Bitcoin Forum
May 07, 2024, 02:54:17 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Beginners & Help > Norton Internet Security reports Trojan.ADH.2 in cgminer.exe
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe  (Read 2778 times)
scrypt (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
April 13, 2013, 12:05:03 AM
 #1
Yesterday my Norton Internet Security started reporting Trojan.ADH.2 in the guiminer-scrypt_win32_binaries_v0.02\cgminer\cgminer.exe  Embarrassed
So, I made a small research. I downloaded all currently available binaries from the cgminer's distribution site http://ck.kolivas.org/apps/cgminer and checked them against Dr.Web online scanner, Norton Internet Security and Microsoft Security Essentials.

Here are my results:

fileMD5   Dr.Web online scanner (records:3841735)   Norton Internet Security (definitions version 20130412.006)   MS Security Essentials (definition: 1.147.1650.0)
cgminer-2.10.0-win32\cgminer.exe8a877908c8dd8586651ce9b67b70e1d4   Clean   Clean   Clean
cgminer-2.10.1-win32\cgminer.exeaf60f0da905591f0a3eb6167f27d7228   Clean   Clean   Clean
cgminer-2.10.2-win32\cgminer.exe08fa1a5b4870e7d1ec7482fdfb1a54c3   contains an intrusion tool Tool.BtcMine.73Clean   Clean
cgminer-2.10.3-win32\cgminer.exea1d392aeb8eaa3571f009f53cb6b743f   contains an intrusion tool Tool.BtcMine.81Clean   Clean
cgminer-2.10.4-win32\cgminer.execdbb2d86ac108d86dc9ee673ba18d424   Clean   Clean   Clean
cgminer-2.10.5-win32\cgminer.exe61d0fdbddb8763b79054001f591d071a   contains an intrusion tool Tool.BtcMine.82Trojan.ADH.2Clean
cgminer-2.11.0-win32\cgminer.exefc4301342f941a6c3309965f850a0c78    infected with Trojan.BtcMine.67Clean   Clean
cgminer-2.11.1-win32\cgminer.exef899dc08f4255fc9454886886669c5a8   Clean   Clean   Clean
cgminer-2.11.2-win32\cgminer.exe48fbb86864a6112672238905dc0e90cb   contains an intrusion tool Tool.BtcMine.87Trojan.ADH.2Clean
cgminer-2.11.3-win32\cgminer.exe3b583432257425f4b57daf9c39a8675d   infected with Trojan.BtcMine.76Clean   Clean
cgminer-2.11.4-win32\cgminer.exeeedf9d5b3f2ccf830b4fb0e4c1631cbe   Clean   Trojan.ADH.2Clean

It will be nice to hear from author about origins of these threats.
1715050457
Hero Member
*
Offline Offline

Posts: 1715050457

View Profile Personal Message (Offline)

Ignore
1715050457
1715050457
Reply with quote  #2
1715050457
Report to moderator
1715050457
Hero Member
*
Offline Offline

Posts: 1715050457

View Profile Personal Message (Offline)

Ignore
1715050457
1715050457
Reply with quote  #2
1715050457
Report to moderator
1715050457
Hero Member
*
Offline Offline

Posts: 1715050457

View Profile Personal Message (Offline)

Ignore
1715050457
1715050457
Reply with quote  #2
1715050457
Report to moderator
Activity + Trust + Earned Merit == The Most Recognized Users on Bitcointalk
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1715050457
Hero Member
*
Offline Offline

Posts: 1715050457

View Profile Personal Message (Offline)

Ignore
1715050457
1715050457
Reply with quote  #2
1715050457
Report to moderator
1715050457
Hero Member
*
Offline Offline

Posts: 1715050457

View Profile Personal Message (Offline)

Ignore
1715050457
1715050457
Reply with quote  #2
1715050457
Report to moderator
1715050457
Hero Member
*
Offline Offline

Posts: 1715050457

View Profile Personal Message (Offline)

Ignore
1715050457
1715050457
Reply with quote  #2
1715050457
Report to moderator
ASICPool
Member
**
Offline Offline

Activity: 80
Merit: 10



View Profile
April 13, 2013, 12:22:16 AM
 #2
This is because of other malware utilizing CGMiner to download said program, making the virus detection associate CGMiner with the trojan.
scrypt (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
April 13, 2013, 08:27:17 PM
 #3
Not really. Association is not by file name "cgminer.exe", but by sequence of bytes inside the file. There is the reason of MD5 in the table. The files are directly from the http://ck.kolivas.org, so....
Kluge
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1015



View Profile
April 13, 2013, 08:48:57 PM
 #4
If I'm remembering right, it is not uncommon for mining software to get tagged by AV software.

Mining software uses tons of resources (whether CPU or GPU). If CGMiner were installed without consent and then used to mine for the attacker, most A/V companies would probably just slap a malware label on it. Since they're actually called "BTCMine" in the Dr. Web definitions, this seems to almost certainly be the case.

I'd still use it, but then I still use Windows, so I'm not credible.
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
April 13, 2013, 08:56:45 PM
 #5
Yup, usually antivirus softwares flag it as virus because there are some viruses that have them. This is idiot of course, the antivirus should detect the real virus, not the miner part!

░░░░░░░░▄█▀░░░░░▀█▄░░░░░░░
░░░░░░▄██▀░░░░░░░▀██▄░░░░░
░░░░░▄███░░░░░░░░▄███▄░░░░
░░░░░▄████▄█████▄█████░░░░
░░▄████████▀▀▀▀████████░░
▄███▀██████▄▄██████▀███▄
▄██▀▄██▀▀███▀███▀▀██▄▀██
▀█░░░▀██░░░▀█▄█▀░░▄██▀░░░
░░░░░░▀██▄▄███▄▄██▀░░░░░
░░░░░░░▀███████████▀░░░░░░
░░░░░░░▄█████████▄░░░░░
░░░▀█▄████▀▀░░░▀▀████▄█▀░░
..
Pages: [1]
  Print  
Bitcoin Forum > Other > Beginners & Help > Norton Internet Security reports Trojan.ADH.2 in cgminer.exe
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!