Jump to content

Recommended Posts

Posted (edited)

hola! detectamos que a una pc ingreso el virus XMRig miner y fue muy complicado quitarlo, de hecho este virus se AUTO Excluyo del antivirus y se instalo como servicio. A alguien le paso algo similar con este virus?. Saben si ESET tiene las herramientas para evitar su ingreso?

 

Machine translation:

We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service. Has anything similar happened to anyone with this virus? Do you know if ESET has the tools to prevent your entry?

Edited by Marcos
Machine translation added
  • Marcos changed the title to Trojan that ESET does not detect. XMRig Miner
  • Administrators
Posted

Since this is an English forum, we kindly ask you to post in English.

Please provide logs collected with ESET Log Collector. If you have come across suspicious undetected samples, check them at https://www.virtustotal.com and provide links with scan results.

Posted
1 hour ago, Lgaalvarez said:

We detected that the XMRig miner virus entered a PC and it was very complicated to remove it, in fact this virus was AUTO EXCLUDED from the antivirus and was installed as a service.

I don't know how the miner got installed on one of your network devices. Eset does detect the installer download: https://xmrig.com/docs/miner ;

Quote

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
4/12/2024 10:48:38 AM;HTTP filter;file;https://objects.githubusercontent.com/github-production-release-asset-2e65be/88327406/90f88b9c-a0e7-4636-8d46-3a5e9700bd95?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA/20240412/us-east-1/s3/aws4_request&X-Amz-Date=20240412T144818Z&X-Amz-Expires=300&X-Amz-Signature=a7f5e0c9b814adcdc5f33fd6d4c745d8dc59ad54cc235646d9233cfaa3e7f5bf&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=88327406&response-content-disposition=attachment; filename=xmrig-6.21.2-msvc-win64.zip&response-content-type=application/octet-stream;Win64/CoinMiner.TM potentially unwanted application;connection terminated;xxxxxxxx;Event occurred during an attempt to access the web by the application: C:\Program Files\Mozilla Firefox\firefox.exe (27BB8D2FC02CD2BBC184D07357AAA9903D88B425).;91680B78B255CE4C174E41C6D905FDBC9F5006B6;

Of note is the Eset detection is a PUA. This means one must respond to deny its download.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...