Remove LoudMiner cryptocurrency miner from Mac computers
Written by Tomas Meskauskas on (updated)
What is LoudMiner?
LoudMiner is a cryptocurrency miner based on XMRig (another miner) and designed to mine Monero cryptocurrency. LoudMiner is cross-platform software, and thus can run on different operating systems such as MacOS, Linux, and Windows. It is distributed by bundling it with set-ups of pirated (cracked) copies of VST (Virtual Studio Technology) software.
Cyber criminals who proliferate LoudMiner attempt to trick people into installing this rogue software so they can misuse their computers (computer resources) to mine cryptocurrency. If LoudMiner miner is installed on your operating system, remove it immediately.
When a cryptocurrency miner such as LoudMiner is installed, it uses computer resources such as the CPU (central processing unit) and GPU (graphics processing unit) to solve mathematical problems and mine cryptocurrency. As mentioned above, LoudMiner is based on XMRig, which utilizes the system CPU.
The mining process in general causes high CPU (or/and GPU) usage, even up to 100%. Therefore, affected computers operate much slower or do not respond at all. The cryptocurrency mining process might cause unexpected shutdowns, which can lead to data loss or cause hardware overheating.
Computers with miners installed on them consume more electricity, and thus users of these computers receive higher electricity bills. Only the cyber criminals who trick people into installing these programs benefit from this process. They use computers of unsuspecting people to mine cryptocurrency and generate revenue.
LoudMiner runs on systems through virtualization software. It uses QEMU on macOS and Virtual Box on Windows. When installed, this software can be found running on systems as a process called "qemu-system-x86_64", "tools-service" or "System-monitor.daemon", "VirtualDJ" (on MacOS) and "VmServiceControl.exe" on Windows.
Note that the process name might vary and criminals can also use names of genuine/legitimate processes as a deception. Cyber criminals disguise virtualization software (virtual machines) as programs such as Propellerhead Reason, Ableton Live, Sylenth1, Nexus, Reaktor 6, Kontakt Native Instruments, AutoTune, and many others.
So, if there is a cracked (pirated) version of a VST software installed on a computer, it is very likely that this was also used proliferate the LoudMiner cryptocurrency miner.
| Name | LoudMiner malicious cryptominer |
| Threat Type | Mac malware, Mac virus, Crypto currency miner |
| Detection Names (Virtual_DJ_8_Pro_Infinity_macOS.dmg) | AegisLab (Trojan.OSX.Generic.4!c), BitDefender (Trojan.MAC.Generic.6329), Cyren (Trojan.ZAWM-7), GData (Trojan.MAC.LoudMiner.H) Full List (VirusTotal) |
| Malicious Process Names | qemu-system-x86_64, tools-service, System-monitor.daemon, VirtualDJ (on MacOS) and VmServiceControl.exe on Windows. The process names might vary. |
| Symptoms | Your Mac becomes slower than normal, high CPU or/and GPU usage, operating system shuts down unexpectedly. |
| Distribution methods | Setups of cracked/pirated VST (Virtual Studio Technology) software (e.g., Propellerhead Reason, Ableton Live, Sylenth1, Nexus, Reaktor 6, Kontakt Native Instruments, AutoTune). |
| Damage | Data and/or financial loss, hardware overheating, unexpected shutdowns, higher electricity bills, high CPU (and other hardware) usage. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
There are various cryptocurrency miners online, and often they are legitimate, however, many cyber criminals use these programs to generate revenue by misusing the computers of other people. Some examples of other cryptominers include Plurox, Digmine, and NRSMiner.
If your computer is infected with a program of this type (and was installed unintentionally), removed it as soon as possible.
How did potentially unwanted applications install on my computer?
Cyber criminals distribute LoudMiner through set-ups of pirated VST software. In this case, it is bundled into set-ups of cracked software relating to audio production.
In many cases, unwanted programs are bundled into setups of other software that people wish to download and install, however, cryptocurrency miners (or other unwanted programs, such as malware) can also be distributed in other ways.
Typically, cyber criminals proliferate malicious programs through spam campaigns, trojans, fake software updaters and untrustworthy software download sources. They use spam email campaigns by sending emails that contain malicious attachments.
These are usually Microsoft Office documents, PDF files, executable files, archive files such as ZIP, RAR and so on. To infect systems, these attachments must first be opened. They then cause download and installation of a malicious program.
Cyber criminals also infect computers with malware through trojans: malicious programs that proliferate other infections and cause chain infections. To cause any damage, however, they must already be installed.
Fake software update tools are used to proliferate computer infections by downloading and installing malicious programs rather than updating (or fixing) installed programs, or by exploiting outdated software bugs/flaws.
Software cracking tools operate in a similar manner: people use them to bypass activation of licensed software, however, these tools are often used by cyber criminals to install malware rather than cracking any software or operating system.
Untrustworthy software download sources such as freeware download websites, free file hosting websites, peer-to-peer networks such as torrent clients, eMule and other such tools, third party downloaders can be used to present malicious software as legitimate. In this way, cyber criminals trick people into downloading and installing infections such as LoudMiner.
How to avoid installation of potentially unwanted applications?
Do not download programs from dubious sources such as Peer-to-Peer networks (torrent clients, eMule, etc.), unofficial pages and so on. The only safe way to download software is using official websites and direct download links. All programs should be downloaded and installed properly.
Check any additional settings in the set-ups and dismiss offers to download or install unwanted bundled programs. Be careful opening attachments or links that are presented in e-mails received from unknown, suspicious, or dubious addresses. If an email is irrelevant, ignore it and do not open anything. Do not use software cracking tools or use cracked software.
This is illegal and often leads to computer infections. Installed programs should be updated properly using tools or functions provided by official developers. Finally, have reputable anti-spyware or anti-virus software installed to keep the computer safe from infection. These tools usually detect and remove them before any further damage can be done.
If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Screenshot of a cracked VST (Virtual DJ 8 Pro Infinity) setup file and instructions about how to install it:
Virtual DJ 8 Pro Infinity installer:
Screenshot of a LoudMiner process disguised as VirtualDJ running in Activity Monitor (MacOS):
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is LoudMiner?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
As we mentioned above, cyber criminals distribute LoudMiner through set-ups of pirated VST software. Therefore, it is bundled (included) into set-ups of cracked software that is relating to audio production.
There are many cases where various unwanted programs are bundled into setup of some other software that people download and install intentionally, however, cryptocurrency miners (or other unwanted programs, such as malware) can be distributed in other ways too.
Typically, cyber criminals proliferate malicious programs through spam campaigns, trojans, fake software updaters and untrustworthy software download sources. They use spam email campaigns by proliferateing/sending emails that contain malicious attachments.
These attachments usually are some Microsoft Office documents, PDF files, executable files, archive files such as ZIP, RAR and so on. To infect systems, these attachments must be opened first. If opened, they cause download and installation of a malicious program.
Another way that cyber criminals use to infect computers with malware is through trojans: malicious programs that proliferate other infections/to cause chain infections, however, to cause any damage they must be already installed.
Fake software updating tools can be used to proliferate computer infections by downloading and installing malicious programs rather than updating (or fixing) installed programs or by exploiting outdated software bugs/flaws.
Software cracking tools operate similarly: people use them to bypass activation of software that is licensed, however, often these tool are also used by cyber criminals and are designed install malware rather than cracking the particular software or operating system.
Untrustworthy software download sources such as freeware download websites, free file hosting websites, peer-to-peer networks such as torrent clients, eMule and other such asols, various third party downloaders can be used to present malicious software as legitimate. Therefore, cyber criminals trick people into downloading and installing infections such as .happy by
Outstanding!
▼ Show Discussion