When the alert was generated did it provide a location for where it caught the Trojan / bit coin miner running from?
As Windows7ge mentioned switching DNS providers would have no effect on this so Its probably nothing more than mere coincidence. (Unless switching DNS providers caused the trojan / bitcoinminer to make a callout / perform some type of action that triggered the AV). It's most likely someone using the machine downloaded and ran a suspicious file / when visiting a site ads or JS on a web page automatically tried to download the file and malware bytes caught it hitting disk / only caught it after new signature updates (so from a site previously visited).