NEW GUIMINER with TROJAN ??!!!!

[cokein]

Following the thread:

http://forum.bitcoin.org/index.php?topic=3878.0

as linked i've downloaded GUIMINER-20110701.exe (for windows)

(https://github.com/downloads/Kiv/poclbm/guiminer-20110701.exe)

mcafee found a trojian label as "Generic.tfr!d".

(the file reported infected is: \guiminer\miners\ufasoft\bitcoin-miner.exe)


It's a FALSE POSITIVE ?! (i don't belive so) or GITHUB has been cracked by someone who wants to spread some kind of viruses ?!

BE CAREFUL!!!!

coke~

[Coolhwip]

Yes, it is a false positive. Do not panic dear newb.

[bitfreak!]

Yes, it is a false positive. Do not panic dear newb.

I wouldn't risk downloading it until we can be sure.

[bitfreak!]

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

[cokein]

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

Indeed I belive this is not a false positive.

No problems occurred on the older version of guiminer until now. It's sooo suspicius...

Nobody can test it with other antivirus !?

thanks

by
newbe (but not troll

[cokein]

http://www.virustotal.com/file-scan/report.html?id=7d6bdd15d6f43b736c3be71ef72a1ee41a770d6dca1f278754e6470d6e4dda98-1310371175

false positive "una cippa" as we say in italy! ^__^

try at ur risk!!!

[kidage]

Win32/Spy.CoinBit.E 

[drawoc]

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

Note that there have been a number of Trojans lately that include Bitcoin miners - the trojan infects people's computers, and mines for whoever controls the botnet. I'm willing to bet that this is a false positive, and because GUIMiner contains the ability to mine bitcoins (as it should), it's being falsely marked as one of the bitcoin mining trojans.

I haven't actually taken a look, but I would guess it's harmless.

[bitfreak!]

IT DOES APPEAR TO BE INFECTED.

Avira AntiVir is telling me that the exe contains a pattern of SPR/Tool.BitCoinMiner.a.1

Note that there have been a number of Trojans lately that include Bitcoin miners - the trojan infects people's computers, and mines for whoever controls the botnet. I'm willing to bet that this is a false positive, and because GUIMiner contains the ability to mine bitcoins (as it should), it's being falsely marked as one of the bitcoin mining trojans.

I haven't actually taken a look, but I would guess it's harmless.

That's what I was thinking too. But like you said, there are some new miner trojans being released, and I wouldn't download this without being 100% sure.

[deepceleron]

This is antivirus software doing bad stuff like it normally does. With names assigned to it like "Win32/Spy.CoinBit.E", and "PUA.Tool.Ufasoft.BitCoinMiner" the antivirus companies have specifically added guiminer to their antivirus software list. PUA = Potentially Unwanted Application, because Bitcoin mining software can be covertly installed on someone's computer, and you would want to be alerted if you didn't know it was there (but certainly not to have it auto-deleted, I've got lots of stuff AV software wants to delete off my computer, but these programs work just as intended and are not viruses or trojans)

[x0Jakeyboy0x]

This is antivirus software doing bad stuff like it normally does. With names assigned to it like "Win32/Spy.CoinBit.E", and "PUA.Tool.Ufasoft.BitCoinMiner" the antivirus companies have specifically added guiminer to their antivirus software list. PUA = Potentially Unwanted Application, because Bitcoin mining software can be covertly installed on someone's computer, and you would want to be alerted if you didn't know it was there (but certainly not to have it auto-deleted, I've got lots of stuff AV software wants to delete off my computer, but these programs work just as intended and are not viruses or trojans)

Just because an application works as intended does not mean it is not infected with a virus. That's not to imply however i feel this is or isn't a virus, but i must say Bitcoin is a perfect front end for one. Anyone wanting to let a virus connect to any IP address and not be questioned who's on the other side would find Bitcoin quite accommodating, especially with its growing popularity and not an especially tech savvy crowd.

So the moral of the story is, don't trust some random people telling you it's a false positive or blame the antivirus software for flagging it as a possible problem.

[deepceleron]

This is antivirus software doing bad stuff like it normally does. With names assigned to it like "Win32/Spy.CoinBit.E", and "PUA.Tool.Ufasoft.BitCoinMiner" the antivirus companies have specifically added guiminer to their antivirus software list. PUA = Potentially Unwanted Application, because Bitcoin mining software can be covertly installed on someone's computer, and you would want to be alerted if you didn't know it was there (but certainly not to have it auto-deleted, I've got lots of stuff AV software wants to delete off my computer, but these programs work just as intended and are not viruses or trojans)

Just because an application works as intended does not mean it is not infected with a virus. That's not to imply however i feel this is or isn't a virus, but i must say Bitcoin is a perfect front end for one. Anyone wanting to let a virus connect to any IP address and not be questioned who's on the other side would find Bitcoin quite accommodating, especially with its growing popularity and not an especially tech savvy crowd.

So the moral of the story is, don't trust some random people telling you it's a false positive or blame the antivirus software for flagging it as a possible problem.

You haven't applied that much critical thought here. Just a handful of antivirus programs identify the ufasoft miner, and they identify by name because of its potential of being installed without user's knowledge. The source code is available at the author's site, you can download it right here. You can inspect the source code for virus-like behavior, and if you build it in the same development environment as the author, you will likely get similar virus warnings on the exe.

All mining software that is widely used is open source and hosted at sites like github, where source changes are transparent. The only people that are going to be infected are the greedy that fall for "new hacked miner triples your winnings" trojans.

[BitcoinPorn]

Basically, there is no reason to fear

Even knowing that, with this thread labeled like this, even I'm fearful of downloading

[mc_lovin]

what are the benefits of the new version over the 5-21 version?

[Joric]

I've got a spam with a link to http://l5b.net/Bitcoin-Speed-Miner/
Tried to report it and it but it deleted all content almost instantly.
Theres a virus scan result: http://www.virustotal.com/file-scan/report.html?id=f12452151625d1e7c7f44a068a75dd8ff5b0e6e38128d62480b7c03082d796e4-1310311069
Resources I've used:
https://supportcenter.godaddy.com/Abuse/SpamReport.aspx (domain belongs to godaddy, as always)
http://www.google.com/safebrowsing/report_phish/
http://stopbadware.org/

[lodcrappo]

seems fine here

[Forp]

+1

guiminer-2011-07-11.exe from github user Kiv reports as virus on Norton Internet Security; no further useful details.

[PLaci1982]

False positive!

https://bitcointalk.org/index.php?topic=33517.0