BlagoMiner Virus - Windows 10 Defender


#1

Running BlagoMiner v 1.070911

Windows Defender Tags BlagoMiner_AVX2.exe containing

Trojan:Win32/ScarletFlash.A
Affected file: C:\Qbundle\BlagoMiner\BlagoMiner_AVX2.exe

Also the service

Trojan:Win32/Zpevdo.A
Affected file: \Device\HarddiskVolumeShadowCopy152\Users\ckrun\Downloads\Qbundle 2.1.0\Qbundle_portable_v2.1.0\BurstService.exe

Has anyone else had this issue? Very recent to me with latest update. Interesting did not have issue with BlagoMiner\BlagoMiner_AVX.exe

Can bypass with exclude - still disconcerting.


#2

I had this hit, too. I also excluded it as a solve. “Disconcerting” is a good word for it. But, miners are flagged more often than is widely talked about. I think this is primarily due to the virus like actions of mining software.

We set up these programs to do heavy lifting and with burst mining they eat a lot of space… just like a virus. Heuristics “should” pick it up… if heuristics are worth their salt.


#3

Thanks for the insight.


#4

It has been speculated that the Blago miner is flagged by AV software because it has been used to mine Burst on compromised computers…botnets of thousands of machines mining Burst. Even though the software itself is legitimate and safe, it was installed by people gaining access to people’s computers.


#5

Makes sense. I’ve got the folder added to an exception for Windows Defender so it doesn’t delete the exe file on restart!