I get a trojan alert when running this software, any idea why?
The virus alerts that appear here involve:
(1) MULDROP.Trojan, for more details see here:
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FClort.A.dr#tab=2but the essence is this:
Launches MS08-067 Attack
When Trojan:Win32/Clort.A is executed, it creates a mutex named ‘2008-MS08-067_TEST’ and exits if it already exists. This trojan connects to a remote site to retrieve target information, or IP address range data for the trojan to attack. The data is retrieved from the domain address 'gsinvest.gov.cn/*******/VoteModiy.asp'.
Next, Win32/Clort.A executes %TEMP%\svchost.exe, attacking IP addresses provided by text from the page 'VoteModify.asp'. It tries to connect to port 139, and if successful, launches
%TEMP%\svchost.exe <IP address>
The attack attempts to locate vulnerable computers that have not applied Security Bulletin MS08-067.
Downloads Other Malware
If a target computer is exploited, Win32/Clort.A!exploit executes shell code that instructs the target to download TrojanDownloader:Win32/VB.CJ from the domain 'dabao8.net' as a file named 'cc.exe'. The downloaded trojan is then run.
Win32/VB.CJ is a trojan that downloads other malware. When run, it attempts to download TrojanDownloader:Win32/VB.CQ from the domain 'nowbt.net' as a file named 'cpa.exe'.
Downloads Adware
After TrojanDownloader:Win32/VB.CQ is downloaded it is run. It attempts to connect to the Web address 'cpa123.cn' and downloads adware.
(2) WS.Reputation.1
for symantec, the alert they have is for any new program, apparently:
http://community.norton.com/t5/Norton-Internet-Security-Norton/WS-Reputation-1-is-this-the-best-they-can-come-with/td-p/616601Just to add, all LTC software I have ever downloaded gets auto deleted by my antivirus (Bitdefender). Other LTC miners tend to have more virus warnings. I would say that this is kinda off-putting. Someone PM me or post if they know a recognised LTC miner that, as a downloaded zip or whatever, is clean on virustotal.com. Other alt coins manage it.