Home
Welcome to the SilentCryptoMiner wiki!
Here I will write explanations for all the features and give examples on how to use them. I will also strive to answer the most frequently asked questions so that there is fast and easy access to information otherwise usually gained by experience.
I have created some example settings that you can use either for testing or for an easy setup if you're inexperienced with mining or computers.
You can find the Example Settings that I've made here: Example Settings
| Navigation Menu |
|---|
|
Miner Features |
|
FAQ |
Check the individual pages for the miners below, there is too much information to fit it on a single wiki page.
The 'Startup' option means that the miner will add itself to the startup flow of Windows so that the miner starts up together with Windows. If the miner is run with administrator privileges it will install itself as a Windows Service and if run with normal user privileges it will add itself into the startup registry keys at HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
The major path which the miner will copy itself to and add into the startup entry. If the miner is installed as administrator then this path will automatically be "ProgramData" (%ProgramData%) to allow it to be found and run across all users.
The name of the startup entry inside the registry or the name of the Service.
The file name that the miner will install itself with, it is possible to add folder names into the "Filename" with this format Folder1\Folder2\miner.exe (just an example, you can name them whatever).
The Watchdog will run as a separate process injected into conhost.exe. The watchdog will constantly check if the miner is running, if the miner file is in the right location and also if the miner is correctly installed as a Service (if installed as administrator). If any of these things aren't right (the miner process, the miner file or the service) then the watchdog will fix any of these issues to make sure everything is as it should be.
Will make the miner delete the original file that was first started after the miner has finished installing.
This is pretty self explanatory and won't require much explanation, the assembly information will be used by Windows when displaying the miner in different places and can also be seen when right-clicking the miner and checking it properties.
Another pretty self explanatory one, will just apply the Icon chosen to the built miner.
In this tab you can browse to any executable file and then clone the digital certificate of that file into the miner. The certificate will be invalid of course since it doesn't actually belong to the miner but for some programs and antiviruses even an invalid signature can help in some ways.
Will make the miner ask for administrator privileges when it's started. Administrator privileges is required for all the different options that have an administrator shield icon next to them in the builder.
Will try to add exclusions to general folders used by the miner and watchdog before they are extracted and run. This is especially good to bypass future detections. Since version 3.4.0 this feature also removes the MSRT (Malicious Software Removal Tool) inside Windows to prevent some potential removals of the miner.
Will disable Windows Update and its related components from running. This means that no new updates will be found and installed for Windows nor for some parts of Windows Defender.
As I also mentioned above, due to the fact that some parts Windows Defender gets its updates from Windows Update then enabling this option will also in some cases stop parts of Windows Defender from getting updated.
Since version 3.2.0 the uninstaller will restore Windows Update functionality when run, a restart after might be needed as well.
Will mark the miners and watchdog as critical processes, which means that if they are killed then they will cause a BSoD (blue screen of death) on the computer. Will also make the Task Manager and other tools give a warning when you try to kill the processes. Can potentially cause problems if there are things wrong with the computer that kill or crash any of the injected miners or watchdog.
Will disable sleep and hibernation mode on the computer.
Caution: The uninstaller will not revert these settings since it does not know the original values.
Any websites/domains entered into the field of this option will be added into the hosts file and blocked from being used. The hosts file does not automatically block any subdomains so if you want to block a site it's best to block both the non-www version and the www version: site1.com,www.site1.com because they are technically different domains.
You can block multiple sites by adding a comma (,) between each site like so: site1.com,www.site1.com,site2.com,www.site2.com,site3.com,www.site3.com
You can find community collections of blocklists here: "Block Websites" - Collection Lists
If you disable this then it will cause the miner not to run directly after being installed, meaning it will just install and close down. The miner will then start on every startup after that.
Will use the UPX packer to compress the included miner files, this reduces the size of the miner resources.
Will inject a custom version of the r77 rootkit into Windows that will hide the miner processes and all the miner traffic from basically all programs. This option requires Administrator privileges.
- WARNING: A rootkit is very complex and might break things on some computers. The amount of time for the miner to wait until it injects, this can avoid some runtime (sandboxing) scans that check the miners behavior after being started since it won't do anything while it's being analyzed.
You can read what most of the functions do on this wiki and decide if you want to use them but I would recommend adding at least one CPU and one GPU miner, such as one XMR/RTM miner and one ETH/ETC/RVN miner. I would also recommend using the "Remote Configuration" feature and possibly the Web Panel if you can in case you ever need or want to modify your configurations. Usually using "Add Defender Exclusions" is a good thing to do to stop any future detections on computers that already have the miner installed in case your build gets detected. If you want the miner to last longer then you can also enable "Disable Windows Update" since it will stop all future updates some of which could potentially remove the miner.
You can find user contributed lists for the "Stealth Targets", "Kill Targets" and "Block Websites" features here on GitHub as well by checking the "Discussions" tab in the menu. "Stealth Targets" are more important for the GPU miner since then you can pause the miner while the user is playing any of those games or similar things to stop any disruptions from happening to the user.
Down below I have created two save files with some example settings that work if you want to experiment or if you're unsure what to do. You can download either of them, unzip it and then load the .xml file by pressing "Load" in the builders "Main" tab and selecting that file.
Settings have been updated for version 3.4.0.
These settings do not make any permanent changes to the computer and are safe to run for testing. They are also a good base for then choosing your own settings. When you are done with testing and are looking to create the final production build then it's generally recommended to enable "Add Defender Exclusions" and possibly "Disable Windows Updates" to reduce detections and increase longevity.
These settings are fully ready for mining. You can essentially just load these settings, change the wallet addresses of the ETC and XMR miners to your own and be done. These settings make some permanent changes to the computer so they're not recommended to use for testing on important computers, it's best to use a Virtual Machine if you want to test with these settings.
First of all you can try rebuilding it multiple times, things get randomized every time you build a miner so it is possible for you to get unlucky with the random bytes. You can also test disabling or enabling different options in case only some specific option has been detected, or if there is an option that decreases your detections. You can also use a crypter on the miner as long as they support 64-bit native programs, if they are an injection crypter (which most are) then you usually need to disable the "Startup" in the miner and instead enable the crypters own "Startup". If you're more technically experienced then you can also change things in the code to get lower detections but this is only recommended for users with very advanced knowledge and experience since it can be a very intricate task.
To see if the miners have started you can run the [MINERNAME]-checker.exe that gets built together with your miner and they should appear in the list. To check if they are actually mining I would recommend you to build the miners without "Stealth" enabled and check the CPU usage to check if a CPU miner is working. For the GPU miners you can check the GPU usage with something like MSI Afterburner to see if it's running. If you don't have a good enough GPU to test the usage then there isn't really much you can do, since there isn't really possible to just test run it, but if you base your miner of the example settings you can find in this wiki then it should work.
Since version 3.3.0 the miner does not require any specific minimum CUDA version for Nvidia miners, the miner should work as long as you have at least OpenCL 1.2 which all Nvidia and AMD GPUs should have. The second requirement is enough VRAM to mine whatever cryptocurrency you have chosen to mine, as of writing this ETC requires around 3.4GB of VRAM and RVN requires around 4.2GB of VRAM, but newer also profitable cryptocurrencies like Neurai, Neoxa and many others only require less than 2GB of VRAM. You can see the VRAM for some cryptocurrencies here: https://minerstat.com/dag-size-calculator and you can find the different profitability for GPU coins here: https://whattomine.com/. Also keep in mind that Windows can sometimes use up to 10%-30% of your VRAM just for Windows.
Don't worry, if it's using the CPU or GPU then it's working correctly unless you chose the wrong algorithm. For miners/workers to appear on the pool they first need to mine a share and submit it, pools do it this way to save performance and bandwidth. Mining a share can take a while depending on the hashrate, pool share difficulty and luck, for nanopool the share difficulty is 10GH (10 000MH) so if you have a 10MH/s hashrate then the average time to find a share would be 10 000/10=1000 seconds.
Why is the hashrate shown on the pool different from what I expect (or from what is shown in the web panel)?
Pools might work a bit differently from how you expect them to work. To save performance and bandwidth pools only display miners/workers and their "hashrate" when the miner successfully mines and submits shares to the pool, due to this pools calculate the hashrate differently from miners. Pools calculate the hashrate by counting the amount of shares over a specific interval of time (also depends on the share difficulty). For example: Ethermine calculates the hashrate as the amount of shares over one hour, so their "Current Hashrate" field will show a lower hashrate until you have mined consistently for at least one hour.
You can run [MINERNAME]-uninstaller.exe in the same folder as the miner you built and it should kill and remove everything automatically.
If you didn't enable "Startup" then you can just kill the miner process (the process you chose to inject into, by default explorer.exe) and it will be removed.
If you did have "Startup" enabled then the recommended method to manually remove the miner is to delete the startup entry inside either the registry or the installed Service and then instantly restart the computer after removal but this can be difficult.
You can find the startup entry in either the registry or the Services depending on whether you started the miner as administrator or not. If you did not run it as administrator then the startup entry will be present in the registry, to remove it you should open regedit.exe and then paste the following path HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run into the top of regedit.exe where it shows the current location (replace the current one). If you did run it as administrator then the startup entry will be present inside the Windows Services, simply open the Services and see if you're able to find the service with the name you chose in the builders "Startup" tabs "Entry Name". The entry inside either the registry or Services will be called whatever you chose inside the "Entry Name" option in the "Startup" tab, once you find the startup entry then remove it (to remove a service then open an administrator CMD and run sc delete "ENTRYNAME" with ENTRYNAME being whatever entry name you chose in the builder) and instantly restart your computer (or force a shutdown it by holding down the power button) so that the watchdog does not have time to restore it. After you start up the computer you can check if the entry is still there, if it's gone then the miner is uninstalled, if the entry is still there then redo the process again.
The problem was keeping them updated were one of the most time consuming tasks since Visual Studio has no good way of modifying and checking the help tooltips in any efficient manner. Another issue was that Visual Studio sometimes moved what help tooltip text belonged to which '?' help button. For both of these reason I decided that it would be much more efficient to just solely rely on the wiki. The wiki is also much better for those who want to translate it into another language with something like Google Translate which could not be done with the help tooltips of course.