Author

Topic: Norton Internet Security reports Trojan.ADH.2 in cgminer.exe (Read 2796 times)

legendary
Activity: 1148
Merit: 1008
If you want to walk on water, get out of the boat
Yup, usually antivirus softwares flag it as virus because there are some viruses that have them. This is idiot of course, the antivirus should detect the real virus, not the miner part!
donator
Activity: 1218
Merit: 1015
If I'm remembering right, it is not uncommon for mining software to get tagged by AV software.

Mining software uses tons of resources (whether CPU or GPU). If CGMiner were installed without consent and then used to mine for the attacker, most A/V companies would probably just slap a malware label on it. Since they're actually called "BTCMine" in the Dr. Web definitions, this seems to almost certainly be the case.

I'd still use it, but then I still use Windows, so I'm not credible.
newbie
Activity: 16
Merit: 0
Not really. Association is not by file name "cgminer.exe", but by sequence of bytes inside the file. There is the reason of MD5 in the table. The files are directly from the http://ck.kolivas.org, so....
member
Activity: 80
Merit: 10
This is because of other malware utilizing CGMiner to download said program, making the virus detection associate CGMiner with the trojan.
newbie
Activity: 16
Merit: 0
Yesterday my Norton Internet Security started reporting Trojan.ADH.2 in the guiminer-scrypt_win32_binaries_v0.02\cgminer\cgminer.exe  Embarrassed
So, I made a small research. I downloaded all currently available binaries from the cgminer's distribution site http://ck.kolivas.org/apps/cgminer and checked them against Dr.Web online scanner, Norton Internet Security and Microsoft Security Essentials.

Here are my results:

fileMD5   Dr.Web online scanner (records:3841735)   Norton Internet Security (definitions version 20130412.006)   MS Security Essentials (definition: 1.147.1650.0)
cgminer-2.10.0-win32\cgminer.exe8a877908c8dd8586651ce9b67b70e1d4   Clean   Clean   Clean
cgminer-2.10.1-win32\cgminer.exeaf60f0da905591f0a3eb6167f27d7228   Clean   Clean   Clean
cgminer-2.10.2-win32\cgminer.exe08fa1a5b4870e7d1ec7482fdfb1a54c3   contains an intrusion tool Tool.BtcMine.73Clean   Clean
cgminer-2.10.3-win32\cgminer.exea1d392aeb8eaa3571f009f53cb6b743f   contains an intrusion tool Tool.BtcMine.81Clean   Clean
cgminer-2.10.4-win32\cgminer.execdbb2d86ac108d86dc9ee673ba18d424   Clean   Clean   Clean
cgminer-2.10.5-win32\cgminer.exe61d0fdbddb8763b79054001f591d071a   contains an intrusion tool Tool.BtcMine.82Trojan.ADH.2Clean
cgminer-2.11.0-win32\cgminer.exefc4301342f941a6c3309965f850a0c78    infected with Trojan.BtcMine.67Clean   Clean
cgminer-2.11.1-win32\cgminer.exef899dc08f4255fc9454886886669c5a8   Clean   Clean   Clean
cgminer-2.11.2-win32\cgminer.exe48fbb86864a6112672238905dc0e90cb   contains an intrusion tool Tool.BtcMine.87Trojan.ADH.2Clean
cgminer-2.11.3-win32\cgminer.exe3b583432257425f4b57daf9c39a8675d   infected with Trojan.BtcMine.76Clean   Clean
cgminer-2.11.4-win32\cgminer.exeeedf9d5b3f2ccf830b4fb0e4c1631cbe   Clean   Trojan.ADH.2Clean

It will be nice to hear from author about origins of these threats.
Jump to: