Bitcoin Forum

I just ran a full system scan using Malwarebytes Antimalware and two sneaky "Bitcoin Mining" viruses showed up in temp directory  :o
Lol, Einsteins of today's world.
Have you guys hear about this virus ?

No....

What's the description?  What is it going to do if you get infected?

Keylog?  steal your private keys?  or scam off portion of your mining powers?

What the?
Please copy the log here.

I found minerd.exe in my office computer and my CPU usage were 100%. Installed free AVG to get ride of it :)

Can you provide the log?

Someone was making side money at your office  >:(

You should have looked into the process and the memory and see who the miner user ID at the pool was

Could be that trojan mining bot. ??? http://forum.avast.com/index.php?topic=129680.0

I am mining in my office please don't tell anyone :P But my boss know it and she is ok :)

We don't know who to tell considering we don't know where you work.

These are silent miners used by hackers. You were infected.

So we have that too now. Damn.

This form of malware has been here since the start of Bitcoins. It used to just drop CGMiner without the GUI.

Zero Access rootkit had some Mining code in it but they removed it since cpu mining is now useless.

Could still be used for CPU coins.

Sure but the profit isnt there for the blackhats. They make more money off of click fraud than mining without drwaing unwanted attention to themselves.

Wrong. Buy cheap botnet -> mine CPU coin -> dump all.
Profit.

Here you go guys, check this out:

Malwarebytes Anti-Malware 1.75.0.1300
Database version: v2013.08.16.07
06-11-2013 14:11:06
mbam-log-2013-11-06 (14-11-06).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|I:\|K:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 146706
Time elapsed: 30 minute(s), 11 second(s) [aborted]

Memory Processes Detected: 1
I:\Softwares\Top Setup's\Bitcoin\Generator\BTCGenV1.0.exe (Backdoor.MSIL.P) -> 7280 -> Delete on reboot.

Files Detected: 7
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\coinutil.dll (PUP.BitcoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\miner.dll (PUP.BitCoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\service.exe (PUP.BitCoinMiner) -> No action taken.
C:\Users\***\AppData\Roaming\XHvQH\usft_ext.dll (PUP.BitCoinMiner) -> No action taken.
I:\Softwares\Top Setup's\Bitcoin\Generator\BTCGenV1.0.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\XHvQH\taskengine.exe (Backdoor.MSIL.P) -> Quarantined and deleted successfully.

(end)

I think it is only fake detection

"BTCGenv1.0"

Did you download a "Bitcoin Generator" from YouTube or something?  :D

Generate bitcoins for free and get rich.  :D

and i assume it steals everythig what u have?!?! am I right?

Lol yes I used desperate measures to get some of my first Bitcoins.
No it is not a fake detection, even Kaspersky have reported few days back about a "BitCoin Miner" Virus

Hi man,

To be sure that this is false positive detection you can try to upload the file to www.virustotal.com

I doubt that it's a false positive as my secure system hasn't encountered it and yet it has a few wallets, among them is the bitcoin one.

did it steal anything from you ?!

OP did you really dl a 'get free bitcoin generator' from yt?!

Don't download any generators.  :D

Actually, don't download any app or plugin also..

Why is that?

Some plugin are trojan maybe?

Its easy to check, if your CPU is at 100% without much program running, you know something is wrong..

Don't plug in any USB too, easiest way to transfer virus...

I know about this virus it is usually created on a botnet were many people get infected/given a virus and then a hole bunch of people mine for this 1 person it is crazy but has recently became low profit so you should not find this virus to much anymore

Yeah agree, but they can still use the CPU to mine CPU only coin...

Wrong, if the one that created the botnet is smart enough, he should mine the most profitable CPU coins instead of BTC....

No one creates those CPU botnets for SHA256 coins anymore. They either do it with GPU or make an scrypt coin botnet.

They can mine CPU coins for huge profits though.

Like PTS and primecoin? Looks like people need to stop investing on CPU coins cause of this...

PTS is a bit botnet resistant due to high memory requirements.

i agree i tryed and it stucks all the time

You mean you are one who makes those bot too!!!  :'(

Really? why can't botnet use memory?

Its probably more detectable. Making the computer slower.

Im not too good with CPU coins but why would PTS use more memory?

noisy CPU fan should arouse the suspicion of of most users

pfffff , noob.  ;D

If you just realized that there are bitcoin trojans, ehhhh.. Do a system scan then.
 They've been out since bitcoin caught traction, sadly enough..
 
 Between getting hundreds of bot's to mine for you.
 Injecting code into your client to steal from you.
 Setting up on-demand keylogger to capture your keys for your wallet.
 etc.

The trojans stealing wallet is far worst then stealing CPU usage....

of course

Yes I did  :-X



Not yet, let's see, maybe its waiting for an oppurtunity

Well after I installed Bit miner program my anti-virus went crazy. Started deleting files and so on.. I uninstalled it and everything was alright.

If you go to the : hackforums.net and go to the marketplace there are several of these and trust me it is something you do not want to have on your computer

Stay safe scan links and files