b

[Rhydic]

b

[1714060152]

1714060152

[1714060152]

1714060152

[pekv2]

How'd you get that?

[pekv2]

How'd you get that?

no idea

What was used to pick up the trojan?

[Yuusha]

Looks like the malware removal tool built into Windows 7.

[Exonumia]

everywhere

What do you mean everywhere?

Most of the AV databases are flagging Ufasoft as a "possible threat" because it is being used in a trojan package as the miner for their botnet.

http://www.f-secure.com/weblog/archives/00002207.html
http://www.pcmag.com/article2/0,2817,2390290,00.asp

The theory is that if you know nothing about bitcoin and you find this program on your machine you know you have an issue.
Does this mean the Ufasoft miner is a virus? I still don't think so... but... I can't say for sure it isn't.

Ikarus (the av engine I use) labels it as "possible-Threat.Win32.BitCoinMiner", they originally labeled it as a Trojan but changed it to "possible threat" after many submitted it for analysis.

If you are wondering why you even have Ufasoft miner on your machine if you don't use it... it used to be included in Kiv's GUIMiner package (he has removed it from the package due to this alerting issue in the most current version, although it is still supported by GUIminer, you just need to download it separately now).

[geek-trader]

Solution:  Don't use Windows.

[NothinG]

Solution:  Don't use Windows.

...or Java.

[geek-trader]

Solution:  Don't use Windows.

...or Java.

Google Chrome will ask you before it runs Java from a web page.  Very nice feature.

[BitVapes]

Solution:  Don't use Windows.

...or Java.

Google Chrome will ask you before it runs Java from a web page.  Very nice feature.

and Chrome will track your every movement online and phone home to the Googleplex, where the FBI/CIA/NSA have direct access to the records without need for search warrants, awesome

[NothinG]

Solution:  Don't use Windows.

...or Java.

Google Chrome will ask you before it runs Java from a web page.  Very nice feature.

and Chrome will track your every movement online and phone home to the Googleplex, where the FBI/CIA/NSA have direct access to the records without need for search warrants, awesome

Google can have my first born if they want.

[vapourminer]

MSE flagged coinminer when I copied the july version of guiminer to a backup drive in preparation to install the new aug version. coinminer is not used by guiminer unless you call it specifically, and is not in the new version.

tell MSE (or whatever) it to Remove or Quarantine it and relax.. well, thats IF you found it in an old version of guiminer anyway. otherwise something tried to drop it in yer system.

[Ten98]

MSE flagged coinminer when I copied the july version of guiminer to a backup drive in preparation to install the new aug version. coinminer is not used by guiminer unless you call it specifically, and is not in the new version.

tell MSE (or whatever) it to Remove or Quarantine it and relax.. well, thats IF you found it in an old version of guiminer anyway. otherwise something tried to drop it in yer system.

Yeah bit of a false positive tbqh. Not needed for GPU mining so Quarrantine it if you like, I just "allow" it.

[onesalt]

Hey wow look its the exact same thing I pointed out like 2 fucking months ago which you idiots laughed about it and said I was a moronic trolling retard for pointing out, and OH LOOK AV companies have picked up on it and realised "hey shit this thing is propagating botnets!!" Which is bad fucking news because AV companies very quickly try to stamp out botnets and things associated with them. The fact microsoft put up a bounty of a million dollars to stamp out a fairly low key botnet should be evidence enough of this, damn.

[NothinG]

Hey wow look its the exact same thing I pointed out like 2 fucking months ago which you idiots laughed about it and said I was a moronic trolling retard for pointing out, and OH LOOK AV companies have picked up on it and realised "hey shit this thing is propagating botnets!!" Which is bad fucking news because AV companies very quickly try to stamp out botnets and things associated with them. The fact microsoft put up a bounty of a million dollars to stamp out a fairly low key botnet should be evidence enough of this, damn.

1 Million USD is toilet paper to Microshit.

[onesalt]

Hey wow look its the exact same thing I pointed out like 2 fucking months ago which you idiots laughed about it and said I was a moronic trolling retard for pointing out, and OH LOOK AV companies have picked up on it and realised "hey shit this thing is propagating botnets!!" Which is bad fucking news because AV companies very quickly try to stamp out botnets and things associated with them. The fact microsoft put up a bounty of a million dollars to stamp out a fairly low key botnet should be evidence enough of this, damn.

1 Million USD is toilet paper to Microshit.

Wow no shit it's almost like to anyone else who might actually have information as to who runs the botnet that might actually be quite a large sum of money! well done!!

[NothinG]

Hey wow look its the exact same thing I pointed out like 2 fucking months ago which you idiots laughed about it and said I was a moronic trolling retard for pointing out, and OH LOOK AV companies have picked up on it and realised "hey shit this thing is propagating botnets!!" Which is bad fucking news because AV companies very quickly try to stamp out botnets and things associated with them. The fact microsoft put up a bounty of a million dollars to stamp out a fairly low key botnet should be evidence enough of this, damn.

1 Million USD is toilet paper to Microshit.

Wow no shit it's almost like to anyone else who might actually have information as to who runs the botnet that might actually be quite a large sum of money! well done!!

I don't understand your sarcasm.
Are you bashing on the people who know about botnets or...?

[onesalt]

Hey wow look its the exact same thing I pointed out like 2 fucking months ago which you idiots laughed about it and said I was a moronic trolling retard for pointing out, and OH LOOK AV companies have picked up on it and realised "hey shit this thing is propagating botnets!!" Which is bad fucking news because AV companies very quickly try to stamp out botnets and things associated with them. The fact microsoft put up a bounty of a million dollars to stamp out a fairly low key botnet should be evidence enough of this, damn.

1 Million USD is toilet paper to Microshit.

Wow no shit it's almost like to anyone else who might actually have information as to who runs the botnet that might actually be quite a large sum of money! well done!!

I don't understand your sarcasm.
Are you bashing on the people who know about botnets or...?

Do you understand how bounties work, this is important.

[NothinG]

Hey wow look its the exact same thing I pointed out like 2 fucking months ago which you idiots laughed about it and said I was a moronic trolling retard for pointing out, and OH LOOK AV companies have picked up on it and realised "hey shit this thing is propagating botnets!!" Which is bad fucking news because AV companies very quickly try to stamp out botnets and things associated with them. The fact microsoft put up a bounty of a million dollars to stamp out a fairly low key botnet should be evidence enough of this, damn.

1 Million USD is toilet paper to Microshit.

Wow no shit it's almost like to anyone else who might actually have information as to who runs the botnet that might actually be quite a large sum of money! well done!!

I don't understand your sarcasm.
Are you bashing on the people who know about botnets or...?

Do you understand how bounties work, this is important.

I think so...
A group or individual wants something done, so they put an offer on the table for someone to complete it.
Upon completion, the offer gets paid.

[vapourminer]

[coinminer being flagged]

tell MSE (or whatever) it to Remove or Quarantine it and relax.

Yeah bit of a false positive tbqh. Not needed for GPU mining so Quarrantine it if you like, I just "allow" it.

true, not a threat per se. it was flagged a "medium" threat and listed as a legit program. just a possible symptom of a trojan or other problem.

as I dont use it (or ever plan to) I figure Ill tell MSE to zap it and that way if something ever tried to drop it its toast.