CUDA Bitcoin miner not detected by CIS

krzyh · September 23, 2013, 8:33am

For several weeks I was getting messages about missing dll (openldap.dll) always on start of Windows. It started after I have updated graphic cards drivers and I ignored that blaming NVIdia for ■■■■■■ install. Yesterday I’ve corrected missing DLL and then my graphic card started overheating even on desktop (idle). Google helped me to track that missing dll error was from Bitcoin miner malware that I’ve found in my computer and it was missed by several AV/Antimalware programs that I have used recently. Killswitch show this software as Trusted.

When I run a process manually it presents itself:

Client will start 1 miner threads
Work will be refreshed every 4000 ms
1 CUDA GPU devices found
Setting CUDA device to first device found
Loading module bitcoinminercuda_20.cubin
CUDA initialized
Done allocating CUDA resources for (16,16)
Finding best configuration step end (16,16) 824ms prev best=9223372036854775807
ms
Done allocating CUDA resources for (16,32)
Could not retrieve work from RPC server.
CURL return value = 7
Finding best configuration step end (16,32) 516ms prev best=824ms
Done allocating CUDA resources for (16,64)
Finding best configuration step end (16,64) 202ms prev best=516ms
Done allocating CUDA resources for (16,128)
Finding best configuration step end (16,128) 80ms prev best=202ms
Done allocating CUDA resources for (16,256)
Finding best configuration step end (16,256) 60ms prev best=80ms
Done allocating CUDA resources for (32,16)
Finding best configuration step end (32,16) 292ms prev best=60ms
Done allocating CUDA resources for (32,32)
Finding best configuration step end (32,32) 150ms prev best=60ms
Done allocating CUDA resources for (32,64)
Finding best configuration step end (32,64) 80ms prev best=60ms
Done allocating CUDA resources for (32,128)
Finding best configuration step end (32,128) 40ms prev best=60ms
Done allocating CUDA resources for (32,256)
Finding best configuration step end (32,256) 30ms prev best=40ms
Done allocating CUDA resources for (64,16)
Finding best configuration step end (64,16) 160ms prev best=30ms
Done allocating CUDA resources for (64,32)
Finding best configuration step end (64,32) 70ms prev best=30ms
Done allocating CUDA resources for (64,64)
Finding best configuration step end (64,64) 50ms prev best=30ms
Done allocating CUDA resources for (64,128)
Finding best configuration step end (64,128) 30ms prev best=30ms
Done allocating CUDA resources for (64,256)
Finding best configuration step end (64,256) 40ms prev best=30ms
Done allocating CUDA resources for (128,16)
Finding best configuration step end (128,16) 100ms prev best=30ms
Done allocating CUDA resources for (128,32)
Finding best configuration step end (128,32) 40ms prev best=30ms
Done allocating CUDA resources for (128,64)
Finding best configuration step end (128,64) 40ms prev best=30ms
Done allocating CUDA resources for (128,128)
Finding best configuration step end (128,128) 30ms prev best=30ms
Done allocating CUDA resources for (128,256)
Finding best configuration step end (128,256) 30ms prev best=30ms
Done allocating CUDA resources for (32,256)
Could not retrieve work from RPC server.
CURL return value = 7
Could not retrieve work from RPC server.
CURL return value = 7
Could not retrieve work from RPC server.
CURL return value = 7

I’ve submitted whole folder to virustotal and here are the results:

Tooby · September 23, 2013, 8:40am

krzyh post:1:

For several weeks I was getting messages about missing dll (openldap.dll) always on start of Windows. It started after I have updated graphic cards drivers and I ignored that blaming NVIdia for ■■■■■■ install. Yesterday I’ve corrected missing DLL and then my graphic card started overheating even on desktop (idle). Google helped me to track that missing dll error was from Bitcoin miner malware that I’ve found in my computer and it was missed by several AV/Antimalware programs that I have used recently. Killswitch show this software as Trusted.

When I run a process manually it presents itself:

Client will start 1 miner threads
Work will be refreshed every 4000 ms
1 CUDA GPU devices found
Setting CUDA device to first device found
Loading module bitcoinminercuda_20.cubin
CUDA initialized
Done allocating CUDA resources for (16,16)
Finding best configuration step end (16,16) 824ms prev best=9223372036854775807
ms
Done allocating CUDA resources for (16,32)
Could not retrieve work from RPC server.
CURL return value = 7
Finding best configuration step end (16,32) 516ms prev best=824ms
Done allocating CUDA resources for (16,64)
Finding best configuration step end (16,64) 202ms prev best=516ms
Done allocating CUDA resources for (16,128)
Finding best configuration step end (16,128) 80ms prev best=202ms
Done allocating CUDA resources for (16,256)
Finding best configuration step end (16,256) 60ms prev best=80ms
Done allocating CUDA resources for (32,16)
Finding best configuration step end (32,16) 292ms prev best=60ms
Done allocating CUDA resources for (32,32)
Finding best configuration step end (32,32) 150ms prev best=60ms
Done allocating CUDA resources for (32,64)
Finding best configuration step end (32,64) 80ms prev best=60ms
Done allocating CUDA resources for (32,128)
Finding best configuration step end (32,128) 40ms prev best=60ms
Done allocating CUDA resources for (32,256)
Finding best configuration step end (32,256) 30ms prev best=40ms
Done allocating CUDA resources for (64,16)
Finding best configuration step end (64,16) 160ms prev best=30ms
Done allocating CUDA resources for (64,32)
Finding best configuration step end (64,32) 70ms prev best=30ms
Done allocating CUDA resources for (64,64)
Finding best configuration step end (64,64) 50ms prev best=30ms
Done allocating CUDA resources for (64,128)
Finding best configuration step end (64,128) 30ms prev best=30ms
Done allocating CUDA resources for (64,256)
Finding best configuration step end (64,256) 40ms prev best=30ms
Done allocating CUDA resources for (128,16)
Finding best configuration step end (128,16) 100ms prev best=30ms
Done allocating CUDA resources for (128,32)
Finding best configuration step end (128,32) 40ms prev best=30ms
Done allocating CUDA resources for (128,64)
Finding best configuration step end (128,64) 40ms prev best=30ms
Done allocating CUDA resources for (128,128)
Finding best configuration step end (128,128) 30ms prev best=30ms
Done allocating CUDA resources for (128,256)
Finding best configuration step end (128,256) 30ms prev best=30ms
Done allocating CUDA resources for (32,256)
Could not retrieve work from RPC server.
CURL return value = 7
Could not retrieve work from RPC server.
CURL return value = 7
Could not retrieve work from RPC server.
CURL return value = 7

I’ve submitted whole folder to virustotal and here are the results:

VirusTotal

Hi there!

Sorry to hear about this frustrating issue. Have you tried other security software such as Malwarebytes to try to get rid of the malware? I know virus total saids no, but it’s worth trying physically on your system.

Also, have a look at this article, one of our forum moderators wrote: Virus removal and PC security tools – an overview - Gizmo's Best

Let us know if you need anything, keep us informed, good luck.

Cheers
Josh

jay2007tech · September 25, 2013, 3:37am

the bitcoin miner will use your gpu like nobody’s business.

Killswitch show this software as Trusted

Would you PM me a link to the malware?? If not sure where you can upload it to use, if you do decide to make it available Upload it to http://www.datafilehost.com/ then pm me the link to it

If its trusted, I’ll post here on what company issued the certificate (like verisign or godaddy as an example) and I’ll get it flagged as soon as possible, if its not already flagged by the time I get to it