Windows 10: Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version?

Discus and support Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version? in AntiVirus, Firewalls and System Security to solve the problem; Hi, I've scanned my PC with Windows Defender today and it detected a PUA:Win32/CoinMinerscreenshot below. It's an old Electrum 3.3.8 Portable... Discussion in 'AntiVirus, Firewalls and System Security' started by philipp952806, Jun 26, 2020.

  1. PHILIPP952806
    philipp952806 Win User

    Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version?


    Hi,


    I've scanned my PC with Windows Defender today and it detected a PUA:Win32/CoinMinerscreenshot below. It's an old Electrum 3.3.8 Portable executable bitcoin wallet which I downloaded last year. I also uploaded it to Virustotal where some other engines also detected the file as a PUP, results arehere.


    So I checked my browser history to see if I downloaded it from the offical site which I did and I also checked the signature of the executable with GPG and it was good. I also noticed that when downloading the exe again from the official site it also gets detected.


    Of course that would normally be it and I wouldn't worry about it but I thought it was kind a strange is that Windows Defender says it's an active threat. Does that mean it was running or doing anything or simply that it hasn't been dealt with? It would worry me a little if it was running or doing anything because I only downloaded it many months ago but never actually used it because I decided to use something different.


    I also wondered why it wasn't detected during any other scan before over all these months where it was sitting on my desktop but I guess that's probably because of a recent definition update.


    Sorry for my amateur questions, haven't really had any potential threats on my system before.




    Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version? 4f76ebc7-d629-407b-9352-7fc0645ee208?upload=true.jpg

    :)
     
    philipp952806, Jun 26, 2020
    #1
  2. BHRINGER
    bhringer Win User

    False Positive by Windows Defender ? Win32/Critet.BS

    @G_963

    Found thread in ZHPCleaner forum.

    Dectection du trojan :Win32/Critet.BS

    Zone Antimalware - Actualité Antimalware

    Updated Windows Defender definitions to 1.263.740.0 and downloaded ZHPCleaner from author's site. It passed security scan so hopefully the issue has been resolved with false positives.

    Try manually updating through Windows Defender Security Center - Virus and Treat Protection Updates and determine if supercopier is still detected.

    ~
     
    bhringer, Jun 26, 2020
    #2
  3. DAVEFOWLE
    DaveFowle Win User
    Windows defender false positives

    Hi all,

    If I try to download the following two files, windows defender deletes them because it says that they contain win32/spursint.a. Can anyone confirm if these are false positives and also confirm if they get the same results.

    Links are -

    https://sites.google.com/site/share...le/COBFeatureUpgradeSample.zip?attredirects=0

    https://sites.google.com/site/kimknight/remoteapptool/RemoteAppTool_v4025.zip?attredirects=0&d=1

    WIndows version numbers

    Windows 10 Pro

    Version 1511

    OS Build 10586.14

    Windows Defender version numbers

    Virus definition version 1.211.1490.0

    Spyware definition version 1.211.1490.0

    Thanks
     
    DaveFowle, Jun 26, 2020
    #3
  4. JG_963
    JG_963 Win User

    Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version?

    False Positive by Windows Defender ? Win32/Critet.BS

    hi,

    I have the same problem with supercopier that does not run stopped by the defender with this Trojan also with ZHPcleaner!!!

    Nicolas Coollman say that it is as false/positive.
     
    JG_963, Jun 26, 2020
    #4
Thema:

Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version?

Loading...

  1. Windows Defender PUA:Win32/CoinMiner Active? False Positive Or Malicious Version? - Similar Threads - Defender PUA Win32

  2. Windows defender Win32/Wacatac.B!ml false positives are hindering our business

    in Windows 10 Gaming
    Windows defender Win32/Wacatac.B!ml false positives are hindering our business: We develop a SIGNED with an EV Cert from DigiCert application that we distribute to our users in the form of a Wix MSI that is being incorrectly flagged as Win32/Wacatac.B!ml.VirusTotal shows nothing from any other vendor.This has been an issue before:...

  3. Windows defender Win32/Wacatac.B!ml false positives are hindering our business

    in Windows 10 Software and Apps
    Windows defender Win32/Wacatac.B!ml false positives are hindering our business: We develop a SIGNED with an EV Cert from DigiCert application that we distribute to our users in the form of a Wix MSI that is being incorrectly flagged as Win32/Wacatac.B!ml.VirusTotal shows nothing from any other vendor.This has been an issue before:...

  4. Windows defender Win32/Wacatac.B!ml false positives are hindering our business

    in AntiVirus, Firewalls and System Security
    Windows defender Win32/Wacatac.B!ml false positives are hindering our business: We develop a SIGNED with an EV Cert from DigiCert application that we distribute to our users in the form of a Wix MSI that is being incorrectly flagged as Win32/Wacatac.B!ml.VirusTotal shows nothing from any other vendor.This has been an issue before:...

  5. Win32/Coinminer

    in AntiVirus, Firewalls and System Security
    Win32/Coinminer: Few days ago i downloaded a file game but I think it had virus. So after installing it till now windows defender finds a threat basically when I on the system. Its Win32/Coinminer. I did the full scan in windows defender quite a few time but it doesn't,find a threat almost...

  6. false positive? Win32/Sabsik.FT.A!ml

    in AntiVirus, Firewalls and System Security
    false positive? Win32/Sabsik.FT.A!ml: after compiling my C++ using the devolper console "cl /EHsc hello.cpp" this triggered my antivirus to say Win32/Sabsik.FT.A!ml trojan was discovered and it affected "hello.cpp", so false positive or not or this Win32/Sabsik.FT.A!ml the C++ compilor?...

  7. False positive in Defender?

    in AntiVirus, Firewalls and System Security
    False positive in Defender?: Defender has just identified an alleged Script/Wacatc.B1Ml trojan in a zip file that has been on my system for many years. It didn't object to the unzipped version, a vbs file. I don't know where the zip file has been put, to send a sample and I can't remember how to send...

  8. Windows Defender False-Positives loop

    in AntiVirus, Firewalls and System Security
    Windows Defender False-Positives loop: After spending all day on this literally my patience has worn out. I have been using Windows Defender for many years on many different computers, they've done their job and never given me grief-until now. I've been able to download several tools/programs without issue and...

  9. Kali Linux ISO a virus? PUA: Win32/CoinMiner

    in Windows 10 Network and Sharing
    Kali Linux ISO a virus? PUA: Win32/CoinMiner: I downloaded the official Kali Linux ISO file to create a boot stick but then I got a lot of messages from Windows Defender like PUA: Win32/CoinMiner, Trojan: PHP/RevWebshell, Exploit: JS/ShellCode, Exploit: Ruby/JSShell and 7 more malware and all of them were classified as...

  10. Windows Defender False Positives

    in AntiVirus, Firewalls and System Security
    Windows Defender False Positives: I received an alarming message from WD which says all antivirus providers are disabled, which I think was a false positives. So I went on a check. And the result: [ATTACH] Protection is on, license is active and my firewall is on too. Can you tell why that message is...