F-Secure blocking cgminer after update, exclusion from scan not working
Hi
So I've been using cgminer for almost a month now without a problem, but few days ago my computer got Anti Spyware Definition Update and ever since my F-Secure has figured out the program is a virus. Creating a folder excluded from scanning and then extracting miner there, won't solve my problem.
This is the download link for the miner I've been using:
http://ck.kolivas.org/apps/cgminer/3.6/cgminer-3.6.6-1-windows.7z
Any help would be appreciated.
Comments
-
I recommend that you take a look at this thread, with a similar issue, and follow the advice given here:
http://community.f-secure.com/t5/Security/Why-does-it-keep-quarantine-my/td-p/42193 -
Past relevant thread here; http://community.f-secure.com/t5/Security/CGMiner-false-postives/m-p/24956
If you are talking about the cgminer.exe file you will not be able to exclude it as some files cannot be excluded and will always be scanned, such as executable files; http://community.f-secure.com/t5/Security-for-PC/How-do-I-exclude-a-file-or/ta-p/15398
I have scanned the cgminer.exe file this morning and;
1. On Virustotal it is picked up as malware by 16/48 scanners but as you can see F-Secure does not flag it as dangerous.
And scanning the file here with F-Secure suggests it is not malware;
Yet a week earlier, F-Secure was picking it up as malware as Application.BitCoinMiner.BU; https://www.virustotal.com/en/file/a8edacb3fac182c3ff9ba997d9d0eb7d4c09bfb5feaf00657257bb3a01d0b568/analysis/
2. Malwarebytes as seen above was one of the 16 scanners that flagged the file as malicious, Trojan.Bitcoin.
3. Checking with herdProtect, a month ago, 31/68 scanners detected cgminer.exe as malware including F-Secure who detected it as Application.BitCoinMiner.BU; http://www.herdprotect.com/cgminer.exe-73b9bb27c6ab208e6d23c184834119adeea8175b.aspx
So overall the results are a little inconsistent over timeand it may be due to the source of cgminer.exe..
A large number of AV vendors are flagging it just in case someone decides to use the code in a botnet.
https://bitcointalk.org/index.php?topic=28402.0
Since you cannot exclude the file, you can then send it to the Sample Analysis System (SAS), where it will be analysed but can you check today with a fully updated F-Secure today that the file is still being flagged; I cannot confirm this on my computer with build 192;
-
Just found this older thread; http://community.f-secure.com/t5/Security/F-Secure-treats-cgminer-and/td-p/28988
"Our laboratory has advised us that both files are clean, as in not malware, however that they are currently marked as Riskware due to the nature of the files. The detection will remain because we have seen malware bundling Bitcoin miners to create botnets."
This is from 5 months ago; so until recently F-Secure was flagging these files as Riskware.
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!