Bitcoin Forum
October 21, 2017, 11:11:32 AM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe  (Read 2663 times)
scrypt
Newbie
*
Offline Offline

Activity: 13


View Profile
April 13, 2013, 12:05:03 AM
 #1

Yesterday my Norton Internet Security started reporting Trojan.ADH.2 in the guiminer-scrypt_win32_binaries_v0.02\cgminer\cgminer.exe  Embarrassed
So, I made a small research. I downloaded all currently available binaries from the cgminer's distribution site http://ck.kolivas.org/apps/cgminer and checked them against Dr.Web online scanner, Norton Internet Security and Microsoft Security Essentials.

Here are my results:

fileMD5   Dr.Web online scanner (records:3841735)   Norton Internet Security (definitions version 20130412.006)   MS Security Essentials (definition: 1.147.1650.0)
cgminer-2.10.0-win32\cgminer.exe8a877908c8dd8586651ce9b67b70e1d4   Clean   Clean   Clean
cgminer-2.10.1-win32\cgminer.exeaf60f0da905591f0a3eb6167f27d7228   Clean   Clean   Clean
cgminer-2.10.2-win32\cgminer.exe08fa1a5b4870e7d1ec7482fdfb1a54c3   contains an intrusion tool Tool.BtcMine.73Clean   Clean
cgminer-2.10.3-win32\cgminer.exea1d392aeb8eaa3571f009f53cb6b743f   contains an intrusion tool Tool.BtcMine.81Clean   Clean
cgminer-2.10.4-win32\cgminer.execdbb2d86ac108d86dc9ee673ba18d424   Clean   Clean   Clean
cgminer-2.10.5-win32\cgminer.exe61d0fdbddb8763b79054001f591d071a   contains an intrusion tool Tool.BtcMine.82Trojan.ADH.2Clean
cgminer-2.11.0-win32\cgminer.exefc4301342f941a6c3309965f850a0c78    infected with Trojan.BtcMine.67Clean   Clean
cgminer-2.11.1-win32\cgminer.exef899dc08f4255fc9454886886669c5a8   Clean   Clean   Clean
cgminer-2.11.2-win32\cgminer.exe48fbb86864a6112672238905dc0e90cb   contains an intrusion tool Tool.BtcMine.87Trojan.ADH.2Clean
cgminer-2.11.3-win32\cgminer.exe3b583432257425f4b57daf9c39a8675d   infected with Trojan.BtcMine.76Clean   Clean
cgminer-2.11.4-win32\cgminer.exeeedf9d5b3f2ccf830b4fb0e4c1631cbe   Clean   Trojan.ADH.2Clean

It will be nice to hear from author about origins of these threats.

BTC:1BPvFoGn4wzcJEzRyV3gHKAViQxfoD4MWM
LTC:LXUEXW1cJWnPj13FztJvLNrEj6x9X2S7ai
1508584292
Hero Member
*
Offline Offline

Posts: 1508584292

View Profile Personal Message (Offline)

Ignore
1508584292
Reply with quote  #2

1508584292
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508584292
Hero Member
*
Offline Offline

Posts: 1508584292

View Profile Personal Message (Offline)

Ignore
1508584292
Reply with quote  #2

1508584292
Report to moderator
ASICPool
Member
**
Offline Offline

Activity: 80



View Profile
April 13, 2013, 12:22:16 AM
 #2

This is because of other malware utilizing CGMiner to download said program, making the virus detection associate CGMiner with the trojan.
scrypt
Newbie
*
Offline Offline

Activity: 13


View Profile
April 13, 2013, 08:27:17 PM
 #3

Not really. Association is not by file name "cgminer.exe", but by sequence of bytes inside the file. There is the reason of MD5 in the table. The files are directly from the http://ck.kolivas.org, so....

BTC:1BPvFoGn4wzcJEzRyV3gHKAViQxfoD4MWM
LTC:LXUEXW1cJWnPj13FztJvLNrEj6x9X2S7ai
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218


Michael, send me some coins before I hitman you


View Profile
April 13, 2013, 08:48:57 PM
 #4

If I'm remembering right, it is not uncommon for mining software to get tagged by AV software.

Mining software uses tons of resources (whether CPU or GPU). If CGMiner were installed without consent and then used to mine for the attacker, most A/V companies would probably just slap a malware label on it. Since they're actually called "BTCMine" in the Dr. Web definitions, this seems to almost certainly be the case.

I'd still use it, but then I still use Windows, so I'm not credible.

Don't mix your coins someone said isn't legal
Gabi
Legendary
*
Offline Offline

Activity: 1050


View Profile
April 13, 2013, 08:56:45 PM
 #5

Yup, usually antivirus softwares flag it as virus because there are some viruses that have them. This is idiot of course, the antivirus should detect the real virus, not the miner part!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!