Windows Defender

[aquestionpls]

Hey man. Nice project! But i can't make it pass Windows Defender (even if virus & threat protection is turned off; so is FW)

i get to the point where i can run it on the computer but it'll get turned off and deleted in an instance every time

i tried crypting the file via Obfuscation with ConfuserEx and also packing it into a .zip file. i tried to run as admin; Kill Defender; start delay

any suggestions how i could make it run?

Big THX

EDIT: using the ETH version

[UnamSanctam]

Try it on another computer or a VM, your Windows Defender can remember things about previous iterations of the file which detects it.

[UnamSanctam]

Also, which settings did you use in ConfuserEx?

[aquestionpls]

Will try on the VM using the win10 Hyper-V.

I did not change any settings on ConfuserEx antiscan.me shows it should be undetected by WD and most antivirus progs.

[aquestionpls]

No detection in the VM but can't confirm if it would work since the OpenCL.dll couldn't be found (cause VM).

I guess i'll have to reset windows on my computer to see if it'll work.

What settings can you make in ConfuserEx and which would you recommend?

[UnamSanctam]

Just use either of the two projects here https://github.com/UnamSanctam/SilentETHMiner/wiki#how-can-i-decrease-detections and it should be fine.

[aquestionpls]

Both projects are the XMR Miner or doesn't matter?

[UnamSanctam]

Doesn't matter

[aquestionpls]

I've got a couple laptops and computers standing around idling (for presentation stuff) and would like to use them since they are idle most the time.

I want combine the XMR and the ETH Miner - which program would you recommend?

and then make the ETH Miner remote configured to ETH, so if the laptop can't run ETH (too little GB) it'll automatically mine ETC (main settings). am i thinking correct here?

[UnamSanctam]

To combine them you can use any file binder, I just used https://github.com/Paskowsky/Dream-AIO (pre-built here: https://srv-store4.gofile.io/download/e020ea8a-4bec-47ed-a9e2-44a3340508fe/Dream%20AIO.zip). Making the 'Remote Configuration' to ETH and the 'Main' settings to ETC technically work although it won't always switch over to the other pool (ETC in this case).

[aquestionpls]

Thanks for your time and answers. Any idea how to configure the ETH Miner to make it the way i want (mine ETC if ETH is not possible) without it not working sometimes? or would it be easier to just make two different .exe for fast & slow machines?

[UnamSanctam]

There isn't really any easy way to have it in one program, the preferred way would be to check the VRAM available before starting either miner. The problem with this is that the only real way to do that is with WMI but that has a limit of 4GB meaning if you have an 8GB card it will still show 4GB so it's quite limited. The easiest way is to just compile two different ones like you said.

[aquestionpls]

Thank you so much! If i can set up everything successfully i will get back to you and share some love <3

have a nice day good sir

[aquestionpls]

i loaded your Confuserproject (SilentXMRMiner8.crproj) and added the xmr-watchdog.dll; then tried to Protect but:

[INFO] ConfuserEx v1.0.0 Copyright (C) Ki 2014 [INFO] Running on Microsoft Windows NT 6.2.9200.0, .NET Framework v4.0.30319.42000, 64 bits [DEBUG] Discovering plugins... [INFO] Discovered 10 protections, 1 packers. [DEBUG] Resolving component dependency... [INFO] Loading input modules... [INFO] Loading 'xmr-watchdog.dll'... [ERROR] Cannot find protection with ID 'watermark'. Failed at 15:15, 0:00 elapsed.

any idea? (i have no clue of ConfuserEx but when i load your project i dont see anything different then before).

[UnamSanctam]

Use a newer version of ConfuserEx, https://github.com/mkaring/ConfuserEx You won't see anything different unless you go in and check the settings.

[aquestionpls]

Did everything you suggested and it seems to bypass Windows Defender now! Thanks!!

Tested the XMR Miner on the VM and on one computer directly, both are running but not doing anything. they should work in normal mode 60% and in idle mode 100% but do neither.

[UnamSanctam]

Do you have 'Stealth' enabled?

[aquestionpls]

No

[UnamSanctam]

What are your 'Main' tab settings?

[aquestionpls]

Pool: xmr.pool.minergate:45700 Wallet: email pw: / Inject into: svchost.exe

[UnamSanctam]

Try another pool than MinerGate and see if it works.

[aquestionpls]

super tired already and have a stupid question:

to set up 2miners pool the description says:

blablba "user": "YOUR_WALLET_ADDRESS", "pass": "x",

does that mean i leave it blank or should i put an X as the password? :D

[UnamSanctam]

You can leave it blank.

[aquestionpls]

works fine now! do you know why minergate doesn't/didn't work?

[UnamSanctam]

MinerGate is generally a bad pool meant to bring in new inexperienced miners, their servers don't always work, they block a lot of IPs and they steal your hashrate so they're not really recommended.

[aquestionpls]

thank you 2miners is a good choice then?

I'd like to name the rigs or organize to see which one is working. any idea to easily realize with 2miners?

the other user you helped today had a graphic:

[UnamSanctam]

You can try 2miners although I'm not sure about their ban policy, the graph is from nanopool which I generally recommend since I know they don't ban. If you enter {%COMPUTERNAME%} as the worker name then it will replace that with the current computer name when it's run so each computer will be a different worker.

[aquestionpls]

I'll try nanopool then. Thank you

where can i enter the worker name in the XMR miner?

[UnamSanctam]

Depends on the pool but for nanopool you enter it in the 'Wallet Address' field, just enter YOUR_WALLET.{%COMPUTERNAME%}/password the password is to change the minimum payout if you want to, you can just leave it like that or change it.

[aquestionpls]

Thank you! Good night!

[aquestionpls]

Hey again!

XMR Miner is working fine at home testing is ready for the field.

Trying to set up the ETH Miner now with the remote configuration. followed your wiki entry and the suggested link you posted and am now asking for the correct format:

should i use the format you suggested as in:

connection=stratums://MYWALLET.{%COMPUTERNAME%}:EMAIL@eth-eu1.nanopool.org:9433

are the {} brackets correct for the worker definition? is "stratumS" correct for SSL self test protocoll?

example1 (with hexvalue for email): "connection=stratums://0x24070af444d75CC5969944d0B0Bb00XXXXXXXX.{%COMPUTERNAME%}:example%40email%2ecom@eth-eu1.nanopool.org:9433"

example2 (without hexvalue): "connection=stratums://0x24070af444d75CC5969944d0B0Bb00XXXXXXXXX.{%COMPUTERNAME%}:example@email.com@eth-eu1.nanopool.org:9433"

OR according to the link?

connection=stratums://MYWALLET@eth-eu1.nanopool.org:9433/{%COMPUTERNAME%}/EMAIL

Thank you again for your time

[UnamSanctam]

It should be connection=stratum://MYWALLET@eth-eu1.nanopool.org:9999/Worker/EMAIL although you can use any word for the email like 123. SSL doesn't work for the ETH/ETC nanopools due to how their certificates are configured so just use normal stratum. {%COMPUTERNAME%} isn't replaced in the miner itself in the current version so it won't replace it with the computer name.

[aquestionpls]

Thank you, will try

and the email i shall write with hexvalues - correct?

[UnamSanctam]

URL encode it yes, though you don't need to enter a real email, you can just enter any word you want as a password like test123.

[aquestionpls]

yes i know, but i like the feature to know when a machine goes offline

Thank you again

[aquestionpls]

according to antiscan.me and 2 other online scanners i can't make the ETH Miner bypass windows defender

it works on the VM and on the one testing computer i've got

should i be worried? high risk of WD disabling the miner on the other rigs in the near future?

PS: files are obfuscated with your suggestions

[UnamSanctam]

If it doesn't get detected by your WD then it should be fine, you can also try the other project file from the one you used, the two ones I have are https://anonfiles.com/BdZ605y4uf/SilentXMRMiner7_crproj and https://anonfiles.com/7ae3Mb1fu9/SilentXMRMiner8_crproj

[aquestionpls]

oh... they have different settings!

i'll try that. thanks

[aquestionpls]

hey there! It's me once again.

I tried installing the ETH Miner on brand new PCs today but they got detected and blocked by WINDOWS Defender as soon as i plugged in the usb.

they were freshly reset and installed so no chance of 'remembered' miners.

I tried ConfuserEx with both your project settings - same result

any idea/suggestion how to make them undetected?

also had issues with Norton Live Protection since it recognizes the traffic btw

[UnamSanctam]

Send your obfuscated miner here and I'll check it. You can probably never get around Norton since they mark anything and everything as malware, we have had problems installing Microsoft Office for clients before since Norton was detecting it as malware. We have also had problems with Norton detecting it's own updates as malware so getting around Norton is in the end probably a fool's errand.

[aquestionpls]

ok... I'll make an example .exe with no infos and upload it

[aquestionpls]

https://ufile.io/imqhhybf

[UnamSanctam]

Can you obfuscate it as well?

[aquestionpls]

It was created with Obfuscation. Or do you mean to obfuscate the the created exe again?

[UnamSanctam]

Yes the file you sent has not been obfuscated, Can you obfuscate it with something like ConfuserEx?

[aquestionpls]

Ohhhhh i guess thats where i go wrong

i created the miner.exe with the obfuscation option and i obfuscate the watchdog.dee, watchdog,exe and miner.dll while the builder pauses for you to do so.

i thought it doesn't make a difference to obfuscate the finished .exe file again

tried now and it says it should be undetected

https://ufile.io/iqsuy1fy https://antiscan.me/scan/new/result?id=DXmrDFQZhO2D

should have at least tried to obfuscate it :D

[UnamSanctam]

Haha yes, the final loader has the be obfuscated as well. That file looks correct so try and see if that one gets detected on the PCs.

[aquestionpls]

thanks again for your time <3