Lgaalvarez 1 Posted April 12 Posted April 12 (edited) hola! detectamos que a una pc ingreso el virus XMRig miner y fue muy complicado quitarlo, de hecho este virus se AUTO Excluyo del antivirus y se instalo como servicio. A alguien le paso algo similar con este virus?. Saben si ESET tiene las herramientas para evitar su ingreso? Machine translation: We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service. Has anything similar happened to anyone with this virus? Do you know if ESET has the tools to prevent your entry? Edited April 12 by Marcos Machine translation added Viki001rl 1
Administrators Marcos 5,450 Posted April 12 Administrators Posted April 12 Since this is an English forum, we kindly ask you to post in English. Please provide logs collected with ESET Log Collector. If you have come across suspicious undetected samples, check them at https://www.virtustotal.com and provide links with scan results.
itman 1,801 Posted April 12 Posted April 12 1 hour ago, Lgaalvarez said: We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service. I don't know how the miner got installed on one of your network devices. Eset does detect the installer download: https://xmrig.com/docs/miner ; Quote Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 4/12/2024 10:48:38 AM;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/90f88b9c-a0e7-4636-8d46-3a5e9700bd95?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA/20240412/us-east-1/s3/aws4_request&X-Amz-Date=20240412T144818Z&X-Amz-Expires=300&X-Amz-Signature=a7f5e0c9b814adcdc5f33fd6d4c745d8dc59ad54cc235646d9233cfaa3e7f5bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment; filename=xmrig-6.21.2-msvc-win64.zip&response-content-type=application/octet-stream;Win64/CoinMiner.TM potentially unwanted application;connection terminated;xxxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (27BB8D2FC02CD2BBC184D07357AAA9903D88B425).;91680B78B255CE4C174E41C6D905FDBC9F5006B6; Of note is the Eset detection is a PUA. This means one must respond to deny its download.
Recommended Posts