How to remove Bird Miner from the operating system
Written by Tomas Meskauskas on (updated)
What kind of malware is Bird Miner?
Bird Miner is malicious software that uses computer resources to mine cryptocurrency via emulation. Research shows that it runs two miners and, therefore, it consumes extensive resources. Cyber criminals distribute Bird Miner using an installer for a 'cracked' (pirated) version of ValhallaVintageVerb software.
More about Bird Miner
Bird Miner is a malOnce cryptocurrency miner similar to Bird Miner. When installed, it starts using computer resources (e.g., CPU, GPU) to mine cryptocurrency.
Software of this kind achieves this by solving mathematical problems. It can mine cryptocurrency faster on computers with more powerful hardware, and thus generates more revenue for cyber criminals responsible.
Typically, computers that have cryptocurrency miners installed and running on them start operating slower or even at the level where they virtually cannot perform any other tasks. Therefore, the operating system might start crashing or stop responding, which can result in loss of unsaved data, unexpected shutdowns, hardware overheating, etc.
Note that high computer hardware usage caused by cryptocurrency miners causes greater electricity consumption, and hence higher electricity bills.
Research shows that this particular miner is designed not to run on the operating system (not to mine cryptocurrency) when Activity Monitor is launched - this is so that users do not notice its processes running the malicious software and using computer resources to mine cryptocurrency via emulation.
Research shows that it runs two miners and, therefore, consumes significant resources.
| Name | Bird Miner crypto-malware |
| Threat Type | Crypto-malware. |
| Detection Names | AegisLab (Trojan.OSX.BirdMiner.4!c), BitDefender (Trojan.MAC.Generic.6329), Kaspersky (HEUR:Trojan.OSX.BirdMiner.a), Microsoft (Trojan:Win32/Casdet!rfn), Full List (VirusTotal). |
| Symptoms | Cryptocurrency miners are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. |
| Distribution methods | Installers for pirated software, infected email attachments, malicious online advertisements, social engineering. |
| Damage | Higher electricity bills, hardware overheat, system crashes, data loss, decrease in computer performance. |
| Malware Removal (Mac) | To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
Conclusion
Another example of a cryptocurrency miner designed to run on Mac computers is LoudMiner. Generally, users install mining malware inadvertently - cyber criminals use various methods to deceive people into installing software of this kind onto their computers. The most commonly used methods to distribute this and other malware are described below.
How did malware install on my computer?
Bird Miner is distributed via an installer designed to install a pirated/cracked version of the ValhallaVintageVerb program. It is possible that this miner is also distributed through installers that supposedly install other software (e.g., pirated Ableton Live 10 version).
Other common ways to distribute malware are via malspam campaigns, Trojans, third party (fake) software updating tools and untrusted file, and software download sources. Users infect computers through malspam campaigns (emails) when they execute malicious attachments or files that they have downloaded through links in emails received from cyber criminals.
In most cases, cyber criminals send emails that have a malicious Microsoft Office document, PDF document, archive file such as ZIP, RAR, JavaScript file or executable file (.exe) attached to them. A Trojan is a type of malware that can cause chain infections.
Once installed, it installs other malware. Fake software updating tools infect systems by installing malware rather than updates/fixes for the installed software, or by exploiting bugs/flaws of outdated software.
Examples of untrusted file/software download sources used to proliferate malware are Peer-to-Peer networks (e.g., torrent clients, eMule), freeware download websites, free file hosting websites, third party downloaders, and unofficial pages. Malicious software can be distributed through them by disguising malicious files as legitimate.
The rogue programs are installed when users download and open the malicious files.
How to avoid installation of malware
Installed programs must be activated and updated with tools or implemented functions that are provided by the official developers. No other third party, unofficial tools should be used. Note that it is illegal to activate licensed software with ‘cracking’ tools.
Files and programs should be downloaded from official websites and via direct download links. Avoid third party installers and the tools/sources mentioned above. Do not open website links or files in irrelevant emails that are received from unknown, suspicious addresses.
These bogus emails are often disguised as official and important. Regularly, scan your computer with reputable, up-to-date antivirus or anti-spyware software. If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate them.
Screenshot of the contents of the .dmg file, which supposedly contains the installer for ValhallaVintageVerb:
Screenshot of the installer for pirated version of ValhallaVintageVerb, which is designed to install Bird Miner:
Instant automatic Mac malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner for Mac
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is Bird Miner?
- STEP 1. Remove PUA related files and folders from OSX.
- STEP 2. Remove rogue extensions from Safari.
- STEP 3. Remove rogue add-ons from Google Chrome.
- STEP 4. Remove potentially unwanted plug-ins from Mozilla Firefox.
Video showing how to remove adware and browser hijackers from a Mac computer:
Potentially unwanted applications removal:
Remove potentially unwanted applications from your "Applications" folder:
Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "MPlayerX", "NicePlayer", or other suspicious applications and drag them to the Trash. After removing the potentially unwanted application(s) that cause online ads, scan your Mac for any remaining unwanted components.
Remove adware-related files and folders
Click the Finder icon, from the menu bar. Choose Go, and click Go to Folder...
Check for adware generated files in the /Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: /Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the ~/Library/Application Support/ folder:
In the Go to Folder... bar, type: ~/Library/Application Support/
In the "Application Support" folder, look for any recently-added suspicious folders. For example, "MplayerX" or "NicePlayer", and move these folders to the Trash.
Check for adware generated files in the ~/Library/LaunchAgents/ folder:
In the Go to Folder... bar, type: ~/Library/LaunchAgents/
In the "LaunchAgents" folder, look for any recently-added suspicious files and move them to the Trash. Examples of files generated by adware - "installmac.AppRemoval.plist", "myppes.download.plist", "mykotlerino.ltvbit.plist", "kuklorest.update.plist", etc. Adware commonly installs several files with the exact same string.
Check for adware generated files in the /Library/LaunchDaemons/ folder:
In the "Go to Folder..." bar, type: /Library/LaunchDaemons/
In the "LaunchDaemons" folder, look for recently-added suspicious files. For example "com.aoudad.net-preferences.plist", "com.myppes.net-preferences.plist", "com.kuklorest.net-preferences.plist", "com.avickUpd.plist", etc., and move them to the Trash.
Scan your Mac with Combo Cleaner:
If you have followed all the steps correctly, your Mac should be clean of infections. To ensure your system is not infected, run a scan with Combo Cleaner Antivirus. Download it HERE. After downloading the file, double click combocleaner.dmg installer. In the opened window, drag and drop the Combo Cleaner icon on top of the Applications icon. Now open your launchpad and click on the Combo Cleaner icon. Wait until Combo Cleaner updates its virus definition database and click the "Start Combo Scan" button.
Combo Cleaner will scan your Mac for malware infections. If the antivirus scan displays "no threats found" - this means that you can continue with the removal guide; otherwise, it's recommended to remove any found infections before continuing.
After removing files and folders generated by the adware, continue to remove rogue extensions from your Internet browsers.
Remove malicious extensions from Internet browsers
Remove malicious Safari extensions:
Open the Safari browser, from the menu bar, select "Safari" and click "Preferences...".
In the preferences window, select "Extensions" and look for any recently-installed suspicious extensions. When located, click the "Uninstall" button next to it/them. Note that you can safely uninstall all extensions from your Safari browser - none are crucial for regular browser operation.
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Safari.
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More Tools" and click "Extensions". Locate all recently-installed suspicious extensions, select these entries and click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Google Chrome.
Remove malicious extensions from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window) and select "Add-ons and themes". Click "Extensions", in the opened window locate all recently-installed suspicious extensions, click on the three dots and then click "Remove".
- If you continue to have problems with browser redirects and unwanted advertisements - Reset Mozilla Firefox.
Frequently Asked Questions (FAQ)
My computer is infected with Bird Miner malware, should I format my storage device to get rid of it?
No, Bird Miner can be remove using reputable antivirus software.
What are the biggest issues that malware can cause?
Data theft and financial fraud, system damage and crashes, data encryption, additional infections, identity theft, privacy violations, and more. It depends on the type of malware.
What is the purpose of Bird Miner?
The purpose of the Bird Miner malware is to mine cryptocurrency using the infected computer's processing power without the owner's knowledge or consent. This type of malware can generate profits for the attacker by using the victim's computing resources to mine cryptocurrency, which can then be sold on the market for real money.
How did a Bird Miner infiltrate my computer?
The Bird Miner malware is distributed using an installer that is intended to install a cracked/pirated version of the ValhallaVintageVerb program. Additionally, Bird Miner may be distributed through installers that claim to install other software, such as a pirated version of Ableton Live 10.
Will Combo Cleaner protect me from malware?
Combo Cleaner has the ability to detect and remove almost all known malware infections. However, it is important to note that advanced malware often conceals itself deeply within the system. As a result, performing a full system scan is essential to ensure complete detection and removal.
Outstanding!
▼ Show Discussion