Jump to content

Trojan that ESET does not detect. XMRig Miner


Recommended Posts

hola! detectamos que a una pc ingreso el virus XMRig miner y fue muy complicado quitarlo, de hecho este virus se AUTO Excluyo del antivirus y se instalo como servicio. A alguien le paso algo similar con este virus?. Saben si ESET tiene las herramientas para evitar su ingreso?

 

Machine translation:

We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service. Has anything similar happened to anyone with this virus? Do you know if ESET has the tools to prevent your entry?

Edited by Marcos
Machine translation added
Link to comment
Share on other sites

  • Marcos changed the title to Trojan that ESET does not detect. XMRig Miner
1 hour ago, Lgaalvarez said:

We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service.

I don't know how the miner got installed on one of your network devices. Eset does detect the installer download: https://xmrig.com/docs/miner ;

Quote

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
4/12/2024 10:48:38 AM;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/90f88b9c-a0e7-4636-8d46-3a5e9700bd95?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA/20240412/us-east-1/s3/aws4_request&X-Amz-Date=20240412T144818Z&X-Amz-Expires=300&X-Amz-Signature=a7f5e0c9b814adcdc5f33fd6d4c745d8dc59ad54cc235646d9233cfaa3e7f5bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment; filename=xmrig-6.21.2-msvc-win64.zip&response-content-type=application/octet-stream;Win64/CoinMiner.TM potentially unwanted application;connection terminated;xxxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (27BB8D2FC02CD2BBC184D07357AAA9903D88B425).;91680B78B255CE4C174E41C6D905FDBC9F5006B6;

Of note is the Eset detection is a PUA. This means one must respond to deny its download.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...