itman 1,754 Posted July 7, 2023 Share Posted July 7, 2023 (edited) Based on a comment on a Russian web site where AV Block Remover utility can be downloaded from: https://www.comss.ru/page.php?id=8842 , the coin miner just doesn't block an AV installer after download. But it will actually block installer download from AV vendor web sites; Quote - when I wanted to download anti-virus utilities, the browser was closed; - if it was possible to download, then the launch of anti-virus utilities was blocked; - closes the task manager, and if you run it again, the miner closes. - even when I tried to look for a solution to my problem on the forums or on YouTube, the browser closed. https://www-comss-ru.translate.goog/disqus/page.php?id=8842&_x_tr_sl=ru&_x_tr_tl=en&_x_tr_hl=en&_x_tr_pto=sc Edited July 7, 2023 by itman Link to comment Share on other sites More sharing options...
itman 1,754 Posted July 7, 2023 Share Posted July 7, 2023 (edited) Another example of malware distributed via cracked game installers a while back that trashed a bunch of AV solutions is Crackonosh: https://www.tomsguide.com/news/cracked-games-hacked-pcs . I have no sympathy whatsoever for people using cracked software who get infected as a result of such use. Edited July 7, 2023 by itman LesRMed 1 Link to comment Share on other sites More sharing options...
safety 8 Posted July 9, 2023 Share Posted July 9, 2023 (edited) In general, the topic with this miner ("REALTEKD / TASKHOSTW") on technical forums in Russia and apparently in Ukraine over the past few years in popularity can only be compared with the Stop Djvu encryptor (but there at least the file extension changes stably, but here there is practically nothing does not change). Many antiviruses are taken out and blocked, not only ESET. In both cases, the infection occurs as a result of the use of hacked programs. The installer with this miner, as a rule, is several Gb, and there is no way to check it for viruses. In addition to blocking the launch of installers and utilities, blocking standard installation paths for anti-virus programs, access to the sites of technical forums and anti-virus companies is also blocked. Edited July 9, 2023 by safety itman 1 Link to comment Share on other sites More sharing options...
Malware Hunter 0 Posted July 9, 2023 Author Share Posted July 9, 2023 @Маркос @Итман i found when malware miner.. hxxps://itorrents-igruha.org/ You can download and game install , disable your windows defender and eset , after test him to malware.. Download it torrent ... You can check it. Game Torrent.zip.zip Link to comment Share on other sites More sharing options...
itman 1,754 Posted July 9, 2023 Share Posted July 9, 2023 I believe the truism "Common sense is not that common" is applicable here. You download a cracked game installer from a torrent web site. What else would you expect than to get nailed by nasty malware. LesRMed 1 Link to comment Share on other sites More sharing options...
itman 1,754 Posted July 9, 2023 Share Posted July 9, 2023 (edited) There is an outstanding question in regards to this coin miner. How did it get installed in the first place? 1. Did it disable Windows Defender to do so? 2. Was it able to disable/bypass third party security software including Eset to do so? 3. Or, let me guess. The game installer instructed the user to disable their real-time AV solution. The main point here is if AV protection prevented the coin miner from installing, then what the coin miner does after installation is irrelevant. Edited July 9, 2023 by itman Link to comment Share on other sites More sharing options...
Malware Hunter 0 Posted July 9, 2023 Author Share Posted July 9, 2023 1.The miner knows how to disable the defender at any time. or Either the user disables it windows defender. 2. Have you managed to disable/bypass third-party security software, including Eset? No. Eset doesnt install . Or, let me guess. The installer of the game instructed the user to disable the AV solution in real time. Yes most likely the miner is interfering with the installation antivirus disabling. The point here is that if the antivirus protection prevented the coin miner from installing, what the coin miner does after installation is irrelevant. The miner will block the installation antivirus in the case of 80-90% , after installing the game . Link to comment Share on other sites More sharing options...
Malware Hunter 0 Posted July 9, 2023 Author Share Posted July 9, 2023 Torrent can move anywhere, you have to at least find that aggressive sampler to research. It's not all that easy to take a sample. I have seen which program console games and turn the miner. It happened a month ago, I do not remember the story but really it was so. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,286 Posted July 9, 2023 Administrators Share Posted July 9, 2023 Since everything has been said, we'll draw this topic to a close. 1, There exist threats that prevent basically all security programs from being installed. 2, Vendors can be in no way liable for not being able to install on already infected machines. 3, We haven't been reported any such issues from users who were prevented from installing ESET. That said, currently we do not see the need for a specialized standalone cleaner that would repair the appropriate registry keys and values to allow installation of ESET. Link to comment Share on other sites More sharing options...
Recommended Posts