we would recommend that you reconsider that position. You may think that if you avoid cracks and keygens while browsing the web you will be safe. Attackers use opensource cgminer which is available on GitHub. There are a finite amount of Bitcoins to be had, and mining for them can be compared to extracting gold or diamonds from the earth. Bitcoin miners - the sharing services. Then they simply run the Bitcoin miner program provided with their credentials on as many computers as they have.
The word "cestina" means that the file should contain Czech localization of the referenced program. Samples SHA256 Start-up script VBS:FlufferMiner-A : Installers: B33866943B24B1251F Misusing user accounts strong user name worker name password /strong frankfrank frankus frankus575 franzpat pateil patology humbo humbobo humbra icemann powerhw1 freaky kansasan kansasboy desertpete kuller5 kuller500 kulinaro mazdafan mazdahmm corvette pakostan pakostan01 shalala555 pollack smasher10 smogfog. This library is used for massively parallel computing by the miner (remember that mining Bitcoins is a very difficult computational problem and therefore requires parallelism).
The second file is named ntvdm. Exe -pool ssl: hermine. Recently we found that on the file sharing service someone uploaded a bitcoin erfinder satoshi lot of fake files containing Bitcoin miners! All of them contain a hidden feature, and sometimes the name is a complete fabrication. The problem is that some greedy people are misusing them. If not the script contacts h*p:p creates the conditional file which is probably working as a global mutex. Org:4444 -wal proto 3 ethermine.
Org:5555 -pool2 ssl: hermine. To manually remove all residues of this application just terminate "C:WindowsSystem32WScript. Notice too, that all these files have an elevated popularity; no doubt a result of tampering. The mining process involves running software that performs complex math problems for which you're rewarded a share of the income. This process seems to function as the infection counter since there is no downloaded data. Fortunately it was quite easy to decode the start-up script. In the end, if they had enough computation power and time they might end up with a few Bitcoins.