Anti-virus picking up stuff suddenly within miners?

I’m using NiceHash miner on my gtx 980 machine, its suddenly just picked up an apparent virus, logsetuplib.dll? and on my other machine its picked up suptab!blnk using Claymores, these machine are extremely clean, any ideas?

Yes, mining software has long been packaged inside malware to mine for the botnet operators. Most virus scans once they detect a miner will flag the files to error on the side of caution. Since the newest mining software is being flagged, it is safe to assume the botnet suspicions were right and versions of these probably are being deployed on unsuspecting victims right now.

But just because it is likely a false positive, don’t automatically dismiss it either. Double check you downloaded from the authorized location, either Github or a link from the original posting/announcement. Also check file signatures when available and upload the file to Virus Total for a more thorough scan against multiple AV engines. You will probably still get some hits, but 5 out of 60 positives is better than 50/60 positive returns.

so you’re saying there’s a chance malware is packaged in the official nicehash software?

I too have started getting virus alerts. Well…who runs NiceHash? They have generic emails and no physical address or names of owners/admin. Doesnt seem far fetched that they add a little something for themselves deep in their miner. I’m not saying they did but I never fully trust an operation that doesnt have a public face/identity.

interesting. i didn’t even bother checking. i’m so naive

Well we get wrapped up in the fervor and inevitably trust the “big names” and dont stop to think these are not regulated by an overseeing body nor are they held to any level of transparency. Those with the know how can check the underlying code…so the trust is “crowd sourced” so to speak

There is a chance malware is packed in any software, That is why compiling it yourself from the source code is the best option, however even here unless you are a very adept programmer and look through all the code, often 1000’s of lines, you could still miss some nefarious bits.

All claymores stuff gets flagged and i find it snake ish that he puts in code that limits hashing speed etc …not just zec… all his miners are a bit sneeky

But saying that all the miners i have used ( genoil / nheqminer etc) have flagged up as malware / trogans apart from silent army who seems like a genuine lad