Norton Internet Security reports Trojan.ADH.2 in cgminer.exe

[scrypt]

Yesterday my Norton Internet Security started reporting Trojan.ADH.2 in the guiminer-scrypt_win32_binaries_v0.02\cgminer\cgminer.exe 
So, I made a small research. I downloaded all currently available binaries from the cgminer's distribution site http://ck.kolivas.org/apps/cgminer and checked them against Dr.Web online scanner, Norton Internet Security and Microsoft Security Essentials.

Here are my results:

file	MD5	Dr.Web online scanner (records:3841735)	Norton Internet Security (definitions version 20130412.006)	MS Security Essentials (definition: 1.147.1650.0)
cgminer-2.10.0-win32\cgminer.exe	8a877908c8dd8586651ce9b67b70e1d4	Clean	Clean	Clean
cgminer-2.10.1-win32\cgminer.exe	af60f0da905591f0a3eb6167f27d7228	Clean	Clean	Clean
cgminer-2.10.2-win32\cgminer.exe	08fa1a5b4870e7d1ec7482fdfb1a54c3	contains an intrusion tool Tool.BtcMine.73	Clean	Clean
cgminer-2.10.3-win32\cgminer.exe	a1d392aeb8eaa3571f009f53cb6b743f	contains an intrusion tool Tool.BtcMine.81	Clean	Clean
cgminer-2.10.4-win32\cgminer.exe	cdbb2d86ac108d86dc9ee673ba18d424	Clean	Clean	Clean
cgminer-2.10.5-win32\cgminer.exe	61d0fdbddb8763b79054001f591d071a	contains an intrusion tool Tool.BtcMine.82	Trojan.ADH.2	Clean
cgminer-2.11.0-win32\cgminer.exe	fc4301342f941a6c3309965f850a0c78	infected with Trojan.BtcMine.67	Clean	Clean
cgminer-2.11.1-win32\cgminer.exe	f899dc08f4255fc9454886886669c5a8	Clean	Clean	Clean
cgminer-2.11.2-win32\cgminer.exe	48fbb86864a6112672238905dc0e90cb	contains an intrusion tool Tool.BtcMine.87	Trojan.ADH.2	Clean
cgminer-2.11.3-win32\cgminer.exe	3b583432257425f4b57daf9c39a8675d	infected with Trojan.BtcMine.76	Clean	Clean
cgminer-2.11.4-win32\cgminer.exe	eedf9d5b3f2ccf830b4fb0e4c1631cbe	Clean	Trojan.ADH.2	Clean

It will be nice to hear from author about origins of these threats.

[ASICPool]

This is because of other malware utilizing CGMiner to download said program, making the virus detection associate CGMiner with the trojan.

[scrypt]

Not really. Association is not by file name "cgminer.exe", but by sequence of bytes inside the file. There is the reason of MD5 in the table. The files are directly from the http://ck.kolivas.org, so....

[Kluge]

If I'm remembering right, it is not uncommon for mining software to get tagged by AV software.

Mining software uses tons of resources (whether CPU or GPU). If CGMiner were installed without consent and then used to mine for the attacker, most A/V companies would probably just slap a malware label on it. Since they're actually called "BTCMine" in the Dr. Web definitions, this seems to almost certainly be the case.

I'd still use it, but then I still use Windows, so I'm not credible.

[Gabi]

Yup, usually antivirus softwares flag it as virus because there are some viruses that have them. This is idiot of course, the antivirus should detect the real virus, not the miner part!