Cryptocurrency Mining software
Report in attachment. Plus I have a question: exclusion does not work when av detects mining software. Any help?
Software links:
https://mega.nz/#F!O4YA2JgD!n2b4iSHQDruEsYUvTQP5_w
https://mega.nz/#F!P0ZjFDjC!Cmb-ZRqlbAnNrajRtp4zvA
https://mega.nz/#F!PxJXBD5T!zj1GJ7zkmvqfo3yd2mis-Q
https://mega.nz/#F!vhB2BCIA!ZuBRI_YyP-SztQnINK6xkA
https://mega.nz/#F!Hg4g1bLT!4Upg8GNiEZYCaZ04XVh_yg
https://mega.nz/#F!e4JVEAIJ!l1iF4z10fMyJzY5-LnyC2A
-
9 hours ago, LSArtem said:
Hello! Please write what version of AdAware do you use. We checked on the latest and a file in Exclusion list was not detected anymore. Also please clarify on what stage your files were detected - after file download or when you start it?
Right now i'm using Adaware Antivirus Free version 12.1.856.11526. Previously I added to exclusion list whole disk and miner folder where miner executable is located. But AV removed my file even when Real-time protection is disabled. Virus was detected when process is running and some software crash is happening(because of opencl thread freezing), i think your AV detects this as a strange behaviour and removes the file. Now i've added full path including file name to exclusion list, we'll see.
0 -
On 19.09.2017 at 2:09 PM, LSArtem said:
I can see that your Claymore's miner was detected as "Application.BitCoinMiner.SI" . It is normal situation for miners. You see a full report on Virustotal most of well known antiviruses detect (37/65) this file.
Also you have two infected objects in your "Downloads" folder:
"E:\Downloads\Image-Line.FL.Studio.Producer.Edition v12.5.0.59.Incl.Patch.and.Keygen-R2R.zip" - Gen:Variant.Symmi.64984
"E:\Downloads\A319_ROW_DS_S319_161222.zip" - Android Riskware (Android.Monitor.Reaper.A, Android.Riskware.SmsPay.EA, Android.Riskware.SMSSend.gEWPZ)
The problem is that antvirus removes miner executable file and i need to copy it every time again and again.
Gen:Variant.Symmi.64984 found in a keygen executable i guess, so it's not dangerous
0 -
Hello platitude!
I can see that your Claymore's miner was detected as "Application.BitCoinMiner.SI" . It is normal situation for miners. You see a full report on Virustotal most of well known antiviruses detect (37/65) this file.
Also you have two infected objects in your "Downloads" folder:
"E:\Downloads\Image-Line.FL.Studio.Producer.Edition v12.5.0.59.Incl.Patch.and.Keygen-R2R.zip" - Gen:Variant.Symmi.64984
"E:\Downloads\A319_ROW_DS_S319_161222.zip" - Android Riskware (Android.Monitor.Reaper.A, Android.Riskware.SmsPay.EA, Android.Riskware.SMSSend.gEWPZ)
0 -
17 hours ago, platitude said:
The problem is that antvirus removes miner executable file and i need to copy it every time again and again.
Gen:Variant.Symmi.64984 found in a keygen executable i guess, so it's not dangerous
Hello! Please write what version of AdAware do you use. We checked on the latest and a file in Exclusion list was not detected anymore. Also please clarify on what stage your files were detected - after file download or when you start it?
0 -
Hi platitude,
Please note that adaware antivirus version 12.2 was released at September 13.
0 -
Have you restarted the computer?
Maybe adaware antivirus has downloaded the new version but needs a restart to start using it, only a guess.
0 -
3 hours ago, CeciliaB said:
Please note that adaware antivirus version 12.2 was released at September 13.
I've downloaded Adaware Free with this link https://www.adaware.com/av-thank-you.php?p=adaware_free
Tried to install. but installer says that i already have new version or i should uninstall it and try to install again?
0 -
AV continue to remove the miner during daily scan
0 -
On 9/24/2017 at 10:55 AM, platitude said:
AV continue to remove the miner during daily scan
We will try to reproduce your situation with detection of this file and we'll let you know the results.
0 -
I switch AV to disabled few days ago, now I changed the state to active againg and rechecking, will let you know later
0 -
File was added to Exclusion list and we have no detected objects anymore. Do you still have this problem?
0 -
On 26.09.2017 at 6:32 PM, LSArtem said:
File was added to Exclusion list and we have no detected objects anymore. Do you still have this problem?
Daily scan still removes miner and it also removes miner when it has a freezed gpu thread. Daily scan report attached
0 -
7 hours ago, platitude said:
Daily scan still removes miner and it also removes miner when it has a freezed gpu thread. Daily scan report attached
Hello! Please try this:
1. Reboot your PC.
2. Turn Off Real Time Protection
3. Download archive with miner.
4. Unpack miner from archive
5. Add a folder path with your unpacked miner to Exclusion list
6. Stop / Start Antivirus
7. Turn On Real Time Protection
8. Run Scan of a folder that was added to Exclusion list
0 -
Daily scan still find a miner as a virus and removes it
0 -
11 hours ago, LSArtem said:
Hello! Please try this:
1. Reboot your PC.
2. Turn Off Real Time Protection
3. Download archive with miner.
4. Unpack miner from archive
5. Add a folder path with your unpacked miner to Exclusion list
6. Stop / Start Antivirus
7. Turn On Real Time Protection
8. Run Scan of a folder that was added to Exclusion list
Folder scan(right click in explorer -> Scan with Adaware Antivirus) completed and miner is not detected
0 -
On 9/30/2017 at 10:15 AM, platitude said:
Daily scan still find a miner as a virus and removes it
Hello! Please turn on AAW logging in such way:
After that run again daily scan and wait for file detection.
Change view folder options in windows explorer to show hidden files. Find Adaware log folder. It can be by one of these paths:
%All Users%\adaware\adaware antivirus\
%Program Data%\adaware\logs
Pack this folder and attach archive to a post please.
0 -
Did a Quick scan, included only toady logs in archive
0 -
6 hours ago, platitude said:
Thanks for logs! Development team will check the logs and will try to fix all issues.
0
Please sign in to leave a comment.
Comments
19 comments