Trojan.ElectrumDoSMiner
![detection icon](https://www.malwarebytes.com/wp-content/themes/malwarebytes/assets/src/images/malware-detection.png)
Short bio
Trojan.ElectrumDoSMiner is Malwarebytes’ detection name for a Trojan responsible for distributed denial of service (DDoS) attacks against Electrum bitcoin wallets.
Symptoms
Users of affected computers may experience slowdowns in internet speed as they are joined to a botnet that performs DDoS attacks.
Type and source of the infection
![flodding](https://www.malwarebytes.com/wp-content/uploads/sites/2/2019/04/ElectrumFlood.png)
Flooding ElectrumX servers on port 50002 or 50001
Protection
![block 178.159.37.113](https://www.malwarebytes.com/wp-content/uploads/sites/2/2019/04/17815937113block.png)
Malwarebytes blocks the IP 178.159.37.113
Home remediation
Malwarebytes can detect and remove Trojan.ElectrumDoSMiner without further user interaction.
- Please download Malwarebytes to your desktop.
- Double-click MBSetup.exe and follow the prompts to install the program.
- When your Malwarebytes for Windows installation completes, the program opens to the Welcome to Malwarebytes screen.
- Click on the Get started button.
- Click Scan to start a Threat Scan.
- Click Quarantine to remove the found threats.
- Reboot the system if prompted to complete the removal process.
Business remediation
How to remove Trojan.ElectrumDoSMiner with the Malwarebytes Nebula console
You can use the Malwarebytes Anti-Malware Nebula console to scan endpoints.
![endpoint menu](https://www.malwarebytes.com/wp-content/uploads/sites/2/2018/04/endpointmenu.png)
Nebula endpoint tasks menu
Choose the Scan + Quarantine option. Afterwards you can check the Detections page to see which threats were found.
![Nebula detections](https://www.malwarebytes.com/wp-content/uploads/sites/2/2017/08/Nebula_new.png)
On the Quarantine page you can see which threats were quarantined and restore them if necessary.
![Nebula Quarantaine](https://www.malwarebytes.com/wp-content/uploads/sites/2/2017/08/quarantine1.png)
Traces/IOCs
ElectrumDoSMiner infrastructure
178.159.37.113
194.63.143.226
217.147.169.179
188.214.135.174
Trojan.BeamWinHTTP
48dcb183ff97a05fd3e466f76f385543480abb62c9adcae24d1bdbbfc26f9e5a