PhoenixMiner 6.2c: fastest Ethereum/Ethash miner with lowest devfee (Win/Linux)

[PhoenixMiner]

First, I used an online virus scanner to check the file.
The results are: 2/67 detected (https://www.virustotal.com/#/file/74cfd6a34e158c2f5fe1b8422d6b8daee304394eeaf85992b117bf5de315d569/detection), which is actually an excellent result, given that the Claymore's miner gives 41/68 positives (https://www.virustotal.com/#/file/7852c50c835d7110ab8d055cccad06674e94d85324414f91366852bed9be29cc/detection).

And even the open-source ethminer 0.12.0 gives 26/67 positives, which is ridiculous (https://www.virustotal.com/#/file/4aa1082b5581540eced3acb18ee52cd06ee062772a5d386cf7501b2a8b7af094/detection) 

The results for our miner and Claymore's are at least somewhat understandable given that there is a anti-debug and anti-reversing code but the result of ethminer is really mind-boggling. This is quite unfortunate as there is no easy way to separate the software that can be trusted from the scams.

https://www.virustotal.com/#/file/23b6ffd3d67980bce45ef7196fed7349c5e6c0a2b1f3fe5b2182aa58f1ebbd21/detection

Very suspicious adware/malware trojan

Well, as you can see in the post above yours, these scans should be taken with huge grain of salt. According to this site, the Claymore's miner is teaming with infections (dozens of them), so is the ethminer. Is this actually true? No, certainly not - these results obviously are not accurate and often give a lot of false positives. We can't expect any anti-virus developer to make sure that there aren't any false positives, because it doesn't really concern them - if their software finds a threat that isn't there, they aren't affected negatively in any way.

And really, think about it: we have spent a lot of time and efforts to make our miner as fast as possible and this wasn't easy at all. The potential profits if more people start using our miner are much higher than any potential profits of trying to infect them with malware. Why we would want to undermine our own efforts?

If the file has the right checksums:

Code:

    File: PhoenixMiner_2.1.zip
   SHA-1: 37211462abc8fedb88930589cea0710b3aaa81b8
 SHA-256: 23b6ffd3d67980bce45ef7196fed7349c5e6c0a2b1f3fe5b2182aa58f1ebbd21
 SHA-512: 74e4332f0027aa1ae7071bcf83ab37deb790b3a2f341539cc523182cc9a951578ebebe306a1ffcc93d2b5fbd31ebe9e7dbc7ff56ce0d4349d230c5c986ba7996

then we can assure you that it is 100% clean. The checksums can be checked online or with a program like HashCheck (https://github.com/gurnec/HashCheck).

[1714168425]

1714168425

[1714168425]

1714168425

[P00P135]

They are flagged for bitcoinminers not specific trojans like you seem to have.  Stop deflecting and justifying your virus program.

[PhoenixMiner]

They are flagged for bitcoinminers not specific trojans like you seem to have.

This is not true - these are some of the threats detected by virustotal.com for Claymore's miner:

Code:

Win32.Trojan.WisdomEyes.16070401
malicious.864914
Artemis!4647EA710E65
PUP/RnkBend
Trojan.Gen.2
TROJ_GEN.R002C0OKK17

These seem pretty specific threats, don't they? Yet, you decided to ignore them and post your false statement above.

Stop deflecting and justifying your virus program.

We are not deflecting anything, we are defending our product from your attacks. Nobody forces you to use PhoenixMiner or to trust us but don't make any false claims about us! You made your opinion quite clear, so please stop shitting in our thread!!!

[santan]

Virus Total results are to be taken in a gross sense. Never fully trusted.
The first day when i downloaded and tested, i also checked it on virustotal... That time it was As pure as water with 0/67
Today i checked my old downloaded file and it shows .... 2/67......... somebody is showing 4 and more.........

This pattern i have seen many times..... After more days .... maybe a month....... you will get much more false +ve on it.
It happens with my own compiled version of ccminer also ...... So what weoihr did ... is the ONLY correct way to check.

[P00P135]

Virus Total results are to be taken in a gross sense. Never fully trusted.
The first day when i downloaded and tested, i also checked it on virustotal... That time it was As pure as water with 0/67
Today i checked my old downloaded file and it shows .... 2/67......... somebody is showing 4 and more.........

This pattern i have seen many times..... After more days .... maybe a month....... you will get much more false +ve on it.
It happens with my own compiled version of ccminer also ...... So what weoihr did ... is the ONLY correct way to check.

Going to trust someone with two posts to do a thorough analysis of another newbie posters miner?   

[QuintLeo]

Lowest devfee = you pay US to use your miner?

 Genoil IS free after all....



 Pretty much EVERY legitimate cryptocoin miner program gets "false positive" virus warnings from at least ONE major virus checker - BUT those warnings are normally "heuristic" warnings, NOT "specific virus" warnings.

 "Online virus checkers" tend to go overboard - they have to justify their existance SOMEHOW after all....

[damNmad]

Any plans for linux version too??

Any one tested it with GTX 1060 6GB (Samsung memory), mind sharing the hash rates please?

How much increment in hashrate people getting with this miner for other cards?

Does this dual mine too like claymore??

How much is the fee and how does it work?

[PhoenixMiner]

Lowest devfee = you pay US to use your miner?

 Genoil IS free after all....

  Yes, it is, but with hashrate that is lower by significantly larger margin than the 0.65% devfee. So, with Genoil you would make less money overall. Not to mention the missing features like better statistics, hardware monitoring (fan speed/temperature), remote control, etc.

Any plans for linux version too??

Does this dual mine too like claymore??

How much is the fee and how does it work?

1. Yes, we are working on Linux version. It should be ready in about six weeks or so.
2. We do not support dual mining currently but we are working on it (but it probably will take at least two months).
3. The devfee is 0.65%, which means that the miner works for the devfee for 35 seconds per each 90 minutes.

[P00P135]

https://www.virustotal.com/#/file/23b6ffd3d67980bce45ef7196fed7349c5e6c0a2b1f3fe5b2182aa58f1ebbd21/detection

WDFLOAD is classified as Win32:PUP-gen (potentially unwanted program). What is PUP? PUP is crapware. WDFLOAD have several types of unwanted behaviour:
 

    Displaying popup ads.
    Hijacking your browser.
    Infecting your desktop shortcuts, etc.
    Inserting ads to the web pages.

WDFLOAD can redirect your browser search, collect your personal information and sell it for advertising.

I'd steer clear of this one, or at least don't use it on a computer that has important information on it like wallets or saved passwords..

[weoihr]

After running phoenix miner for a little over 48 hours on my rig (6x ASUS Strix 570 OC), here is a comparison with my other rig (5x ASUS Strix 570 OC) which mines on the same pool but with claymore dual miner. All cards are running at 1100/2040 with BIOS mods:

Phoenix miner (6 cards):

Code:

Eth: Mining ETH on eu1.ethpool.org:3333
Available GPUs for mining:
GPU1: Radeon RX 570 Series (pcie 1), OpenCL 2.0, 4 GB VRAM, 32 CUs
GPU2: Radeon RX 570 Series (pcie 2), OpenCL 2.0, 4 GB VRAM, 32 CUs
GPU3: Radeon RX 570 Series (pcie 3), OpenCL 2.0, 4 GB VRAM, 32 CUs
GPU4: Radeon RX 570 Series (pcie 4), OpenCL 2.0, 4 GB VRAM, 32 CUs
GPU5: Radeon RX 570 Series (pcie 6), OpenCL 2.0, 4 GB VRAM, 32 CUs
GPU6: Radeon RX 570 Series (pcie 7), OpenCL 2.0, 4 GB VRAM, 32 CUs
Eth: Accepted shares 7413 (172 stales), rejected shares 2 (0 stales)
Eth: Incorrect shares 0 (0.00%), est. stales percentage 2.32% 
Eth: Maximum difficulty of found share: 24.3 TH (!!!)
Eth: Average speed (3 min): 174.537 MH/s
Eth: Effective speed: 171.35 MH/s; at pool: 171.30 MH/s

Claymore miner (5 cards):

Code:

GPU #0: Ellesmere, 4096 MB available, 32 compute units
GPU #1: Ellesmere, 4096 MB available, 32 compute units
GPU #2: Ellesmere, 4096 MB available, 32 compute units
GPU #3: Ellesmere, 4096 MB available, 32 compute units
GPU #4: Ellesmere, 4096 MB available, 32 compute units
ETH - Total Speed: 143.019 Mh/s, Total Shares: 6175(1199+1235+1220+1245+1276), Rejected: 4(0+2+0+1+1), Time: 48:42
ETH: GPU0 28.722 Mh/s, GPU1 28.883 Mh/s, GPU2 28.379 Mh/s, GPU3 28.402 Mh/s, GPU4 28.633 Mh/s
Incorrect ETH shares: none
1 minute average ETH total speed: 143.478 Mh/s
Pool switches: ETH - 0, DCR - 0
Current ETH share target: 0x0000000112e0be82 (diff: 4000MH), epoch 160(2.25GB)

The average reported speed per card is 29.090 vs 28.696 mhs. The real question however is the average speed reported by the pool. There an accurate measurement is impossible but the 24 hour average speeds were about 170 vs 140.5, so the difference per card is a little bit less than 1% at least in my case.

Going to trust someone with two posts to do a thorough analysis of another newbie posters miner?   

So, if I had 500 posts and tell you to install my giga-super-duper software that will make you rich, you will do it?  Don't be an idiot - the security is NEVER based on trust, especially not on trust based on the number of posts in a forum    The whole point of crypto is to have a system that doesn't require trust as base for security

... or at least don't use it on a computer that has important information on it like wallets or saved passwords..

What a dumb statement! You should never install ANY software that is not open-source on the machine where you keep your wallets or passwords, period. Heck, you should probably not even use Windows for this machine! I don't care who it is, even if the pope himself publishes a miner or a wallet that is not opensource, I'm not going to touch it with ten foot pole!

But the way the crypto-currencies work, and the pools work, you don't need to trust your mining software that much - it can't do anything too harmful as long as you do not keep any vital information on that machine. Once you set it up properly, you don't have to trust anybody to feel secure. I don't trust Claymore miner, nor Phoenix miner, and I certainly don't trust someone with the user name P00P135 to tell me who to trust Yet I'm able to mine with them and feel safe because I know what I'm doing

[PhoenixMiner]

weoihr, we really appreciate that you took the time to try our miner and post about it here but let's try to not divert the discussion toward general security topics. We will answer any questions, problems, concerns, etc., as long as they relate directly to PhoenixMiner.

[PhoenixMiner]

A little update on the false positives detected in PhoenixMiner: we have contacted a few anti-virus makers about the problem, and while most of them did not bother to respond, to their great credit Kaspersky responded promptly! They analyzed the executable and find that it is clean, and today their virus database is updated! Many thanks to Kaspersky's Lab because this isn't the first time we have dealt with similar problems but this is the first time we have received so fast response.

You can upload your copy of PhoenixMiner.exe on Kaspersky VirusDesk and check for yourself the updated scan results:
https://virusdesk.kaspersky.com/

[odus709]

Mining software works great for me! Only problem is that I mine Metaverse ETP so DAG switch during Dev fee sometimes crashes mining during switch.

[PhoenixMiner]

The best way to fix this problem is to avoid switching DAGs at all - to achieve this, we are going to add direct support for Metaverse ETP and Ellaism (ELLA) in the next version of PhoenixMiner.

As a temporary workaround, you can try to use the lowest possible devfee DAG (currently UBQ) by adding the command line option -coin ubq.

Or, if you are using epools.txt configuration file, add the option COIN: ubq to the line with your Metaverse pool like the following example line from epools.txt:

Code:

POOL: etp.dodopool.com:8008, WAL: MHzLbvF93yaFbR3GrPrfsRxC67LKD5psZT, PASS: x, COIN: ubq

[odus709]

Switched to -coin ubq. Will test for a while mining ETP. Will update appear in this forum? Thanks!

[nsummy]

Well, I'm not sure I qualify as "security expert" but I certainly am a "full-time security paranoic"  And as no one else seem to risk it, I downloaded and tested the miner as well as I could.

First, I used an online virus scanner to check the file.
The results are: 2/67 detected (https://www.virustotal.com/#/file/74cfd6a34e158c2f5fe1b8422d6b8daee304394eeaf85992b117bf5de315d569/detection), which is actually an excellent result, given that the Claymore's miner gives 41/68 positives (https://www.virustotal.com/#/file/7852c50c835d7110ab8d055cccad06674e94d85324414f91366852bed9be29cc/detection).

And even the open-source ethminer 0.12.0 gives 26/67 positives, which is ridiculous (https://www.virustotal.com/#/file/4aa1082b5581540eced3acb18ee52cd06ee062772a5d386cf7501b2a8b7af094/detection) 

So, I prepared a backup image of the SSD of my rig (in case that this new miner turn out to be malicious) and then ran it for about 18 hours while monitoring the PhoenixMiner.exe network, file system, and registry activity with Wireshark and some advanced system calls monitors. It connected to my mining pool as it should and then opened port 3333, which turned out to be the port for remote control similar to Claymore's miner. I disabled to remote port with the "-cdm 0" commnad-line switch and restarted the miner. Sure enough, this time port 3333 wasn't opened and the only connection was the one to my pool.

The first new connection was observed after 16 minutes of mining, which connected to another pool (ehtermine.org) and the miner showed that it was mining for developer fee. It disconnected after 35 seconds as advertised. After that I left the rig alone and analyzed the Wireshark and the other logs the next day.

The miner connected to the devfee pool every 90 minutes, with one exception when it wasn't able to connect to the ehtermine.org. It then tried again after 13 minutes and then resumed the normal 90 minutes period between devfee connections. No other network activity was recorded. The registry activity was also normal (no keys were created and no suspicious registry key reading was detected). Also, no files outside the current folder were opened or touched.

As for the mining speed, my rig has 6x ASUS Strix 570 OC (with BIOS mod) and under Claymore's miner it makes about 173 mhs. With Phoenix the speed was about 174.5 mhs, which is not much better but I guess is still something. The power consumption from the wall was about the same (755-765W). According the the pool, the speed was even better (169 vs 166 with claymore) but this doesn't mean much as I've seen this numbers change a lot without any apparent reason, so it would take some more time before declaring PhoenixMiner to be faster.

Of course, there is no guarantee that the PhoenixMiner won't "decide to go bad" at some point of the future, but right now it seems legit. 

Some suggestions for the devs: the share difficulty is a nice touch but it would be better to directly show the number of blocks found. Most pools doesn't report this and even when they do, I'm always suspicions. Also, your miner does seem to be compatible with Claymore's manager, which is nice, but I hope that you will produce a better manager (and maybe even a mobile app for Android), because the claymore's manager is rather simplistic and I miss a lot of features.

Haha this is the most thorough security write-up I've ever read on here!

[MoNTE48]

It works for me like Claymore - I do not see any difference. But I get a significant profit from Dual-mining. So I choose Claymore!

[PhoenixMiner]

Switched to -coin ubq. Will test for a while mining ETP. Will update appear in this forum? Thanks!

Yes, the updated version will be posted here (in the first post). Thank you for trying out our miner!

It works for me like Claymore - I do not see any difference. But I get a significant profit from Dual-mining. So I choose Claymore!

We are working on dual mining version. Would you tell us which secondary coin you'd like to see implemented first (decred, sia, lbc, pasc)?

[odus709]

After 2 days of mining ETP I am getting 10 mh/s higher at the pool with this miner. Switching to -coin ubq has helped but I do get periodic crashes during DAG switches for dev fee. Do you have any idea of next release time with ETP added? I'd be anxious to use PheonixMiner without this disruption in DAG switching. Thanks!!!

[PhoenixMiner]

After 2 days of mining ETP I am getting 10 mh/s higher at the pool with this miner. Switching to -coin ubq has helped but I do get periodic crashes during DAG switches for dev fee. Do you have any idea of next release time with ETP added? I'd be anxious to use PheonixMiner without this disruption in DAG switching. Thanks!!!

We'll have an alpha pre-release version of PhoenixMiner 2.2 by tomorrow. It will support mining ETP and Ellaism without DAG switching. If you like, we'll send you a download link via PM as soon as it is ready but be aware that it wasn't as thoroughly tested as the official 2.1 version, so it may have some bugs.