Title: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe Post by: scrypt on April 13, 2013, 12:05:03 AM Yesterday my Norton Internet Security started reporting Trojan.ADH.2 in the guiminer-scrypt_win32_binaries_v0.02\cgminer\cgminer.exe :-[
So, I made a small research. I downloaded all currently available binaries from the cgminer's distribution site http://ck.kolivas.org/apps/cgminer and checked them against Dr.Web online scanner, Norton Internet Security and Microsoft Security Essentials. Here are my results:
It will be nice to hear from author about origins of these threats. Title: Re: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe Post by: ASICPool on April 13, 2013, 12:22:16 AM This is because of other malware utilizing CGMiner to download said program, making the virus detection associate CGMiner with the trojan.
Title: Re: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe Post by: scrypt on April 13, 2013, 08:27:17 PM Not really. Association is not by file name "cgminer.exe", but by sequence of bytes inside the file. There is the reason of MD5 in the table. The files are directly from the http://ck.kolivas.org, so....
Title: Re: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe Post by: Kluge on April 13, 2013, 08:48:57 PM If I'm remembering right, it is not uncommon for mining software to get tagged by AV software.
Mining software uses tons of resources (whether CPU or GPU). If CGMiner were installed without consent and then used to mine for the attacker, most A/V companies would probably just slap a malware label on it. Since they're actually called "BTCMine" in the Dr. Web definitions, this seems to almost certainly be the case. I'd still use it, but then I still use Windows, so I'm not credible. Title: Re: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe Post by: Gabi on April 13, 2013, 08:56:45 PM Yup, usually antivirus softwares flag it as virus because there are some viruses that have them. This is idiot of course, the antivirus should detect the real virus, not the miner part!
|