from reliable sources only. And don’t open emails from strangers. It looks easy on paper. Yet, when you receive a message from your bank or some police department, you cannot resist the urge to open the email. Before you do it, verify the sender. You can simply enter the sender’s email address into some search engine. If it has been used for shady business, someone might have complained. This technique is not flawless, so, don’t stop just yet. When you receive a letter from an organization (your bank, for example), go to their official website and compare the email addresses listed there with the one you have received a message from. If they don’t match, delete the pretender immediately. Even when you open a letter, don’t let your guard down. A reliable company would use your real name to address you. If the letter starts with “Dear Customer” or “Dear Friend,” proceed with caution. The Internet is a dangerous place. Only your caution can keep your computer virus-free. Having a powerful anti-virus app on board is also a good idea!

Why is this dangerous?

RubyMiner enters your computer in complete silence and roots deep into your system. It uses your computer resources without permission and leaves your device useless. You cannot use your own PC normally. It is sluggish and unresponsive. Your Internet Connection also seem slower than usual. On top of that, your machine radiates heat and is very noisy. All these issues are side effects of the Trojan’s malicious processes. If you don’t take immediate measures, the Trojan will cause irreversible damage. This malware uses your computer to its limits. By doing so, it is shortening your hardware’s life. If your machine overheats frequently, you are very likely to end up with the Blue Screen of Death. Furthermore, your electricity bill will also be affected. Your machine runs on electricity after all. All these obvious issues aside, we should not forget that RubyMiner has admin privileges. It can install programs. This parasite may install other malware, spyware, even ransomware on your computer. It all depends on the hackers. They have proven to be capable of creating a sophisticated Trojan horse. No one can predict how will they develop their malware in the future. Do yourself a favor, remove RubyMiner before it’s too late.

Manual RubyMiner Removal Instructions

The RubyMiner infection is specifically designed to make money to its creators one way or another. The specialists from various antivirus companies like Bitdefender, Kaspersky, Norton, Avast, ESET, etc. advise that there is no harmless virus.

If you perform exactly the steps below you should be able to remove the RubyMiner infection. Please, follow the procedures in the exact order. Please, consider to print this guide or have another computer at your disposal. You will NOT need any USB sticks or CDs.

STEP 1: Track down RubyMiner related processes in the computer memory

STEP 2: Locate RubyMiner startup location

STEP 3: Delete RubyMiner traces from Chrome, Firefox and Internet Explorer

STEP 4: Undo the damage done by the virus

STEP 1: Track down RubyMiner related processes in the computer memory

  • Open your Task Manager by pressing CTRL+SHIFT+ESC keys simultaneously
  • Carefully review all processes and stop the suspicious ones.


  • Write down the file location for later reference.

Step 2: Locate RubyMiner startup location

Reveal Hidden Files

  • Open any folder
  • Click on “Organize” button
  • Choose “Folder and Search Options”
  • Select the “View” tab
  • Select “Show hidden files and folders” option
  • Uncheck “Hide protected operating system files”
  • Click “Apply” and “OK” button

Clean RubyMiner virus from the windows registry

  • Once the operating system loads press simultaneously the Windows Logo Button and the R key.


  • A dialog box should open. Type “Regedit”


Depending on your OS (x86 or x64) navigate to:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] or
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] or

  • and delete the display Name: [RANDOM]

delete backgroundcontainer

  • Then open your explorer and navigate to: %appdata% folder and delete the malicious executable.

Clean your HOSTS file to avoid unwanted browser redirection

Navigate to %windir%/system32/Drivers/etc/host

If you are hacked, there will be foreign IPs addresses connected to you at the bottom. Take a look below:


Step 4: Undo the possible damage done by RubyMiner

This particular Virus may alter your DNS settings.

Attention! this can break your internet connection. Before you change your DNS settings to use Google Public DNS for RubyMiner, be sure to write down the current server addresses on a piece of paper.

To fix the damage done by the virus you need to do the following.

  • Click the Windows Start button to open the Start Menu, type control panel in the search box and select Control Panel in the results displayed above.
  • go to Network and Internet
  • then Network and Sharing Center
  • then Change Adapter Settings
  • Right-click on your active internet connection and click properties. Under the Networking tab, find Internet Protocol Version 4 (TCP/IPv4). Left click on it and then click on properties. Both options should be automatic! By default it should be set to “Obtain an IP address automatically” and the second one to “Obtain DNS server address automatically!” If they are not just change them, however if you are part of a domain network you should contact your Domain Administrator to set these settings, otherwise the internet connection will break!!!


  • Check your scheduled tasks to make sure the virus will not download itself again.

How to Permanently Remove RubyMiner Virus (automatic) Removal Guide

Please, have in mind that once you are infected with a single virus, it compromises your whole system or network and let all doors wide open for many other infections. To make sure manual removal is successful, we recommend to use a free scanner of any professional antimalware program to identify possible virus leftovers or temporary files.

Leave a Comment