Categories: PUA

About “Claymore’s Ethereum Dual Miner (PUA)” infection

The Claymore’s Ethereum Dual Miner (PUA) is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Claymore’s Ethereum Dual Miner (PUA) virus can do?

  • Creates RWX memory
  • Dynamic (imported) function loading detected
  • Starts servers listening on 0.0.0.0:8800, :0
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid

How to determine Claymore’s Ethereum Dual Miner (PUA)?



File Info:

name: 9D4CC8B9EF68AE6DAFA2.mlwpath: /opt/CAPEv2/storage/binaries/4ad0e2a81a16640d54471949ac0bd2bef611f6e29d032c43627e73e4b925b03ccrc32: 844D47F9md5: 9d4cc8b9ef68ae6dafa2d09282514f4dsha1: 97dc880604d92590e30792c2beb2c5c8803a1b6asha256: 4ad0e2a81a16640d54471949ac0bd2bef611f6e29d032c43627e73e4b925b03csha512: 2110d5c04d268deddd3ab459e60bb3fcc6685c8e4c6690077a4bfe978d260c3c25447155dedbd68d861a0d295720000a7d4c7170cfcf3df83f35dcd20dd264c8ssdeep: 49152:0StpNgj0Cnjkc9MDhGOnZExnX6SXZb/6KN2Oo6VDA5gC0hvRMjobnm+IIIIIIL3i:pnGpNCgAyLvSAnm3gtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T166065C127285E43ED0660B3B5C3BE765AC3DBB213A1299577BF4194C0F36680BD2E297sha3_384: cae775d8faabaf82700ec1c4ca9a562295b8b56101e8fbd5d3b99875bf1763a0518593dfe04779d8c0c466802bbd37a9ep_bytes: eb1066623a432b2b484f4f4b90e9ac00timestamp: 2018-02-24 09:10:22

Version Info:

FileVersion: 1.0.0.0ProductVersion: 1.0.0.0Translation: 0x0409 0x04e4

Claymore’s Ethereum Dual Miner (PUA) also known as:

FireEye Generic.mg.9d4cc8b9ef68ae6d
CAT-QuickHeal Trojan.IGeneric.S2169651
Sangfor Trojan.Win32.Save.a
K7AntiVirus Adware ( 00524e301 )
K7GW Adware ( 00524e301 )
VirIT Trojan.Win32.BtcMine.DLQ
Symantec ML.Attribute.HighConfidence
Elastic malicious (high confidence)
ESET-NOD32 a variant of Win32/CoinMiner.FS potentially unwanted
APEX Malicious
NANO-Antivirus Trojan.Win32.BtcMine.eykufr
DrWeb Trojan.BtcMine.2330
TrendMicro Coinminer_ETHEREUM.SM
McAfee-GW-Edition GenericRXPZ-PB!9D4CC8B9EF68
Sophos Claymore’s Ethereum Dual Miner (PUA)
SentinelOne Static AI – Suspicious PE
GData Win32.Trojan.Agent.HT2WH9
Antiy-AVL Trojan/Generic.ASMalwS.50E3
McAfee GenericRXPZ-PB!9D4CC8B9EF68
VBA32 BScope.Trojan.Wacatac
Malwarebytes RiskWare.BitCoinMiner
TrendMicro-HouseCall Coinminer_ETHEREUM.SM
Rising Trojan.Generic@AI.91 (RDML:zj4iP0y1y6/onAnmB62gnw)
Yandex Trojan.GenAsa!jtDLDht3YWo
MaxSecure Trojan.Malware.300983.susgen
Fortinet Riskware/Miner

How to remove Claymore’s Ethereum Dual Miner (PUA)?

  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.
Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment
Share
Published by
Paul Valéry
Tags: Claymore's Ethereum Dual Miner (PUA)
2 years ago

Recent Posts

Tedy.576706 removal tips

The Tedy.576706 is considered dangerous by lots of security experts. When this infection is active,…

2 mins ago

Should I remove “Malware.AI.988864385”?

The Malware.AI.988864385 is considered dangerous by lots of security experts. When this infection is active,…

12 mins ago

What is “Win32.XPaj.D.3 (B)”?

The Win32.XPaj.D.3 (B) is considered dangerous by lots of security experts. When this infection is…

17 mins ago

Win32:MsfEncode-K [Hack] removal tips

The Win32:MsfEncode-K [Hack] is considered dangerous by lots of security experts. When this infection is…

17 mins ago

Should I remove “Generic.Dialer.E8BE4398”?

The Generic.Dialer.E8BE4398 is considered dangerous by lots of security experts. When this infection is active,…

22 mins ago

Generic.Dacic.94CCEEA9.A.5494E6E2 malicious file

The Generic.Dacic.94CCEEA9.A.5494E6E2 is considered dangerous by lots of security experts. When this infection is active,…

23 mins ago