Virus attacking Chia

I have a Virus that I cannot get to stop attacking Chia. I have run many antivirus, malware, it deletes the file and then I run Chia again and boom, it comes back. Chia is down hard. I tried an uninstall and reinstall with no success. Infection name w64/agent:fks.gen!Eldorado.

when I try to run chia now, I get an immediate JavaScript Error occurred in the main process. Error: spawn
C:\users\LSH\AppData\Local\Programs\Chia\resources\app.asar.unpacked\da…\daemon.exe ENOENT HELP!!!

Easy fix no doubt, reinstall os.
The virus is no doubt in another location under a different name so the deleted file can be put back again.


@Lsherring You can try running Autoruns:

It will show you every process that starts automatically.

It allows you to uncheck any of them.

Whatever the nefarious program is that is getting kicked off, it should be listed by Autoruns somewhere.
Autoruns displays lots of start-up programs. Windows has startup stuff all over the place.

If you uncheck the wrong item, you could make your system unbootable.
If in doubt, back up your system before making any changes.

Also, after unchecking something, you will need to do a re-boot (if it is an item that starts up from a boot), or log-out and in (if it is an item that starts up with user logging in).

1 Like

So that will suck. If I re-install the os and laid Chia back up, I should be back to norm as my dbase is on my nvme? Do I have to do any network changes after I reload this OS?

@Lsherring Depending on the virus, you might be able to bypass it by creating a new user account, and run Chia from your new account. It all depends on whether the virus is confined to to your login name, or is an administrative process.

1 Like

No network changes should be needed dependant on your setup.
Main node only should just work.
If you have harvesters youd prob need to redo your ca certificate.

If you go this route maybe back up your config so you dont need to re add drive folders if you have alot.

This is also maybe not the best one, but shows how you can try to manually remove it (not really specific to this trojan) - Trojan.DBH.gen!Eldorado – How Do I Remove It? -

I would shut down your box, remove your drives with plots (don’t think those can be infected, but can be scanned one by one afterwards) and run Win Defender full scan on your box (after updating virus db). Also, when scanning, you may want to unplug network cable, as otherwise it may start scanning files that it thinks are connected).

Basically, run a full scan, let it clean, reboot and repeat the process few times. If it will continue finding crap after two/three reboot, as @Bones suggested, reinstall may be the best / fastest option.

Also, as in that second article, I would uninstall basically everything (but Chia) from your box, delete everything from your temp folders, and scan your registry for Eldorado (not sure what else in registry; you can check what you have in “Run” and “Run Once” under user and machine).

I would remove any extra browser, but Edge, just to get to as clean box as possible. As suggested, this trojan may be using browser extensions, so less browsers is better. You should check for Edge browser extensions and kill whatever you don’t recognize).

1 Like

I’m reinstalling windows
sucks…I have no idea how this occurred, and NOTHING runs on this rig except Chia, and I do not even log in except to see if it is still farming. Frustrating. TY for the help team :slight_smile:


This virus is FKN scary…

Likewise, Trojan.DBH.gen!Eldorado can likewise specifically take money from your accounts. it is skilled to taking your records, passwords, your ID, your telephone number, and even your mark. Furthermore, these data is sufficient for opening your banks and getting money from it. so it is not uncommon for your financial lose if you have it.

Would be nice to understand how it got on that box. Hopefully, it didn’t jump from another box to this one.

That DBH, or FKS (in your case) are potentially variants, so the main carrier is most likely the same, but trojans delivered may differ. Unfortunately, none of those sites offered help with identifying the carrier.

Once you get your box up and running, update defender, and do a full scan before installing anything.

1 Like

hello, i am really sorry the read that. I hope your chia still stay safe.
i have one free user for my trend micro maximum security if you need i can give you free.

1 Like

Ty, how would that work? I look forward to your reply.


Infection name w64/agent:fks.gen!Eldorado.

→ where / how are you getting that info?

if there was really nothing on that rig, its unlikely that all of a sudden you got a virus on it.

Steps to avoid

  • wipe all your disks at setup (yes also your nvme with the database)
  • do not connect usb storage devices from other computers (best to not plug any usb periphery from other computers at all)
  • do not install other software except chia client
  • do not browse the web for surfing or research purposes

What other systems do you have on that network? If you don’t do anything else on that system besides Chia, it came from somewhere. You may have an infected system on your network that is just sitting there silently infecting others because there is nothing on that first system to take advantage of. I would be doing scans on everything (especially the kids computers if there are any). Trojans just don’t spontaneously create themselves. It came from somewhere. It would suck to go through all the trouble of reloading and then setting everything back up just to find the trojan back within a day.

What antivirus are you using? I wouldn’t just trust Windows Defender. It is better than it used to be, but still not great. I know you will get a different recommendation from every person. Antivirus loyalty is pretty strong. But check out ESET if you don’t have any other preference. Has treated me and my clients great for more than a decade.


Just put your chia client into docker or a vm => no problems anymore

i am not sure yet but my plans inclouded 3 device and i use 2.
probably i will share id and password to you :slight_smile:

If you have a weekend where you don’t have much going on, I would strongly recommend you look at migrating to a linux server and run everything by command line. Although nothing is 100% safe, it’s probably the safest way to farm chia.

Well, here is a weekly update. Since doing a fresh install of the OS and only loading up Chia, I have not had one burp since. Time for the expensive rig to pay for itself. LOL. TY to Jacek and others for assisting me in getting through this Trojan Horse issue, as it was a nasty one. I found that my wife’s phone was infected. Have to love the internet. I’m hard-wired but a phone on the same network blows me away. Have a great holiday season, and Merry Christmas to all :slight_smile:

1 Like

I’ve used this for years, and no virus infections yet. Comes free with their PC anti-v sw, or stand alone.


you don’t virtualize your entire chia instillation?
your its just running on your computer…willy nilly. with no hyper availabilty, no backups, no isolation from crap like this… …

what are you even doin???

my recommendation lookup proxmox and start from scratch

some people :face_with_peeking_eye: