soilentgreen

About EAM detection

Recommended Posts

Hi to all,

So this is the second time EAM detected  "Application.BitCoinMiner.SX (B)" (the location found in Firefox-Profiles).

The level risk is "no risk", but I if someone can explain what it is, I'll appreciate it.

I asked it because the link in the diagnosis, tells me nothing. It open this and I must ask what I should understand from a list of general threats  without any  explanation  about the threat itself EAM detected?

Hopping you fix it so the detection will lead to explanation about the threat itself :-)

Thank you.

 

 

Share this post


Link to post
Share on other sites

Doing a web search for  BitCoinMiner  will get you all sorts of hits about what it is. Microsoft even has one in their store. Bit Coins are virtual money on the web.

Share this post


Link to post
Share on other sites
13 hours ago, soilentgreen said:

So this is the second time EAM detected  "Application.BitCoinMiner.SX (B)" (the location found in Firefox-Profiles).

The level risk is "no risk", but I if someone can explain what it is, I'll appreciate it.

Without being able to see the scan log, there are two possibilities:

  1. You have an extension installed that includes some sort of mining software that abuses your computer to mine for cryptocurrency (most likely Monero).
  2. You have visited a website that has a JavaScript cryprocurrency miner embeded somewhere on the site (again most likely mining for Monero), and the files associated with it have been saved in the Firefox cache (which is completely normal).

The risk level "No risk" means it is what we consider a "Potentially Unwanted Program" (PUP). These are things that are not dangerous, but which could be annoying or waste your computer's resources, or be undesirable for some other reason.

 

13 hours ago, soilentgreen said:

Hopping you fix it so the detection will lead to explanation about the threat itself :-)

Our blog article on this sort of junkware is available at the following link:
https://blog.emsisoft.com/2017/10/11/cryptocurrency-mining-malware/

The blog article on common detection names doesn't include a description of what "Application.BitCoinMiner.SX" means because it's not one of our detection names. It was detected by the BitDefender scan engine (which is what the (B) on the end of the name means), and we don't have a list of what their detections mean. I don't think BitDefender has a list of what their detection names mean either, so we don't have a reference to write an article describing them (we don't even have a full list of them).

Share this post


Link to post
Share on other sites

I never even researched 'mining' until this post. A quick search & read just does not make  me want to do anymore reading about the subject.

Sort of confusing and as long as it does not hurt me, I don't care.

Share this post


Link to post
Share on other sites
8 hours ago, Ken1943 said:

Sort of confusing and as long ...

Yes, that's a fairly accurate summary of mining. ;)

Granted it can be profitable if you don't mind the steep learning curve and tools that aren't user-friendly, assuming the market for cryptocurrency doesn't crash after this recent spike in prices.

Share this post


Link to post
Share on other sites

To be simple, with Bitcoins you have 3 notions to understand:

1- bitcoins: are just encrypted datas associated with a value in money, any modification to it (exchange, sales, etc...) is added to the data bitcoin "code" called blockchain.

2- blockchain: when anything happen to the bitcoin (when you sell it, or buy something, etc...), information datas are verified, validated by the community then added on top of the bitcoin's code;  this newly added code can be modified but previous infos are locked, so in case of issues you can check it as "history".

3- Miners: those a the "community" , since bitcoins system used heavy encryption and need lot of computing resources to check, validate and re-encrypt transactions; users could volunteer to give the system  access to their machines (and getting a  portion of bitcoins in return for their help), those days, people can use dedicated machines to process and encrypt the datas, so some sites uses their visitor machines to do it while getting the benefits.

So basically, miners originally aren't dangerous by themselves,  they just eat you computer' resources. Consider them as "annoyances" 

 

Share this post


Link to post
Share on other sites
On 12/19/2017 at 7:47 PM, Umbra said:

So basically, miners originally aren't dangerous by themselves,  they just eat you computer' resources. Consider them as "annoyances" 

Well, they aren't "dangerous" in the sense of traditional malware, but with mobile devices (phones, tablets, laptops, or anything that can overheat easily) they can have rather unfortunate consequences:
https://www.bleepingcomputer.com/news/security/android-malware-will-destroy-your-phone-no-ifs-and-buts-about-it/

This, the fact that they slow your computer down due to excessive resource usage, and the fact that they are making other people money is why such mining software is detected by our software (and BitDefender's). Obviously normal desktop computers are better capable of handling mining, and if you want to try mining for some sort of cryptocurrency then feel free to do so. ;)

Share this post


Link to post
Share on other sites

Thank you all for the information you guys provide :-)

On 12/19/2017 at 4:33 AM, GT500 said:

The risk level "No risk" means it is what we consider a "Potentially Unwanted Program" (PUP). These are things that are not dangerous, but which could be annoying or waste your computer's resources, or be undesirable for some other reason.

I have 2 more questions:

1) If EAM detected PUP like the one founded on my computer, delete it or remove it to quarantine is enough?

2) I Wondering why EAM didn't alert about it and only find it in the scan?

The settings of Surf Protection are:

Malware/Phishing/ pup on "Block and notify", and Privacy risks on: Alert.

Thank you :-)

Share this post


Link to post
Share on other sites

@soilentgreen - you might find it helpful to read the last two Emsisoft blogs about PUPs, at: https://blog.emsisoft.com/2016/06/20/potentially-unwanted-programs-pups-what-you-need-to-know/ and https://blog.emsisoft.com/2013/12/23/what-is-a-pup/  

A PUP is not neccessarily unwanted though... eg if one installed a browser toolbar, maybe - just maybe - you want that toolbar...    They're called "potentially unwanted" rather than "definitely unwanted" because EAM can't be certain.   

I think I've also seen some programmers' tools classed as PUPs in the past - things that are dangerous if run by a user who doesn't understand what the program is offering to do, but perfectly safe if intentionally used to do that same thing by someone who wanted those things to happen. 

The most obvious reason for a PUP not giving an alert but being found in a scan is that it might not have been running at the time.   Even if it was running, if it wasn't trying to do one of the things that the behaviour blocker looks for (that are typical of malware) then there'd be nothing to cause an alert.

Share this post


Link to post
Share on other sites
On 12/24/2017 at 2:28 PM, soilentgreen said:

1) If EAM detected PUP like the one founded on my computer, delete it or remove it to quarantine is enough?

Quarantine is always recommended, as this saves a backup copy of what is removed, thus if you need to restore it later you will have that option.

 

On 12/24/2017 at 2:28 PM, soilentgreen said:

2) I Wondering why EAM didn't alert about it and only find it in the scan?

It's difficult to say for certain, especially since I don't know the file name or the date it was created.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.