Jump to content

Trojan that ESET does not detect. XMRig Miner


Recommended Posts

hola! detectamos que a una pc ingreso el virus XMRig miner y fue muy complicado quitarlo, de hecho este virus se AUTO Excluyo del antivirus y se instalo como servicio. A alguien le paso algo similar con este virus?. Saben si ESET tiene las herramientas para evitar su ingreso?

 

Machine translation:

We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service. Has anything similar happened to anyone with this virus? Do you know if ESET has the tools to prevent your entry?

Edited by Marcos
Machine translation added
Link to comment
Share on other sites

  • Marcos changed the title to Trojan that ESET does not detect. XMRig Miner
  • Administrators

Since this is an English forum, we kindly ask you to post in English.

Please provide logs collected with ESET Log Collector. If you have come across suspicious undetected samples, check them at https://www.virtustotal.com and provide links with scan results.

Link to comment
Share on other sites

1 hour ago, Lgaalvarez said:

We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service.

I don't know how the miner got installed on one of your network devices. Eset does detect the installer download: https://xmrig.com/docs/miner ;

Quote

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
4/12/2024 10:48:38 AM;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/90f88b9c-a0e7-4636-8d46-3a5e9700bd95?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA/20240412/us-east-1/s3/aws4_request&X-Amz-Date=20240412T144818Z&X-Amz-Expires=300&X-Amz-Signature=a7f5e0c9b814adcdc5f33fd6d4c745d8dc59ad54cc235646d9233cfaa3e7f5bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment; filename=xmrig-6.21.2-msvc-win64.zip&response-content-type=application/octet-stream;Win64/CoinMiner.TM potentially unwanted application;connection terminated;xxxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (27BB8D2FC02CD2BBC184D07357AAA9903D88B425).;91680B78B255CE4C174E41C6D905FDBC9F5006B6;

Of note is the Eset detection is a PUA. This means one must respond to deny its download.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...