Views:

Configure Scan Settings for Large Compressed Files

  1. Log in to the OfficeScan management console.
  2. Go to Agents > Global Agent Settings > Scan Settings for Large Compressed Files.
  3. Modify the default value for Real-time Scan from 2MB to 5MB.

    compressed

 
There are different variants of WORM_COINMINER and some are larger than 2MB. On certain scenarios, the default value prevents real-time scan from detecting the coinminer. Temporarily change the default value until the infection is cleaned.
 

Enable scanning of network drive and removable storage devices

  1. Log in to the OfficeScan management console.
  2. Go to Agents > Agent Management.
  3. In the Agent Tree, select the OfficeScan Server/Domain/Computer.
  4. Go to Settings > Scan Settings > Real-time Scan Settings.
  5. Put a check on “Scan network drive” and “Scan all files in removable storage devices after plugging in”.

    scansettings

  6. Click Save.

What to do if the issue still persists

  1. Refer to the KB article on generating and exporting logs in Apex One , and export the following logs (all machines, past 30-days):
    • Virus Logs
    • Agent Listing
  2. Submit the logs to Trend Micro Technical Support for analysis.
Keywords: coin miner,crypto jacker,worm coin miner