SoundMixer.exe is a malicious file that secretly mines cryptocurrency on your computer

SoundMixer.exe is an executable that you might find running in the Task Manager hogging up to 100% CPU. The truth is that it is the main file of cryptojacking malware – a type of virus that uses victims’ computer resources in order to mine cryptocurrency and deploy the funds directly into preset Monero wallet, which differs for each user. While cybercriminals enjoy a quick profit from malware, users might face a proliferation of other viruses, increased electricity bills, and constant pop-ups, crashes, slowdowns, as well as other disturbances while using the infected machine.

SoundMixer.exe virus is that it is relatively buggy, as it is known to launch a command prompt window each time infected users launch the machine, which also returns an error message which displays the executable’s location path. The file is also very large – victims noticed that it is over 170 MB in size, preventing them from uploading it to Virus Total for analysis.[1] Additionally, while infected, users might not be able to install new programs or use Command Prompt as required. The most annoying trait of malware is that even SoundMixer removal does not clear the problems of the infected machines.

Name SoundMixer.exe, SoundMixer virus
Type Cryptojacking malware, cryptominer
Variant of Torrent virus
Infiltration methods Most common infection means include malicious files downloaded from torrent sites, such as Assassin’s Creed Origins torrent, installation through software bundles, as well as cracks/keygens
Registry created Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor
File size 170 MB
Symptoms Slow operation of the device, the running SoundMixer.exe executable using up to 100% CPU, Command Prompt window popping up upon PC launch, system errors, inability to install new applications, anti-virus program malfunction
Associated risks Installation of other malware, system file corruption 
Termination You can delete the executable manually (SoundMixer folder located in user/APPDATA/Roaming/Microsoft) or use powerful anti-malware software like SpyHunter 5Combo Cleaner or Malwarebytes
Remedy You should remove registry “Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor.” If that does not stop the erratic system behavior, try automatic repair with Reimage Reimage Cleaner You can check this article for more details

There are several ways the SoundMixer virus might enter your computer, but the most common infection methods include downloading pirated software and video game installers from torrent sites. Additionally, users are likely to infect themselves while trying to apply a crack or a keygen to bypass the licensing requirement of a legitimate program.

To start the infection routine, SoundMixer.exe will be placed into user/APPDATA/Roaming/Microsoft folder, which establishes a connection between the predetermined wallet that the mined Monero currency will be transported to, launches several processes under explorer.exe, and also creates the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\Command Processor
HKEY_USERS\S-1-5-21-4215818013-1387844859-1192221006-1001\Software\Microsoft\Command Processor

Quite often, the infected users will find their security software disabled – it is typical malware behavior, and the action is performed due to persistence reasons.

After performing all the necessary changes, the SoundMixer.exe virus will start mining Monero cryptocurrency by performing complicated mathematical calculations, using a high amount of CPU power in the process. As a result, the infected users will not be able to use their computers normally, such as launching video games or even playing video files.

Manual SoundMixer.exe removal is possible, although it might not be successful in every case. Therefore, it is best to use anti-malware software and perform a full system scan in Safe Mode with Networking. If you still prefer the manual method, you can attempt to remove SoundMixer folder in the user/APPDATA/Roaming/Microsoft folder. Since the malware creates its own registries, it is best to use a PC repair tool like Reimage Reimage Cleaner that can rebuild it and fix virus damage on the machine.

Downloading pirated software remains a dangerous activity

While downloading files through a peer-to-peer network is not illegal, downloading pirated software or cracked games is – such activity is considered to be criminal behavior. Besides, illegal software download sites are known to be one of the main tools to infect users with malware, and cybercriminals are well aware of that. For example, one of the most prolific ransomware – Djvu – is distributed exclusively via pirated software and cracks, which deemed extremely successful.[2]

Even though many do know about the risks, they are still willing to get something that is otherwise not free, for free. Thus, we highly discourage users from downloading illegal software, as it is one of the first stops for malware. Nevertheless, take into consideration the following if you are willing to risk it:

  • Equip your computer with high-end security software that can recognize even the most advanced malware (machine learning technology);
  • Keep your computer patched with latest updates, as well as all the installed programs;
  • Disable automatic launch of JavaScript and Flash[3] via your browser settings – it will prevent malicious scripts from loading as soon as you enter a booby-trapped website;
  • Employ ad-block;
  • Check the format of the alleged video file – there must not be a .exe, .dll, or another extension added at the end (should be .avi, .mp4. and similar);
  • Read the comments by users – they often indicate that the file is infectious;
  • Before executing any file, upload it for analysis on Virus Total or similar services.

Get rid of SoundMixer.exe virus and restore your Windows to a working condition

Some malware is just troublesome, and SoundMixer.exe virus is one of such examples, as it might stop the anti-virus from working, prevent the installation of new applications, and cause other system malfunctions. You can try to remove SoundMixer.exe manually by deleting the following folder: user/APPDATA/Roaming/Microsoft/SoundMixer. Additionally, you should delete the Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor Windows registry. However, this will most likely will not be enough to fix your computer, and the issues might continue.

Therefore, for full SoundMixer.exe removal, you should access Safe Mode to bypass malware operation and perform an in-depth computer scan. This will ensure that all the malicious files are eliminated, along with all the other viruses that could have gotten into the machine without you noticing. Finally, you should also reset all the installed browsers and scan system with PC repair tool Reimage Reimage Cleaner .

Reimage Reimage Cleaner has a free limited scanner. Reimage Reimage Cleaner offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.

This entry was posted on 2020-01-13 at 05:41 and is filed under Files, Spyware related.