Agozyen (OP)
Sr. Member
 Offline
Activity: 672
Merit: 252
Until the end
|
 |
July 01, 2011, 01:11:42 PM |
|
I have has GUIMiner installed for a few weeks now and have had no problems so far. Just a few minutes ago Bitdefender warned me of the following - Trojan.Generic.KD.273364 in GUIminer/miners/ufasoft/bitcoin-miner.exe To my knowledge Bit Defender has scanned this system several times since I installed GUIMiner and hasn't given me any hits until today. GUIMiner is presently up and running as normal and I never went in and ran bitcoin-miner.exe. I don't know if this was a false positive or something to be worried about, but I wanted to pass along just in case. Does anyone else have problems with false positives or real trojans? Edit - just read on another post where it's a false positive. http://forum.bitcoin.org/index.php?topic=15765.0 |
|
|
|
|
|
|
|
|
|
|
|
|
|
TalkImg was created especially for hosting images on bitcointalk.org: try it next time you want to post an image
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 01, 2011, 01:17:50 PM |
|
This is probably a consequence of botnet operators putting Bitcoin mining software on compromised computers to steal themselves a little bit of mining time.
When the owners of the hijacked computers find the compromise, they often submit the unwanted files to AV companies as samples, who add signatures to their AV software to detect the unwanted files. This has the unfortunate side effect of having Bitcoin miners being flagged as malware.
The bitcoin miner isn't malware if you are intentionally mining. Only if you have no idea what Bitcoin is, or what mining is, would you consider a miner to be unwanted software.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
Bert
|
|
July 01, 2011, 01:19:15 PM
Last edit: July 01, 2011, 03:09:17 PM by Bert |
|
If the exe file is less than 20MB I would upload it here to test it against multiple virus scanners just to be sure http://www.virustotal.com/EDIT: I downloaded the latest windows binary and uploaded it. Filename : bitcoin-miner.exe
File size: 743936 bytes
CRC-32 : 4efcecce
MD4 : 1d0a80565e94243cdac6e056e0cecf10
MD5 : 54e328364335553807a670eb3dd137b1
SHA1 : bba0fa29f13c0cc4f20a165181cfae8668c32674
SHA256 : 9bae29593488e652f08e05882c0accd8159fd77fce3209119856287fda27abb6 And only 3 out of 41 Antivirus programs pick it up, but it is flagged as goodware - Safety score: 100.0% http://www.virustotal.com/file-scan/report.html?id=9bae29593488e652f08e05882c0accd8159fd77fce3209119856287fda27abb6-1309525830AntiVir 7.11.10.191 2011.07.01 SPR/Tool.BitCoinMiner.a
Fortinet 4.2.257.0 2011.07.01 HackerTool/BitCoinMiner
Kaspersky 9.0.0.837 2011.07.01 not-a-virus:RiskTool.Win32.BitCoinMiner.a So false positive, I'd be inclined to agree with casascius's assessment. Virustotal might not have updated bitdefender yet, as it doesn't flag it: "BitDefender 7.2 2011.07.01 -" |
Tip jar: 1BW6kXgUjGrFTqEpyP8LpVEPQDLTkbATZ6
|
|
|
zybron
Member
Offline
Activity: 66
Merit: 10
|
|
July 01, 2011, 01:24:10 PM |
|
I use GUIMiner and my version of that file is 727Kb, in case that helps in determining if your version might be compromised. I'd definitely upload it to a virus scanner as suggested above, just to be sure.
|
|
|
|
lechuck
Member
Offline
Activity: 85
Merit: 10
|
|
July 01, 2011, 03:06:25 PM |
|
some Avs are weird.. whydo they categorize miners as "hackertools" or "riskyware"?
|
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
July 01, 2011, 03:14:34 PM |
|
some Avs are weird.. whydo they categorize miners as "hackertools" or "riskyware"?
Risk tool generally means legitimately published software that isn't malicious but that the average computer user probably doesn't want, and that might be there for a malicious purpose if the user doesn't know about it. Legitimate FTP servers, proxy servers, remote access software, and such fall in this category too, same with those "spy on your spouse" keylogging/screenshot grabbing sort of programs as well. Given that definition, a bitcoin miner would definitely fit. Other names for the same thing include PUP (potentially unwanted program). |
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
|
Kiv
|
|
July 01, 2011, 03:51:03 PM |
|
I would recommend that people only download GUIMiner from my forum thread or the official GitHub page. I guarantee there is nothing bad in there, I write this software only because I want to see Bitcoin succeed. There were indeed a couple reports of false positive about it, but it's nothing to worry about
If you get the executable from somewhere else on the Internet (even if it says GUIMiner) I can't guarantee someone hasn't tampered with it. It would be trivial for someone to download a clean copy and attach their own trojan to it.
|
|
|
|
|
Forp
|
|
August 07, 2011, 10:27:35 AM |
|
@Kiv, just as information: Now it is Norton Internet Security, which also reports your 2011-07-11 version of GUIMiner, downloaded from Github.
|
|
|
|
|
Ketzer2002
Newbie
Offline
Activity: 4
Merit: 0
|
|
August 07, 2011, 02:05:20 PM |
|
Yeah, I've seen that too for NIS on the Computer of a friend of mine. He also said this: Trojan.Generic.KD.273364 in GUIminer/miners/ufasoft/bitcoin-miner.exe I think it would be the best to work without the ufasoft miner as long as there is no clearance about it. @KIV maybe you can temporarly skip the ufasoft miner out of your guiminer package until the problem with the warnings is solved... Best Regards. Boris http://www.bitcoin-server.de |
|
|
|
|
Bitcoin_Bing
Newbie
Offline
Activity: 46
Merit: 0
|
|
November 16, 2012, 03:56:27 AM
Last edit: November 16, 2012, 05:55:16 AM by Bitcoin_Bing |
|
Avast keeps on deleting a file (trojan) which makes the miner non responsive to start. I have been mining solidly for two months without hassle. Now this (16 Nov 2012)?  Had to disable all shields for 10 minutes and reinstall guiminer. Then activated the shield again. Update: Forgot to mention. Avast wanted to do a boot time scan after detecting the "trojan" |
|
|
|
|
|
