Author

Topic: ESET online scanner detects ALL miners as Virus/malware.. ? (Read 4733 times)

CWO
newbie
Activity: 10
Merit: 0
If downloaded from the developer site and you are using these miners directly with flags you specify, then everything is fine. These miners themselves can be run without ever showing a window or taskbar icon meaning that someone can write a program in seconds that can run this on your computer without you ever knowing it (except when you check why your CPU/GPU are running slow or acting up). And since crypto-currency is actual money that could be made, those who have control of thousands of infected computers can run these miners to mine on those computers on their behalf. This is why these programs are flagged. Not because the programs themselves are illegitimate, but because they could be and likely have been used in illegitimate ways.
hero member
Activity: 728
Merit: 500
Do a trace log of the network traffic and see if anything suspicious stand out.
sr. member
Activity: 280
Merit: 250
Sometimes man, just sometimes.....
   I have the same situation with CGMiner. Bit Defender (probably the best anti-virus ) and G-Data say CGMiner infected. BitDefender according to a study by AV-Comparatives best antivirus for years. I wrote to technical support to see if CGMiner false positives. I said I only Bitdefender version 2.10. not identified as infected. After checking, Bit Defender is version 2.10. marked infected . I received the following response:
    Thank you for your patience and we apologize for the delay of our answer.
The analysis of the file has been completed and the detections will remain for
now due to its bitcoin mining abilities.
Please let me know if I can further assist you.
Have a nice day!

Kind regards,
Andrei Onciu
Bitdefender Technical Support Engineer

So anything mining bitcoins is a virus to them  Grin

BFGMiner doesnt flag as a virus for my ESET or anything else.  I am guessing Luke Jr changed around some of that code to correct this problem.
full member
Activity: 140
Merit: 100
   I have the same situation with CGMiner. Bit Defender (probably the best anti-virus ) and G-Data say CGMiner infected. BitDefender according to a study by AV-Comparatives best antivirus for years. I wrote to technical support to see if CGMiner false positives. I said I only Bitdefender version 2.10. not identified as infected. After checking, Bit Defender is version 2.10. marked infected . I received the following response:
    Thank you for your patience and we apologize for the delay of our answer.
The analysis of the file has been completed and the detections will remain for
now due to its bitcoin mining abilities.
Please let me know if I can further assist you.
Have a nice day!

Kind regards,
Andrei Onciu
Bitdefender Technical Support Engineer

So anything mining bitcoins is a virus to them  Grin
hero member
Activity: 711
Merit: 500
   I have the same situation with CGMiner. Bit Defender (probably the best anti-virus ) and G-Data say CGMiner infected. BitDefender according to a study by AV-Comparatives best antivirus for years. I wrote to technical support to see if CGMiner false positives. I said I only Bitdefender version 2.10. not identified as infected. After checking, Bit Defender is version 2.10. marked infected . I received the following response:
    Thank you for your patience and we apologize for the delay of our answer.
The analysis of the file has been completed and the detections will remain for
now due to its bitcoin mining abilities.
Please let me know if I can further assist you.
Have a nice day!

Kind regards,
Andrei Onciu
Bitdefender Technical Support Engineer
newbie
Activity: 56
Merit: 0
Be careful even when you are not immune to small malignant sending viruses!
hero member
Activity: 546
Merit: 500
The problem is that some of the code for the miners we want to use is exactly the same code that has been used to create bitcoin mining botnets. The botnet software on the infected clients gets reported to the AV companies, and it all gets blacklisted.

But yes you should always be careful when you download clients and miners, especially on new altcoins.
legendary
Activity: 952
Merit: 1000
Ive have both Malwarebytes and MSE flag CGMiner as viruses, even tho I've downloaded them directly from CK's website. As long as you know where they came from, ignore your AV.

EDIT: I should also say: I haven't had a virus on any of my computers in 3 years, but we get customers all the time with them, so I'd like to think I know how to stay keep my computers safe.
full member
Activity: 210
Merit: 100
Id make sure they were false possitives, I had several trojan alerts from random miners with Kaspersky. I re-downloaded the Miners from dev websites. Know I get the alert, saying This software has been known to be used in background without users knowlegde. If you installed the software Ignore the warning.

So there is bad copies floating around, make sure you get the miners from the developers site. Not mirrors or torrent
sr. member
Activity: 771
Merit: 258
Trident Protocol | Simple «buy-hold-earn» system!
I get the same downloading litecoin scrypt with Bitdefender, and did some digging. Virustotal is a useful site, it looks at lots of virus scanning tools, and gives you a pooled result. Looking at: guiminer-scrypt_win32_binaries_v0.04.zip it gives this result below. 18/37 virus alerts for litecoin mining client(!)  Bitdefender blocks guiminer for litecoin running, and deletes the guiminer.exe file so no mining permitted.

Looking closer, the CI.A alert from Panda raises concerns:
"Trj/CI.A is a Trojan, which although seemingly inoffensive, can actually carry out attacks and intrusions: screenlogging, stealing personal data, etc.
Trj/CI.A uses the following propagation or distribution methods:
Exploiting vulnerabilities with the intervention of the user: exploiting vulnerabilities in file formats or applications. To exploit them successfully it needs the intervention of the user: opening files, viewing malicious web pages, reading emails, etc.
It is dropped or downloaded to the computer by other malware specimens, for example: Multidropper.RGN, Dropper.XW, Multidropper.RHU, Multidropper.RIS, Multidropper.RLF, Multidropper.RMA, Multidropper.RMB."

I'd like to mine litecoins, but this needs sorting out first...

Comments and tips on safe ways to mine litecoins appreciated.

-----------------------Truncated output from virustotal:-----------------------------
SHA256:   aa6f0b036cb71686d12a83d5196f8c6b75f088bfaa46bb1dcb78204264feb385
File name:   guiminer-scrypt_win32_binaries_v0.04.zip
Detection ratio:    18 / 37
Analysis date:    2013-07-06 13:18:17 UTC ( 8 hours, 27 minutes ago )

Agnitum    RiskTool.BitCoinMiner!FwFs5XwI1os    20130705
AntiVir    SPR/BitCoin.G    20130706
Antiy-AVL    NetTool/Win32.Sniffer    20130706
Avast       20130706
AVG       20130706
BitDefender    Trojan.GenericKDV.1001299    20130701
Commtouch    W32/Trojan.WENJ-5448    20130706
Comodo    UnclassifiedMalware    20130706
Emsisoft    Trojan.GenericKDV.1001299 (B)    20130706
eSafe       20130703
ESET-NOD32    probably a variant of Win32/BitCoinMiner.N    20130706
F-Prot       20130706
F-Secure       20130706
Fortinet    W32/BitCoinMiner.N    20130706
GData    Trojan.GenericKDV.1001299    20130706
Ikarus    not-a-virus:NetTool.Win32.Sniffer    20130706
Kaspersky    not-a-virus:NetTool.Win32.Sniffer.dz    20130706
Kingsoft    VIRUS_UNKNOWN    20130506
Malwarebytes    PUP.BitCoinMiner    20130706
McAfee    Artemis!CDC7F0BD120B    20130706
McAfee-GW-Edition       20130706
Microsoft       20130706
MicroWorld-eScan       20130706
NANO-Antivirus       20130706
Norman    Troj_Generic.KWOTF    20130706
nProtect       20130705
Panda    Trj/CI.A    20130706
VIPRE    Trojan.Win32.Generic!BT    20130706
full member
Activity: 168
Merit: 100
I have a paid for Eset subscription.  I have used almost every mining program known to man and have never had Eset say anything was suspicious.
sr. member
Activity: 476
Merit: 250
Those are false positive !

But you need to be careful where you download your clients though.
legendary
Activity: 2898
Merit: 1017
Jump to: