the miner are detected as viruses because moste of the botnet and worms are using mining programs to mine using theire bots or victims pc thats why all the antivirus think that its a virus.
/\ /\
| This is the explanation right here |
| |
Windows defender is intended for noobs so it pretty much tags all miners as a virus and quarantines them. So if you are running windows defender you need to create exclusions.
The AV I use most is Sophos and it doesn't usually do that. It flags them all as PUPs (potentially unwanted program) so you can decide what to do with it. That classification is more honest, it recognizes the fact that maybe it's there because you wanted it there or maybe it's there because of malware but the AV doesn't know for sure. I still have to make an exclusion to stop it from popping up with warnings but it doesn't usually quarantine them straight away like windows defender does (although truthfully it is a bit inconsistent and occasionally some of them do go straight to quarantine).
Newer AV's are moving towards behavioral scanning techniques so they can spot programs that aren't in the virus definitions so if they see something peg the CPU at 100% for an extended period that could certainly look suspicious.