Trojan:Win32/Bluteal!rfn in Nicehash (solved)

Does anyone have any input on this? Windows Defender quarantined this file. It was found in the following executable:

xmrig-nvidia.exe

xmrig is mining software and I downloaded the mining software directly from their Github. The Microsoft Security Intelligence site / reference had nothing on it. Obviously I’ve deleted it. Just wondering if other miners are running into this kind of thing.

Interestingly this flagged on a PC that is not currently being used for mining purposes, and hasn’t been used as such for over a month.

1 Like

Try uploading here https://www.virustotal.com/#/home/upload for review. This site is designed to run uploaded software against several scanners and also checks for valid signatures.

3 Likes

@ImaginaryPi - have you seen this?

Update:

This file actually came from Nicehash 1.8.2.0 beta - not from Github.

1 Like

It has no valid signature and 23 scanners have picked it up.

1 Like

Most mining executable files will be flagged as a virus or trojan by windows defender and other antivirus monitors that I have seen. The Electroneum developers said their miner would be flagged, and it was, but to ignore the message as it was not dangerous. Minergate and others that I have used get flagged but are harmless as far as I know.

1 Like

I’ve had Windows Defender flag a bunch of mining software. It has deleted files from Nicehash before. I’ve just went into Windows Defender and allowed the software. Sometimes it doesn’t happen right away. Usually an update will trigger it.

1 Like

I’m not sure this is the same issue. I too have had Windows Defender flag an executable from Nicehash and other Github sourced miners.

This event did not identify xmrig-nvidia.exe as a trojan or a virus - it identified xmrig-nvidia.exe as the source of the trojan -> Win32/Bluteal!rfn

1 Like

Possible virus or trojan coming through the blockchain? Is that what you are thinking?

1 Like

No. I don’t think it’s formed that way or coming in that way. I wasn’t sync’ing any wallets at the time the flag popped up. In fact, the system was idle.

I know that Nicehash has bin’s inside their package. What I don’t know is where they get the 3rd party miners from. I would assume they get from their respective Github sources (xmrig, claymore, etc.), but I don’t know this to be a fact.

When I was setting up my rigs it became an expectation that Windows Defender was going to flag one or more of the executables if I didn’t exclude whole folders or pertinent files, but this time, the whole thing was different. This time (and remember this is not on a rig) it didn’t mention xmrig-nvidia.exe at all. The only way I discovered it as the source was by looking at the file path of the trojan.

1 Like

Found some explanations here. https://github.com/xmrig/xmrig/issues/85

2 Likes

:rofl::rofl::rofl::rofl::+1::+1::+1::+1::wink::wink::wink::wink: MybuddyPi - you won’t believe this, but I was just about to type the same thing to you…LOL!

Thanks man. I really appreciate the collective digging.

2 Likes

💰 YEN · YouTube ·️ YEN.CAMP 🧠