Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: False positive bitcoin miner? w XYplorer & new windows 7 install

26 Jul 2019   #1

Windows 7 Home Premium x32
False positive bitcoin miner? w XYplorer & new windows 7 install

OK I originally posted this on another site but they saw that I wrote the word "Malwarebytes" they had a moderator reply with an advertisement for whatever they are trying to promote, and close it for any further replies. read the whole thing. i didn't pirate anything. i don't think. i bought it, i paid for it, i registered it, i don't know how to prove it but i did. i used my co-workers version when he gave it to me. but i have paid for this software. i swear i did. just read, please?....

ok, this is a little long just because i am trying to be clear and avoid having to leave people with only half the information they need to help me. if it is TOO much information, I am sorry...I wrote this in notepad and was going to break it into two posts, but one provides context for the other, so here:

it had been years and my computer really just needed a fresh windows install. no major problem, just the bunch of tiny glitches that, after a couple of years, get annoying enough to have me reset it. running win 7 pro x64 on an hp 6300. yes i know it is old. i am poor; don't judge. anyways, it used to be part of a server system so it was really in great shape and clean and stable since all it had ever really dealt with was a steady transfer stream. it never had to output any video or sound or even take direct inputs. why am i justifying what computer i have? anyways, i did a complete clean reinstall of the OS. and i have just been setting it up kinda slowly (got other machines that need attention also).

i did't get much done after the theming, because i hit a snag when i was installing my file explorer. XYplorer - it helps, I am lost without dual panes. After it installed avast popped up an alert saying it suspected a bitcoin miner. at that time, i just took avasts word for it. i hadnt installed revo yet so i had to uninstall xyplorer using the windows menu. i get kind of ocd and decided i need to roll it back to a restore point before i ever installed xyplorer (i will tell you about the install file later in this post) so that i had nothing to worry about. i hadnt installed revo yet so i had to uninstall xyplorer using the windows menu. but before i rolled it back i wanted to figure out WHY it suspected a bcm. and i wanted to see if i could hunt down anything left over that the scan didn't find.

So, I went looking around. First I ran the most intense avast scan that could be set. it found NOTHING.
i went through my entire system by hand. every file, every folder, checking the properties and actually learning a lot about how windows organizes itself. so i guess that is a plus.
i found a couple of empty folders in the username/appdata/roaming folder that were in an XYplorer folder, and basically the same thing in the program
Found nothing.
Did searches for file names and contents for "XYplorer" and the name of the developer and various other words i had seen associated with the program. I found nothing. i sat back and messed around with a couple programs while i watched my processes and services for anything unusual.
i went to the registry. did the same searches i had done for files. it found i think 2 entries and from what i could tell, they were instructions to use it as a default for opening the file type(s) of the explorers configuration settings - there are a couple of settings export options. the values were empty in both of them and i deleted them.
no issues.
shut down
repeated the file search
and the registry search.
files - nothing at all.
registry also had nothing.
processes and services unaffected. performance doesnt seem hindered, but i didn't benchmark it before. internet works fine (i did switch providers to get a faster plan, though). i have seen no trace of anything associated with the program at all.

can someone tell me a couple of reasons why there might be falso positives on this, if you can think of any?

look, i am going to be honest here, I am using an old install file that is registered to someone else. they shoved their license number into the proper place and basically cracked it. call me an amoral, selfish, greedy, thief, but .... it was a present? i don't have a great excuse for that so i am not even going to insult your intelligence by trying. like I said, I am poor, and I can't afford to get a new license. yes, i said a NEW liscence. i HAVE purchased this explorer before - a very long time ago, and the licesnse wouldn't work on the newest version - i think it goes up to 9? i don't know where my license is and i really cannot afford to buy a new license just because the version has gone up. i don't care about the version, there is no noticeable improvement in the new release that i could see, anyways. also, i don't even know if it would count as a registration bc i bought it for a 32bit system and am now using a 64bit.

so, that is the story of why i am using that file. if you believe me, thank you. if you don't, i get it, and you can yell at me, but before that can someone try and help me figure this out? i am kind of obsessed with figuring it out now. at some point i need the program to work. also, i have the 64bit version and the 32bit version - which would be best to even install? and yeah, i will admit that i have not actually WITNESSED the modifications of the install file, so i won't say that it is IMPOSSIBLE that it's been infected, but it is UNLIKELY....part of the reason i want to know.

i even tore open the .exe on my other system (which, btw is running the same file explorer and avast has no problem with it despite the fact that the settings are actually imported from the first, weird? but i couldn't find anything suspicious in the file. then again i don't entirely know what i am looking for. i've been using computers my whole life but i never slowed down to learn to program in any particular language. but i can read most of them...still, i am not magic and i could have missed something. does anyone know how to rip open a program and check to see if it has any malware (etc) packed in with it?

which brings me to my next point. - i had no idea what to name this post bc it branches out a bit, i'd rather not have to do malware scans by hand. i know malwarebytes is the go to program but does anyone have a good alternative? preferably something open-source? real time scanning is optional, i suppose. I'm getting tired of working with a lot of commercial software atm. I can never afford the full version and it just dumps a bunch of files and registry entries all over my computer. something powerful and light. GUI doesnt have to be pretty, but i think i need more than a command line to work with. everybody tells me not to use combofix, unless i am a professional...what exactly do i need to know to be considered a professional? ideas?

...thanks guys. sorry if it is a stupid question or has been answered,

i couldn't find a post here.

*also...please no norton, mcaffee, panda or kaspersky

UPDATE: I TOTALLY forgot my main point! Does anyone think i really need to use a restore point? or should i just believe that the problem has been taken care of (while i figure out whether or not the install file is infected/which one i should use)? like i said, I am OCD and have this problem with making myself start all the way over with anything that hits even one i overreacting?

My System SpecsSystem Spec
27 Jul 2019   #2

W7 home premium 32bit/W7HP 64bit/w10 tp insider ring

Hi Klear6,

No security expert, so general comments
Any AV can produce FP's
The message you recieved was only a warning - if it determined it was a genuine threat it would have either automatically Quaranteened it or asked you to Choose what action to take.

VirusTotal is the goto for suspected malware programs
(it scans/runs the exe against a database of 30+ AV programs and shows how many rank it as bad, if any)

For a once only On-line scan i'd opt for ESET. (dissable current)
I use Bitdefender free - pretty lightweight simple GUI and NO other add-ons

Most security specialists have moved away from Combofix, (not sure its maintained anymore)
Farbar (FRST) has taken its place
Have a look at BleepingComputers security section, pick a biggy see what they did.

Using a Restore point is fine, however id recommend something like Macrium/Acronis (free too)

My System SpecsSystem Spec
27 Jul 2019   #3
F22 Simpilot

Windows 7 Ultimate x64

What is the tl;dr part?
My System SpecsSystem Spec


 False positive bitcoin miner? w XYplorer & new windows 7 install

Thread Tools

Similar help and support threads
Thread Forum
Is Windows/SYSWOW64/BReWErs.dll a virus or false positive?
It's detected by malwarebytes as "Trojan.Downloader" but i'm hesitant to delete anything that's in the Windows folder.
System Security
A nice little False Positive.....
Just to show you that not all alerts are necessarily malware.... This is an .ISO copy (created using IMGBurn) of the original GIGABYTE Drivers DVD that accompanies the GA-P55A-UD3R motherboard. A scan of the original DVD contains the same FP. GOM = Gigabyte Online Manager utility. ...
System Security
Is this a false positive?
Hi Folks, Just wondering if anyone else has had this particular situation....I ve attached two "bad boys" MSE here's the interesting scenario (at least for me!) was caught by MSE while or just after (literally mintues after) I did a full scan using Malwarebytes....and the...
System Security
False positive
How do I add a exception in norton 2011 Internet security?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 22:08.
Twitter Facebook