Author

Topic: Trojan.BitcoinMiner - Real or no big deal? (Read 6060 times)

newbie
Activity: 23
Merit: 0
Great, thanks everyone!  Cool
hero member
Activity: 566
Merit: 500
I have ESET at work (bleh!), and it blocks CGMiner for the same reasons. False Positive as long as you grabbed it from the source, not a 3rd party.
hero member
Activity: 504
Merit: 500
puddingpop is a "type" of pool setup. (It does EXTRA checking, to confirm your actual work. It may just use special drivers that handle this "different" style of work.)
https://en.bitcoin.it/wiki/Remote_miner

If you installed the program (some special form of miner)... or joined a puddingpop format server... then it is NOT a trojan.

However, if you didn't install a miner, and you just woke-up after visiting facebook and playing some farmville style game, and got that warning the next day... then it IS a trojan, because you didn't put it there.

The warnings are because someone "added a miner" to an unsuspecting game/website/flash and was using everyone's computers to earn them money. Thus, "virus", the "Trojan" component is the auto-update, which downloaded a "special" update to deliver coins to a special wallet, and run the program in stealth service mode, while giving the hacker access with the RPC commands.

All these programs use PRC commands, but unless you enable them, they do not communicate with the outside world. The virus scanners do not check to see if RPC is being used, just that RPC exists, and same with the miner. It is not seeing if YOU installed it, or set it up, or looking to see if it runs with a "GUI". (non hidden).

I assume you are fine and safe. Since the program is "expected".

That may just be puddingpop-support, should you need to connect to that special type of server. Even if you didn't use it, the "support" for that miner style is there.
hero member
Activity: 770
Merit: 500
I'm not 100% sure, but I think I got them from http://bitcointalk.org/?topic=2444.0.

looks very very bad. your system is infected

https://www.virustotal.com/en/file/01597705d336fdc93acc1e40a7870a49f30b02d53407d52d5be114e07db37bbe/analysis/

edit: be very careful when making transactions from your wallets
newbie
Activity: 23
Merit: 0
I'm not 100% sure, but I think I got them from http://bitcointalk.org/?topic=2444.0.
hero member
Activity: 661
Merit: 502
It looks like a false positive, where did you download the miner from? As said above, if it's from a verified source nothing to worry about. If it's not, then take necessary action.
newbie
Activity: 23
Merit: 0
Dunno, If you didn't put it there yourself then yes it's a big deal.
Try to store your bitcoin wallet and other bitcoin related actions on a safe PC.

Use another PC for your daily activities...

Well I downloaded it, and tried to run the rpcminer-cuda, but it didn't work..

I have my wallet on an offline PC, so it should be safe, unless the malware can jump on a usb stick and work on Linux..  Shocked

Thanks for the info.

This possibly is a false positive identification, since you willingly downloaded the mining software. If you downloaed from a trustworthy source (original guiminer/poclbm threads/sites or the site of one of the big mining pools) you should be safe.

There are trojans with the prupose of sneaking mining software into systems and using that system's GPU and CPU power to mine for the author of the trojan, without the system owner knowing that his system is currently mining. Malwarebytes might have falsely identified the guiminer files as such a trojan.

I am not completely sure about that though. Maybe someone more knowledgeable can chime in.

Yeah, I've heard about those. My GPU & CPU are currently at around 0-5% so I don't think that's it, but who knows..
Because Eset didn't recognize it, it would seem like it's been "falsely identified", but who knows..

I'll probably keep an eye on my CPU/GPU for a while anyway.

Thanks!
full member
Activity: 224
Merit: 100
This possibly is a false positive identification, since you willingly downloaded the mining software. If you downloaed from a trustworthy source (original guiminer/poclbm threads/sites or the site of one of the big mining pools) you should be safe.

There are trojans with the prupose of sneaking mining software into systems and using that system's GPU and CPU power to mine for the author of the trojan, without the system owner knowing that his system is currently mining. Malwarebytes might have falsely identified the guiminer files as such a trojan.

I am not completely sure about that though. Maybe someone more knowledgeable can chime in.
sr. member
Activity: 462
Merit: 250
Dunno, If you didn't put it there yourself then yes it's a big deal.
Try to store your bitcoin wallet and other bitcoin related actions on a safe PC.

Use another PC for your daily activities...
newbie
Activity: 23
Merit: 0
I used Malwarebytes to scan my entire system, and it found these..

https://i.imgur.com/PoWsfKV.png

Eset Smart Security 6 didn't notice them, but I've removed them using Malwarebytes.

Is there anything else I should do to be safe?  Huh

Thanks in advance!
Jump to: