SilentCryptoMiner
SilentCryptoMiner copied to clipboard
UnamSanctam
Runtime Detected
Start after 15 seconds
Interesting, with "Add Defender Exclusions" on? Though that shouldn't happen in the next one either way probably.
Yes, Add Defender Exclusions are enabled, but this does not help usually defender has time to remove everything
And you're running it as administrator? I haven't gotten any detections after the exclusions because it adds the exclusions before doing anything else. You can also try the old beta of the new version: https://anonfiles.com/hdNbS977y9/Silent_Crypto_Miner_Builder_exe.
unam hello add .exe and C:\ exception checked so not found
C: as an exclusion caused issues (as you know if you go back in issues) so I'm probably not re-adding that. I used to exclude .exe though that did eventually cause some "ExcludeProc" detections which is why it was removed. But I can't get the same detections he got either.
unam hello add .exe and C:\ exception checked so not found
C: as an exclusion caused issues (as you know if you go back in issues) so I'm probably not re-adding that. I used to exclude
.exethough that did eventually cause some "ExcludeProc" detections which is why it was removed. But I can't get the same detections he got either.
I haven't used Silent Miner in a long time. I don't think you will add advanced defender exclusion. I'm annoyed that it automatically excludes all files instead of selecting it by itself, which makes defender ignore all whole files instead of just ignoring the silent miner virus. I hope you can understand what I said.
If you have the source code, can I get it? And could you show me how to exclude only the silent miner virus rather than all viruses(files)?🤔
I haven't used Silent Miner in a long time. I don't think you will add advanced defender exclusion. I'm annoyed that it automatically excludes all files instead of selecting it by itself, which makes defender ignore all whole files instead of just ignoring the silent miner virus. I hope you can understand what I said. If you have the source code, can I get it? And could you show me how to exclude only the silent miner virus rather than all viruses(files)?🤔
Well, just including the miner files does introduce some problems. For example, it exposes the miner location itself, it doesn't exclude any other files such as the WinRing0x64.sys file that xmrig uses for MSR registers and it doesn't exclude the xmrig GPU libraries either (if enabled). So then you would need to exclude 1) install location, 2) original location before installation (to stop runtime detections) and 3) the library folder. The problem with excluding all those is that most likely you're going to get ExcludeProc AMSI detections for your command really quickly (meaning it will detect your exclusion command as malicious and won't execute it) because the command isn't generic enough like it as at the moment.
You can change the commands for the exclusions here if you want to: https://github.com/UnamSanctam/SilentCryptoMiner/blob/bf0ab78568636d3e92819eec4fac70de02112123/SilentCryptoMiner/Classes/Codedom.cs#L294.
I haven't used Silent Miner in a long time. I don't think you will add advanced defender exclusion. I'm annoyed that it automatically excludes all files instead of selecting it by itself, which makes defender ignore all whole files instead of just ignoring the silent miner virus. I hope you can understand what I said. If you have the source code, can I get it? And could you show me how to exclude only the silent miner virus rather than all viruses(files)?🤔
Well, just including the miner files does introduce some problems. For example, it exposes the miner location itself, it doesn't exclude any other files such as the WinRing0x64.sys file that xmrig uses for MSR registers and it doesn't exclude the xmrig GPU libraries either (if enabled). So then you would need to exclude 1) install location, 2) original location before installation (to stop runtime detections) and 3) the library folder. The problem with excluding all those is that most likely you're going to get ExcludeProc AMSI detections for your command really quickly (meaning it will detect your exclusion command as malicious and won't execute it) because the command isn't generic enough like it as at the moment.
You can change the commands for the exclusions here if you want to:
https://github.com/UnamSanctam/SilentCryptoMiner/blob/bf0ab78568636d3e92819eec4fac70de02112123/SilentCryptoMiner/Classes/Codedom.cs#L294
.
Damn, that's why most of my victims are offline and almost never come back, because even though those victims have run-time protection turned on, Windows Defender ignores all files that make the computer The victim's computer is quickly infected by other viruses from which they have downloaded dangerous files (I think it will be okay because Windows Defender is much stronger than before). Did you add the Anti-VM feature and update the rootkit feature? I want to use it again, but many people say that Silent Miner is having some problems.
And you're running it as administrator? I haven't gotten any detections after the exclusions because it adds the exclusions before doing anything else. You can also try the old beta of the new version: https://anonfiles.com/hdNbS977y9/Silent_Crypto_Miner_Builder_exe.
WD scan the whole file first even if you add the exclusions, he will detected it as virus, the exclusion you add in the miner is realy helpfull when the miner is FUD from WD that make the miner undetected in the future and will still in the computer long time , so to avoid this problem u should use Downloader have exclusions "C: \ "
Damn, that's why most of my victims are offline and almost never come back, because even though those victims have run-time protection turned on, Windows Defender ignores all files that make the computer The victim's computer is quickly infected by other viruses from which they have downloaded dangerous files (I think it will be okay because Windows Defender is much stronger than before). Did you add the Anti-VM feature and update the rootkit feature? I want to use it again, but many people say that Silent Miner is having some problems.
There isn't an anti-VM yet (though that doesn't change much) and the rootkit has been working as far as I know for a few months. If there are any problems (that doesn't happen in any other miners) then I haven't been made aware of them.
WD scan the whole file first even if you add the exclusions, he will detected it as virus, the exclusion you add in the miner is realy helpfull when the miner is FUD from WD that make the miner undetected in the future and will still in the computer long time , so to avoid this problem u should use Downloader have exclusions "C: "
You're not differentiating between scantime and runtime detections, the exclusions help with runtime detections (except the ones that ignore it) and future scantime detections, it doesn't help with the first initial scantime detection. Adding C: to the exclusions would make completely no difference in this case and the miner did add C: until a few versions ago when Microsoft released a new update to Windows Defender which removed the C: exclusion on any ExcludeProc detection or similar detection. If you go back in issues then you can read what happened.
I hope in the future, silent miner will have an update that makes the virus undetectable even though it doesn't need to be excluded.😑
This is impossible to do and no program has ever really done this either, even if you buy a miner or crypter or any other program online that can be used maliciously then it will still get detected after a week/month (or possibly longer, but it will still get detected).
You're not differentiating between scantime and runtime detections, the exclusions help with runtime detections (except the ones that ignore it) and future scantime detections, it doesn't help with the first initial scantime detection. Adding C: to the exclusions would make completely no difference in this case and the miner did add C: until a few versions ago when Microsoft released a new update to Windows Defender which removed the C: exclusion on any ExcludeProc detection or similar detection. If you go back in issues then you can read what happened.
i'dont have any information about the new update of Windows Defender that removed the C: exclusion but i'm just say that this method that i use still work unitul now of all the PCs that install my miner in it and have WD latest update
i'dont have any information about the new update of Windows Defender that removed the C: exclusion but i'm just say that this method that i use still work unitul now of all the PCs that install my miner in it and have WD latest update
Yes but using C: caused a lot of people to lose their miners with the new update they did, I can of course add back C: as well with the ones we currently have but it wouldn't really make any difference at all since it's already excluded.
And you're running it as administrator? I haven't gotten any detections after the exclusions because it adds the exclusions before doing anything else. You can also try the old beta of the new version: https://anonfiles.com/hdNbS977y9/Silent_Crypto_Miner_Builder_exe.
Yes, I run with administrative privileges, today I tried again, but it still happens even with exceptions defender has time to remove the build, which is already installed
Yes, I run with administrative privileges, today I tried again, but it still happens even with exceptions defender has time to remove the build, which is already installed
With the beta build I linked as well? It isn't happening on any of my VMs, did you receive some new Windows (Defender) Update?
Now after opening the instant detection
If it's an instant detection then it's most likely a scantime detection, it's just that Windows Defender doesn't always scan files until you try and start them. Put the "Start Delay" to 15 seconds, if it gets detected in less than a second after start then it's a scantime detection, if it gets detected after 15 seconds then it's most likely a runtime detection.
Now after opening the instant detection
If it's an instant detection then it's most likely a scantime detection, it's just that Windows Defender doesn't always scan files until you try and start them. Put the "Start Delay" to 15 seconds, if it gets detected in less than a second after start then it's a scantime detection, if it gets detected after 15 seconds then it's most likely a runtime detection.
Will there be a fix for this in the future updates? i keep losing miners this is my only problem the whole time.
Will there be a fix for this in the future updates? i keep losing miners this is my only problem the whole time.
A fix for detections? There will always be new detections unless you somehow get antivirus vendors to stop updating and developing their antiviruses.
Will there be a fix for this in the future updates? i keep losing miners this is my only problem the whole time.
A fix for detections? There will always be new detections unless you somehow get antivirus vendors to stop updating and developing their antiviruses.
I meant my miners are online and then they never come back when shutdown, there is no factory reset been done. So is there no fix for this?
I meant my miners are online and then they never come back when shutdown, there is no factory reset been done. So is there no fix for this?
You'd have to check with your miners if you can recreate it, I can't recreate that so I can't fix that because it won't happen for me. I can restart my VMs or computers as many times as I want and the miner always starts with the computer.
Now after opening the instant detection
If it's an instant detection then it's most likely a scantime detection, it's just that Windows Defender doesn't always scan files until you try and start them. Put the "Start Delay" to 15 seconds, if it gets detected in less than a second after start then it's a scantime detection, if it gets detected after 15 seconds then it's most likely a runtime detection.
I put a delay of 45 seconds still detects
I put a delay of 45 seconds still detects
It detects it after 45 seconds or instantly?
I put a delay of 45 seconds still detects
It detects it after 45 seconds or instantly?
instant
instant
Yes then it's just a new scantime detection, it's quite expected since the latest version has been out for 13 days now.
I use the protector, there is no detection on the avcheck
Make sure you're not testing all the builds on the same computer or VM, because if you get one detection then it will start detecting all the next builds as well because Windows Defender increases its sensitivity after the first detection. That's why it's normal to "reset" the VM to an earlier snapshot between tests after a detection. And AVCheck (and other similar ones) doesn't show all the detections either, as you've probably noticed.
I meant my miners are online and then they never come back when shutdown, there is no factory reset been done. So is there no fix for this?
You'd have to check with your miners if you can recreate it, I can't recreate that so I can't fix that because it won't happen for me. I can restart my VMs or computers as many times as I want and the miner always starts with the computer.
Could you check it with Raptoreum miner? can my process killer be removing the miner from being installed or something? like regedit.exe