mishax1 (OP)
Legendary
 Offline
Activity: 2898
Merit: 1017
|
 |
July 06, 2013, 06:42:58 PM |
|
|
|
|
|
|
|
|
|
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Tamis
|
|
July 06, 2013, 07:09:44 PM |
|
Those are false positive !
But you need to be careful where you download your clients though.
|
|
|
|
|
|
MrBilling
|
|
July 06, 2013, 09:42:35 PM |
|
I have a paid for Eset subscription. I have used almost every mining program known to man and have never had Eset say anything was suspicious.
|
|
|
|
|
pgbit
Sr. Member
Offline
Activity: 771
Merit: 258
Trident Protocol | Simple «buy-hold-earn» system!
|
|
July 06, 2013, 10:01:52 PM |
|
I get the same downloading litecoin scrypt with Bitdefender, and did some digging. Virustotal is a useful site, it looks at lots of virus scanning tools, and gives you a pooled result. Looking at: guiminer-scrypt_win32_binaries_v0.04.zip it gives this result below. 18/37 virus alerts for litecoin mining client(!) Bitdefender blocks guiminer for litecoin running, and deletes the guiminer.exe file so no mining permitted.
Looking closer, the CI.A alert from Panda raises concerns:
"Trj/CI.A is a Trojan, which although seemingly inoffensive, can actually carry out attacks and intrusions: screenlogging, stealing personal data, etc.
Trj/CI.A uses the following propagation or distribution methods:
Exploiting vulnerabilities with the intervention of the user: exploiting vulnerabilities in file formats or applications. To exploit them successfully it needs the intervention of the user: opening files, viewing malicious web pages, reading emails, etc.
It is dropped or downloaded to the computer by other malware specimens, for example: Multidropper.RGN, Dropper.XW, Multidropper.RHU, Multidropper.RIS, Multidropper.RLF, Multidropper.RMA, Multidropper.RMB."
I'd like to mine litecoins, but this needs sorting out first...
Comments and tips on safe ways to mine litecoins appreciated.
-----------------------Truncated output from virustotal:-----------------------------
SHA256: aa6f0b036cb71686d12a83d5196f8c6b75f088bfaa46bb1dcb78204264feb385
File name: guiminer-scrypt_win32_binaries_v0.04.zip
Detection ratio: 18 / 37
Analysis date: 2013-07-06 13:18:17 UTC ( 8 hours, 27 minutes ago )
Agnitum RiskTool.BitCoinMiner!FwFs5XwI1os 20130705
AntiVir SPR/BitCoin.G 20130706
Antiy-AVL NetTool/Win32.Sniffer 20130706
Avast 20130706
AVG 20130706
BitDefender Trojan.GenericKDV.1001299 20130701
Commtouch W32/Trojan.WENJ-5448 20130706
Comodo UnclassifiedMalware 20130706
Emsisoft Trojan.GenericKDV.1001299 (B) 20130706
eSafe 20130703
ESET-NOD32 probably a variant of Win32/BitCoinMiner.N 20130706
F-Prot 20130706
F-Secure 20130706
Fortinet W32/BitCoinMiner.N 20130706
GData Trojan.GenericKDV.1001299 20130706
Ikarus not-a-virus:NetTool.Win32.Sniffer 20130706
Kaspersky not-a-virus:NetTool.Win32.Sniffer.dz 20130706
Kingsoft VIRUS_UNKNOWN 20130506
Malwarebytes PUP.BitCoinMiner 20130706
McAfee Artemis!CDC7F0BD120B 20130706
McAfee-GW-Edition 20130706
Microsoft 20130706
MicroWorld-eScan 20130706
NANO-Antivirus 20130706
Norman Troj_Generic.KWOTF 20130706
nProtect 20130705
Panda Trj/CI.A 20130706
VIPRE Trojan.Win32.Generic!BT 20130706
|
| .
SECONDLIVE | | | │ | | | | | | │ | | | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ S T A K E L I T T L E W I N B I G ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▄▄███████▄▄▄
▄▄████████████████▄▄
██████████████████████▄
████████▀▀▀██████████████
███████▌ ▀█████████████
████████▀ ▀▀▄▄██▀▀▀██████████
███████ ▀████████
███████▄ ████████
████████▄▄ ▄████████
███████████▄▄▄▄██████████
▀█████████████████████▀
▀████████████████▀▀
██████████████████████ |
|
|
|
|
i3lome
|
|
July 06, 2013, 10:09:38 PM |
|
Id make sure they were false possitives, I had several trojan alerts from random miners with Kaspersky. I re-downloaded the Miners from dev websites. Know I get the alert, saying This software has been known to be used in background without users knowlegde. If you installed the software Ignore the warning.
So there is bad copies floating around, make sure you get the miners from the developers site. Not mirrors or torrent
|
|
|
|
|
crazyates
Legendary
Offline
Activity: 952
Merit: 1000
|
|
July 06, 2013, 10:29:57 PM |
|
Ive have both Malwarebytes and MSE flag CGMiner as viruses, even tho I've downloaded them directly from CK's website. As long as you know where they came from, ignore your AV.
EDIT: I should also say: I haven't had a virus on any of my computers in 3 years, but we get customers all the time with them, so I'd like to think I know how to stay keep my computers safe.
|
|
|
|
|
Trillium
|
|
July 07, 2013, 08:17:49 AM |
|
The problem is that some of the code for the miners we want to use is exactly the same code that has been used to create bitcoin mining botnets. The botnet software on the infected clients gets reported to the AV companies, and it all gets blacklisted.
But yes you should always be careful when you download clients and miners, especially on new altcoins.
|
BTC:1AaaAAAAaAAE2L1PXM1x9VDNqvcrfa9He6 |
|
|
Mr.Dreamanonym
Newbie
Offline
Activity: 56
Merit: 0
|
|
July 07, 2013, 05:54:52 PM |
|
Be careful even when you are not immune to small malignant sending viruses!
|
|
|
|
|
|
Lucky - Luciano
|
|
July 08, 2013, 03:15:19 PM |
|
I have the same situation with CGMiner. Bit Defender (probably the best anti-virus ) and G-Data say CGMiner infected. BitDefender according to a study by AV-Comparatives best antivirus for years. I wrote to technical support to see if CGMiner false positives. I said I only Bitdefender version 2.10. not identified as infected. After checking, Bit Defender is version 2.10. marked infected . I received the following response:
Thank you for your patience and we apologize for the delay of our answer.
The analysis of the file has been completed and the detections will remain for
now due to its bitcoin mining abilities.
Please let me know if I can further assist you.
Have a nice day!
Kind regards,
Andrei Onciu
Bitdefender Technical Support Engineer
|
|
|
|
|
|
rayfloyd
|
|
July 08, 2013, 03:21:16 PM |
|
I have the same situation with CGMiner. Bit Defender (probably the best anti-virus ) and G-Data say CGMiner infected. BitDefender according to a study by AV-Comparatives best antivirus for years. I wrote to technical support to see if CGMiner false positives. I said I only Bitdefender version 2.10. not identified as infected. After checking, Bit Defender is version 2.10. marked infected . I received the following response:
Thank you for your patience and we apologize for the delay of our answer.
The analysis of the file has been completed and the detections will remain for
now due to its bitcoin mining abilities.
Please let me know if I can further assist you.
Have a nice day!
Kind regards,
Andrei Onciu
Bitdefender Technical Support Engineer
So anything mining bitcoins is a virus to them  |
|
|
|
Zanatos666
Sr. Member
Offline
Activity: 280
Merit: 250
Sometimes man, just sometimes.....
|
|
July 08, 2013, 04:06:11 PM |
|
I have the same situation with CGMiner. Bit Defender (probably the best anti-virus ) and G-Data say CGMiner infected. BitDefender according to a study by AV-Comparatives best antivirus for years. I wrote to technical support to see if CGMiner false positives. I said I only Bitdefender version 2.10. not identified as infected. After checking, Bit Defender is version 2.10. marked infected . I received the following response:
Thank you for your patience and we apologize for the delay of our answer.
The analysis of the file has been completed and the detections will remain for
now due to its bitcoin mining abilities.
Please let me know if I can further assist you.
Have a nice day!
Kind regards,
Andrei Onciu
Bitdefender Technical Support Engineer
So anything mining bitcoins is a virus to them BFGMiner doesnt flag as a virus for my ESET or anything else. I am guessing Luke Jr changed around some of that code to correct this problem. |
Squiggly letters, written really fast, with a couple of dots for good measure.
|
|
|
|
wpgdeez
|
|
July 11, 2013, 07:38:06 PM |
|
Do a trace log of the network traffic and see if anything suspicious stand out.
|
|
|
|
|
CWO
Newbie
Offline
Activity: 10
Merit: 0
|
|
July 13, 2013, 01:11:38 AM |
|
If downloaded from the developer site and you are using these miners directly with flags you specify, then everything is fine. These miners themselves can be run without ever showing a window or taskbar icon meaning that someone can write a program in seconds that can run this on your computer without you ever knowing it (except when you check why your CPU/GPU are running slow or acting up). And since crypto-currency is actual money that could be made, those who have control of thousands of infected computers can run these miners to mine on those computers on their behalf. This is why these programs are flagged. Not because the programs themselves are illegitimate, but because they could be and likely have been used in illegitimate ways.
|
|
|
|
|
|
