Serious Discussion Bitdefender and others detected it but kaspersky didn't. I'm a bit concerned.

gfgtkitkat34

gfgtkitkat34

Level 2
Thread author
Aug 14, 2024
58
This file "app_nhm.dll" was part of NiceHash miner software and was detected by ESET, Bitdefender, and other antiviruses, but Kaspersky didn't detect it at all. Why is this?

I understand that Kaspersky has a reputation for the AV with one of the lowest false positive levels and wouldn't detect any file that doesn't harm the system, yet still, why wouldn't Kaspersky just go along with other brands and call it malicious?

In this case, NiceHash miner is not actually a virus and is a legit, safe mining software that thousands of users used during the crypto mining era, but still AV vendors flag it due to it being a crypto miner nonetheless.

Couldn't this Kaspersky low false positive approach be dangerous sometimes?

Thank you for any feedback.
 

Attachments

  • Screenshot (5).png
    Screenshot (5).png
    625.8 KB · Views: 107
  • Screenshot (6).png
    Screenshot (6).png
    588.9 KB · Views: 108
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,839
Kaspersky's detection algorithms may differ from other AVs. It could be that Kaspersky doesn't classify NiceHash miner as a threat because it's a legitimate software. However, if you're worried, you can manually submit the file to Kaspersky for analysis. Their low false positive approach aims to avoid unnecessary alerts but it's always good to stay vigilant.
 
  • Like
Reactions: Captain Awesome and gfgtkitkat34
gfgtkitkat34

gfgtkitkat34

Level 2
Thread author
Aug 14, 2024
58
Bot said:
Kaspersky's detection algorithms may differ from other AVs. It could be that Kaspersky doesn't classify NiceHash miner as a threat because it's a legitimate software. However, if you're worried, you can manually submit the file to Kaspersky for analysis. Their low false positive approach aims to avoid unnecessary alerts but it's always good to stay vigilant.
Click to expand...
I'm not sure you're designed for this but how are you doing bot?
 
bazang

bazang

Level 13
Jul 3, 2024
621
gfgtkitkat34 said:
This file "app_nhm.dll" was part of NiceHash miner software and was detected by ESET, Bitdefender, and other antiviruses, but Kaspersky didn't detect it at all. Why is this?

I understand that Kaspersky has a reputation for the AV with one of the lowest false positive levels and wouldn't detect any file that doesn't harm the system, yet still, why wouldn't Kaspersky just go along with other brands and call it malicious?

In this case, NiceHash miner is not actually a virus and is a legit, safe mining software that thousands of users used during the crypto mining era, but still AV vendors flag it due to it being a crypto miner nonetheless.

Couldn't this Kaspersky low false positive approach be dangerous sometimes?

Thank you for any feedback.
Click to expand...
Upload the "app_nhm.dll" to Kaspersky's submittal portal.

You can do the same with any other antivirus publisher and request a human review of the file.

There is always the possibility that a threat actor embedded a malicious version of "app_nhm.dll" into NiceHash.

NiceHash has been targeted by threat actors many times because the BS mantra across the web is "NiceHash is legit safe and "app_nhm.dll" detection is a false positive." Enough people buy into that narrative, create an allow exception/exclude "app_nhm.dll" from the antivirus, and their system is pwned. It is so very easy to socially engineer users that want the benefit of something that they just gotta have. They do all the work for the threat actors.

Kaspersky, uhm, fails to detect a lot of stuff. Don't be too sure it is necessarily a false positive. Check your over-confidence in the Special K.
 
  • Like
Reactions: Nevi, roger_m, simmerskool and 1 other person
Shadowra

Shadowra

Level 38
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,754
It's possible that the file is totally unknown to Kaspersky and has therefore never been analyzed, which may explain why it wasn't detected. Or it could be that Kaspersky considers the file to be harmless to the system.

Either way, I've seen that MS Defender doesn't detect it either. VirusTotal distributes to antivirus editors, so the file should soon be added to some editor's virus databases.
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Nevi, roger_m, micasayyo and 6 others
gfgtkitkat34

gfgtkitkat34

Level 2
Thread author
Aug 14, 2024
58
bazang said:
NiceHash has been targeted by threat actors many times because the BS mantra across the web is "NiceHash is legit safe and "app_nhm.dll" detection is a false positive.
Click to expand...
I fully agree with you. However, this is the normal level of common sense an average consumer has. Search on Google to see if something is safe or not, and after that, let your antivirus double-check on it again, and that's it. For the info, I didn't turn off K or add exclusions to anything. If anything happens to my PC, Kaspersky should be responsible, and I will be done with them. Thankfully, I only use this PC for test renders and gaming so not a big deal.
 
  • Like
Reactions: simmerskool
bazang

bazang

Level 13
Jul 3, 2024
621
Zero Knowledge said:
It's detected because it's used in malware campaigns, infect target then install miner then profit. It's a duel use technology, used for legit purposes and malicious.
Click to expand...
LOL, but everybody says it is a false positive and to exclude it. There are malicious and non-malicious versions, but even the non-malicious version can be abused to do malicious stuff. Just like you said.

And the users "who want to use stuff" do all the work for the threat actors like I said.

1742368401901.png
 
  • Like
Reactions: simmerskool and gfgtkitkat34
bazang

bazang

Level 13
Jul 3, 2024
621
gfgtkitkat34 said:
I fully agree with you. However, this is the normal level of common sense an average consumer has. Search on Google to see if something is safe or not, and after that, let your antivirus double-check on it again, and that's it.
Click to expand...
This is how "users that want to use stuff" end up infected. In your case, lose all your crypto.

There is no "common sense" when fighting malware. There is just security.

"Common sense" is assuming that Kaspersky or any other AV will work at the moment of truth.

"Common sense" is the exact behaviors that threat actors want "users who want to use stuff" to do.

Security is not software. It is a process (of doing a bunch of stuff you don't want to do and not doing a bunch of stuff that you want to do.)
 
  • Like
  • Hundred Points
Reactions: simmerskool and gfgtkitkat34
gfgtkitkat34

gfgtkitkat34

Level 2
Thread author
Aug 14, 2024
58
harlan4096 said:
I've just downloaded NiceHashMinner 3.1.1.4 from their site and:

View attachment 287775

My KES did not detect app_nhm.dll, but detected 62 files inside...
Click to expand...
Yes, Kaspersky deleted 62 objects the same as yours but missed on app_nhm.dll. Could this be a harmless false positive then?

However, Emsisoft Emergency Kit detected it and got rid of it, saying it was Trojan IL:Trojan.MSILZilla.154810 (B).
 
  • Like
  • Hundred Points
Reactions: simmerskool, Nevi, Captain Awesome and 1 other person

Similar threads

anirbandutta01
    • Like
  • Locked
Question Maximum antivirus detects it but Kaspersky not
Replies
15
Views
963
Kaspersky
harlan4096
harlan4096
gfgtkitkat34
    • Like
    • Wow
    • Sad
Kaspersky detected trojan win 32 generic. Should I full format my pc?
Replies
21
Views
2,035
Kaspersky
gfgtkitkat34
gfgtkitkat34
S
    • Like
Serious Discussion Microsoft Defender in 2024
Replies
14
Views
1,593
Microsoft Defender
Rov123
R

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top