Endpoint Protection

Expand all | Collapse all

Notification System infected: Miner.Bitcoinminer Activity 7 detected

  • 1.  Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-13-2018 07:04 AM

    Hi,

    I have a computer displaying message "System infected: Miner.Bitcoinminer Activity 7 detected" since 3/08. Is Symantec client dealing with the threat? What should I do so that risk is removed?

    Thanks to help!



  • 2.  RE: Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-13-2018 07:09 AM

    The IPS is detecting/blocking outbound traffic. Did the AV component find/alert/remove on anything? If not, the system should be taken offline and scanned. Re-imaged if possible.



  • 3.  RE: Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-13-2018 07:25 AM

    Hi Brian, I am having a look at the Scan Reports section. Can you please let me know which report I should generate to know whether the AV component has removed the threat. I generated the 'New Risks Detected in the Network' report and found Trojan.Gen.6 1 / Malware:Virus (File) was detected on 31/07/18 and Trojan.Gen.9 1 / Malware:Heuristic Virus (File) was detected on 6/08/18. Want to know what actions were taken against the 2 threat.

    Thanks

     

     



  • 4.  RE: Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-13-2018 07:32 AM

    Review the risk logs on the SEPM for that machine name.



  • 5.  RE: Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-14-2018 04:40 AM

    Hi Gavinash,

    If the IPS events are continuing, there is likely something still there.  If they stopped after the AV detections, you are likely cleaned. Run a manual scan with the latest definitions and perhaps a Power Eraser scan from the SEPM or a SymDiag Threat Analysis Scan to look for any additional suspicious files.

    An article that may help:

    Coinminer protection and removal with Symantec Endpoint Protection
    http://www.symantec.com/docs/TECH249302



  • 6.  RE: Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-20-2018 01:51 AM
      |   view attached

    Hi,

    I ran a full scan/ active scan and no risks/ detections were found; but still the notifications are popping up. Should I worry about it? What can I do about it? Should I open a case?

    Thanks

     

     

     

     



  • 7.  RE: Notification System infected: Miner.Bitcoinminer Activity 7 detected

    Posted 08-20-2018 04:21 AM

    If SEP's scanning isn't finding anything and you're still getting notifications for brand new IPS events then it's possible it's user activity causing these detections (i.e. they are accessing an infected site, daily).

    Otherwise, you may wish to run power eraser on the machine for a more in-depth scan (https://www.symantec.com/docs/HOWTO101744)