Author

Topic: Microsoft Security Essentials (Read 2307 times)

newbie
Activity: 24
Merit: 0
September 17, 2011, 08:41:39 AM
#9
This is why most of AV detects miners as threat:
http://img851.imageshack.us/img851/9199/combofixm.jpg
http://img233.imageshack.us/img233/7248/malwaremal.jpg
It is all because creators of viruses are so lazy that they don't take source code of miner and use it in virus but they copy binary files from creator of miner and write only starter (something like GUIMiner). So viruses use original files of miners so AV threat them also as virus!
hero member
Activity: 756
Merit: 500
September 17, 2011, 04:42:29 AM
#8
I just disable the warning and proceed with the installation, as long as you get the software from a trusted source, I do not see the problem.
hero member
Activity: 658
Merit: 500
September 13, 2011, 08:08:29 PM
#7
No, its because what I said about 2 months ago about trojans bundling bitcoin clients with their payloads in order to make money. This isn't a false posititive it's a legitimate positive because any bitcoin client is going to look exactly like a trojen one in terms of virus signature.
It is a false positive; they should be trying to detect code wrapping it so it can be controlled.
full member
Activity: 189
Merit: 101
August 25, 2011, 11:42:02 PM
#6
Is now recognizing bitcoin-miner.exe from th GUIminer file as a threat.

Ikarus (the av engine I use) labels it as "possible-Threat.Win32.BitCoinMiner", they originally labeled it as a Trojan but changed it to "possible threat" after many submitted it for analysis.
They do this to alert people who have no idea what bitcoin is that there is an issue happening on their machines.

http://www.f-secure.com/weblog/archives/00002207.html

hero member
Activity: 756
Merit: 500
August 25, 2011, 05:43:48 PM
#5
I have noticed several other legitimate apps getting reported also.  FWIW

Becuase they all look like a known botnet/trojan to MSE and other AV programs because they have exactly the same characteristics as a known botnet/trojan.
full member
Activity: 120
Merit: 100
August 25, 2011, 04:38:06 PM
#4
I have noticed several other legitimate apps getting reported also.  FWIW
hero member
Activity: 756
Merit: 500
August 25, 2011, 02:47:03 PM
#3
No, its because what I said about 2 months ago about trojans bundling bitcoin clients with their payloads in order to make money. This isn't a false posititive it's a legitimate positive because any bitcoin client is going to look exactly like a trojen one in terms of virus signature.
sr. member
Activity: 321
Merit: 250
Firstbits: 1gyzhw
August 25, 2011, 01:11:06 PM
#2
Report it as a false positive.
newbie
Activity: 37
Merit: 0
August 25, 2011, 12:39:51 PM
#1
Is now recognizing bitcoin-miner.exe from th GUIminer file as a threat.
Jump to: