Bitcoin Forum
December 08, 2016, 08:16:49 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: NEW GUIMINER with TROJAN ??!!!!  (Read 4348 times)
cokein
Newbie
*
Offline Offline

Activity: 11


View Profile
July 12, 2011, 12:04:22 PM
 #1

Following the thread:

http://forum.bitcoin.org/index.php?topic=3878.0

as linked i've downloaded GUIMINER-20110701.exe (for windows)

(https://github.com/downloads/Kiv/poclbm/guiminer-20110701.exe)

mcafee found a trojian label as "Generic.tfr!d".

(the file reported infected is: \guiminer\miners\ufasoft\bitcoin-miner.exe)


It's a FALSE POSITIVE ?! (i don't belive so) or GITHUB has been cracked by someone who wants to spread some kind of viruses ?!

BE CAREFUL!!!!

coke~
1481185009
Hero Member
*
Offline Offline

Posts: 1481185009

View Profile Personal Message (Offline)

Ignore
1481185009
Reply with quote  #2

1481185009
Report to moderator
1481185009
Hero Member
*
Offline Offline

Posts: 1481185009

View Profile Personal Message (Offline)

Ignore
1481185009
Reply with quote  #2

1481185009
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481185009
Hero Member
*
Offline Offline

Posts: 1481185009

View Profile Personal Message (Offline)

Ignore
1481185009
Reply with quote  #2

1481185009
Report to moderator
1481185009
Hero Member
*
Offline Offline

Posts: 1481185009

View Profile Personal Message (Offline)

Ignore
1481185009
Reply with quote  #2

1481185009
Report to moderator
Coolhwip
Member
**
Offline Offline

Activity: 119


View Profile
July 12, 2011, 12:13:58 PM
 #2

Yes, it is a false positive. Do not panic dear newb.
bitfreak!
Legendary
*
Offline Offline

Activity: 1514


electronic [r]evolution


View Profile WWW
July 12, 2011, 12:16:03 PM
 #3

Yes, it is a false positive. Do not panic dear newb.
I wouldn't risk downloading it until we can be sure.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
bitfreak!
Legendary
*
Offline Offline

Activity: 1514


electronic [r]evolution


View Profile WWW
July 12, 2011, 12:23:59 PM
 #4

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
cokein
Newbie
*
Offline Offline

Activity: 11


View Profile
July 12, 2011, 12:42:07 PM
 #5

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

Indeed I belive this is not a false positive.

No problems occurred on the older version of guiminer until now. It's sooo suspicius...

Nobody can test it with other antivirus !?

thanks

by
newbe (but not troll Smiley

cokein
Newbie
*
Offline Offline

Activity: 11


View Profile
July 12, 2011, 12:44:29 PM
 #6


http://www.virustotal.com/file-scan/report.html?id=7d6bdd15d6f43b736c3be71ef72a1ee41a770d6dca1f278754e6470d6e4dda98-1310371175

false positive "una cippa" as we say in italy! ^__^

try at ur risk!!!

Smiley
nioctib1
Newbie
*
Offline Offline

Activity: 9


View Profile
July 12, 2011, 01:23:02 PM
 #7

The odd pattern of sending and receiving data that miners follow always makes antivirus software suspicious. Even the official bitcoin software drives Microsoft security essentials nuts. That being said, I'm not about to go install this software on my computer until smarter people than myself figure it out.

1CCZRaToU5RH5PWNdSt5b92kDB9SFndiFJ
kidage
Jr. Member
*
Offline Offline

Activity: 42


View Profile
July 12, 2011, 01:28:05 PM
 #8

Win32/Spy.CoinBit.E  Undecided

Donations are welcome : 16ZKaVmah6YJoqqegjBj1aMFT7jNDCCapr

Anonymous Cash-By-Mail Exchange: https://www.bitcoin2cash.com
drawoc
Full Member
***
Offline Offline

Activity: 168

Firstbits: 175wn


View Profile
July 12, 2011, 01:54:09 PM
 #9

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

Note that there have been a number of Trojans lately that include Bitcoin miners - the trojan infects people's computers, and mines for whoever controls the botnet. I'm willing to bet that this is a false positive, and because GUIMiner contains the ability to mine bitcoins (as it should), it's being falsely marked as one of the bitcoin mining trojans.

I haven't actually taken a look, but I would guess it's harmless.

Donate: 175WNXmJ1WVhFgVGKUqEhYtAQGRYAvqPA
bitfreak!
Legendary
*
Offline Offline

Activity: 1514


electronic [r]evolution


View Profile WWW
July 12, 2011, 02:29:27 PM
 #10

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

Note that there have been a number of Trojans lately that include Bitcoin miners - the trojan infects people's computers, and mines for whoever controls the botnet. I'm willing to bet that this is a false positive, and because GUIMiner contains the ability to mine bitcoins (as it should), it's being falsely marked as one of the bitcoin mining trojans.

I haven't actually taken a look, but I would guess it's harmless.
That's what I was thinking too. But like you said, there are some new miner trojans being released, and I wouldn't download this without being 100% sure.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
July 12, 2011, 04:14:23 PM
 #11

This is antivirus software doing bad stuff like it normally does. With names assigned to it like "Win32/Spy.CoinBit.E", and "PUA.Tool.Ufasoft.BitCoinMiner" the antivirus companies have specifically added guiminer to their antivirus software list. PUA = Potentially Unwanted Application, because Bitcoin mining software can be covertly installed on someone's computer, and you would want to be alerted if you didn't know it was there (but certainly not to have it auto-deleted, I've got lots of stuff AV software wants to delete off my computer, but these programs work just as intended and are not viruses or trojans)

x0Jakeyboy0x
Full Member
***
Offline Offline

Activity: 214



View Profile
July 12, 2011, 06:18:41 PM
 #12

This is antivirus software doing bad stuff like it normally does. With names assigned to it like "Win32/Spy.CoinBit.E", and "PUA.Tool.Ufasoft.BitCoinMiner" the antivirus companies have specifically added guiminer to their antivirus software list. PUA = Potentially Unwanted Application, because Bitcoin mining software can be covertly installed on someone's computer, and you would want to be alerted if you didn't know it was there (but certainly not to have it auto-deleted, I've got lots of stuff AV software wants to delete off my computer, but these programs work just as intended and are not viruses or trojans)

Just because an application works as intended does not mean it is not infected with a virus. That's not to imply however i feel this is or isn't a virus, but i must say Bitcoin is a perfect front end for one. Anyone wanting to let a virus connect to any IP address and not be questioned who's on the other side would find Bitcoin quite accommodating, especially with its growing popularity and not an especially tech savvy crowd.

So the moral of the story is, don't trust some random people telling you it's a false positive or blame the antivirus software for flagging it as a possible problem.

1Jakey5Lum1P3XEh8b5UZvziNVn5eXc9dX
deepceleron
Legendary
*
Offline Offline

Activity: 1470



View Profile WWW
July 12, 2011, 08:07:37 PM
 #13

This is antivirus software doing bad stuff like it normally does. With names assigned to it like "Win32/Spy.CoinBit.E", and "PUA.Tool.Ufasoft.BitCoinMiner" the antivirus companies have specifically added guiminer to their antivirus software list. PUA = Potentially Unwanted Application, because Bitcoin mining software can be covertly installed on someone's computer, and you would want to be alerted if you didn't know it was there (but certainly not to have it auto-deleted, I've got lots of stuff AV software wants to delete off my computer, but these programs work just as intended and are not viruses or trojans)

Just because an application works as intended does not mean it is not infected with a virus. That's not to imply however i feel this is or isn't a virus, but i must say Bitcoin is a perfect front end for one. Anyone wanting to let a virus connect to any IP address and not be questioned who's on the other side would find Bitcoin quite accommodating, especially with its growing popularity and not an especially tech savvy crowd.

So the moral of the story is, don't trust some random people telling you it's a false positive or blame the antivirus software for flagging it as a possible problem.
You haven't applied that much critical thought here. Just a handful of antivirus programs identify the ufasoft miner, and they identify by name because of its potential of being installed without user's knowledge. The source code is available at the author's site, you can download it right here. You can inspect the source code for virus-like behavior, and if you build it in the same development environment as the author, you will likely get similar virus warnings on the exe.

All mining software that is widely used is open source and hosted at sites like github, where source changes are transparent. The only people that are going to be infected are the greedy that fall for "new hacked miner triples your winnings" trojans.

BitcoinPorn
Hero Member
*****
Offline Offline

Activity: 560


Posts: 69


View Profile WWW
July 12, 2011, 08:14:22 PM
 #14

Basically, there is no reason to fear Smiley

Even knowing that, with this thread labeled like this, even I'm fearful of downloading Sad

mc_lovin
Legendary
*
Offline Offline

Activity: 1134


www.bitcointrading.com


View Profile WWW
July 12, 2011, 08:34:45 PM
 #15

what are the benefits of the new version over the 5-21 version?

Joric
Member
**
Offline Offline

Activity: 67


View Profile
July 12, 2011, 09:20:36 PM
 #16

I've got a spam with a link to http://l5b.net/Bitcoin-Speed-Miner/
Tried to report it and it but it deleted all content almost instantly.
Theres a virus scan result: http://www.virustotal.com/file-scan/report.html?id=f12452151625d1e7c7f44a068a75dd8ff5b0e6e38128d62480b7c03082d796e4-1310311069
Resources I've used:
https://supportcenter.godaddy.com/Abuse/SpamReport.aspx (domain belongs to godaddy, as always)
http://www.google.com/safebrowsing/report_phish/
http://stopbadware.org/

1JoricCBkW8C5m7QUZMwoRz9rBCM6ZSy96
lodcrappo
Hero Member
*****
Offline Offline

Activity: 588


View Profile WWW
July 12, 2011, 10:07:07 PM
 #17

seems fine here

If you want to support further development of BAMT (http://bamter.org/):  1PoRYaGS56ksQmK7XXLurW3B2zwCAE8PRc
Forp
Full Member
***
Offline Offline

Activity: 198


View Profile
August 07, 2011, 10:23:22 AM
 #18

+1

guiminer-2011-07-11.exe from github user Kiv reports as virus on Norton Internet Security; no further useful details.
PLaci1982
Full Member
***
Offline Offline

Activity: 168


Live long and prosper. \\//,


View Profile
August 07, 2011, 11:39:01 AM
 #19

False positive!

https://bitcointalk.org/index.php?topic=33517.0

Hardware Expert / WinXP, Win7 Expert

1J5oPkyGVdb4mv44KGZQYsHS2ch6e1t4rc
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!