SicurezzaVirus news

Remove the WindowsRecoveryCleaner or Iostream.exe Miner

The WindowsRecoveryCleaner or Iostream.exe Miner is a Trojan that uses your computer to mine for digital currency without your permission. This program is typically installed in adware bundles that pretend to game cracks, cheats, or key generators.

The Iostream.exe miner is actually renamed XMRig executable that when started will use all of the available CPU power of the computer to mine for Monero. The program is started through the Windows Scheduled Task shown below called WindowsRecoveryCleaner that is launched automatically when a user logs into the computer.

  • Scheduled Task

What is particularly worrisome about this infection is that it will use the entire CPU’s processing power indefinitely. This will cause your CPU to run at very hot temperatures for extended periods of time, which could shorten the life of the CPU.

As there is no outward indication that the program is running, here is a list of symptoms that a user can use to determine if they are infected with the WindowsRecoveryCleaner or Iostream.exe Miner:

  • You will see the Iostream.exe process using almost 80% or more of CPU.
  • A schedule task will be present called WindowsRecoveryCleaner
  • Attrib.exe is running with high cpu utilization but closes the second you open Task Manager. Attrib.exe is legitimate and should not be deleted.
  • Programs don’t launch as quickly.
  • General slowness when using the computer.

How was the WindowsRecoveryCleaner or Iostream.exe Miner installed on my Computer?

It is important to note that the WindowsRecoveryCleaner or Iostream.exe Miner is bundled with and installed by free programs that did not adequately disclose that other software would be installed along with it. Therefore, it is important that you pay close attention to license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you immediately cancel the install and not use the free software.

As you can see, this miner steals your computer’s CPU resources and your electricity and profits from it by mining cryptocurrency. In order to make a computer operate normally again and protect the computer’s hardware, you should use the guide below to remove this Trojan for free.


HitmanPro will now begin to scan your computer for infections, adware, and potentially unwanted programs. When it has finished it will display a list of all the items that Hitman has found as shown in the image below. Please note that the items found may be different than what is shown in the image.

MalwareBytes Scan Results

You should now click on the Next button to have HitmanPro remove the detected items. When it is done you will be shown a Removal Results screen that shows the status of the various programs that were removed. At this screen you should click on the Next button and then if prompted you should click on the Reboot button. If HitmanPro does not prompt you to reboot, please just click on the Close button.

Once your computer has has restarted or you pressed the Close button, you should now be at your Windows desktop.

Your computer should now be free of the WindowsRecoveryCleaner or Iostream.exe Miner program. If your current security solution allowed this program on your computer, you may want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

Are Your Protected?

While Malwarebytes Anti-Malware, Zemana AntiMalware & HitmanPro will scan and clean a computer for free, the free versions do not offer real-time protection. If you want to be fully protected at all times then it is recommended that you purchase a premium version.


Malwarebytes Anti-Malware

Purchase the full-featured version of Malwarebytes Anti-Malware, which includes real-time protection, scheduled scanning, and website filtering, to protect yourself against these types of threats in the future!


Zemana AntiMalware

Purchase the full-featured version of Zemana AntiMalware, which includes second opinion malware scanner when other solutions do not work, cloud scanning, and super-fast scan time, to protect yourself against these types of threats in the future!



Purchase the full-featured version of HitmanPro, which includes discover viruses, trojans, rootkits, spyware and other malware on up-to-date and fully protected computers using cloud protection and behavioral detections, to protect yourself against these types of threats in the future!

Disclaimer: While we do earn a commission from the sale of the above products, rest assured we only recommend them due to their effectiveness.