Avast WEBforum
Other => Viruses and worms => Topic started by: REDACTED on October 10, 2017, 01:41:57 AM
-
Avast is constantly sending messages of blocked infection of a trojan called JS:Miner-C. I tried to clean my MAC 3 times with avast and messages continue appearing.
Is my computer infected? What can I do?
Thank you
-
Post screenshot of Avast popup message
-
Mine happens as well. Here's an screenshoot of it (macOS)
-
Detection seems to be correct
URL blacklist check > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/url/f1ba6b71bb297654de88c95ec9f8b5af3c994343e35b67ebbc07ac38e8cfbcce/detection
Java script file scan > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/file/67c0907af5d865753dfe9d74309005a3f215e5130cfd6d756702fd9a95775354/detection
-
This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back ;). I wouldn't visit the websites that trigger this popup though!
-
I am constantly getting the same message, but it lists is as JS:Miner-C [Trj] and the url is a google page (I am using Chrome and going to Google.com) hxxps://clients2.googleusercontent[.]com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP0uaFhXpD7ZTt35XjX_R_SGx37EYuHnk_cl6B4R06pCQir8AVQ_bwJM-TETzp53TaEw2owsmx_Pi2j1qz_FZwesAMZSmuU5aJdYisrxGZyoSzyMwg7Uu1d5cQ/extension_4_2_5.crx. I have searched for extension_4_2_5.crx with no luck.
-
I have searched for extension_4_2_5.crx with no luck.
@foley Detection seems correct
https://www.virustotal.com/#/file/c6817811da485aa9cab3f5891da1d4a046dde94b81d6170c94636582f90ac060/detection
OBS: edit your post and make the malicious link unclikable to avoid accidental clicking
-
For future reference, NEVER post live links for any suspected file or website.
Thanks
-
https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
-
Every hour or so I get the attached warning from Avast that JS:Miner-C has been blocked. This happens after I've clear all browser history and cookies. I simply open Chrome and this warning comes up. I'm not going to any websites.
I re-downloaded my Chrome Browser Version 62.0.3202.62 (Official Build) (64-bit) on my Mac OSX 10.11.6.
I'm still getting this warning from Avast and this happens before I go to any websites.
How can I find out where this file is on my computer??
thanks
-
How can I find out where this file is on my computer??
What does the popup from avast say? ..... post a screenshot
-
I've also been getting this from one particular site and I'm curious about how dangerous it actually is. Avast says that the coinhive site is infected with this Trojan. I've found other sites where it's described as a very serious trojan. Are the people writing for those sites talking bs?
http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/
-
INFO ;)
Coinhive Is Rapidly Becoming a Favorite Tool Among Malware Devs
https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/
Drive-by mining and ads: The Wild Wild West
https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/
Hacked Websites Mine Cryptocurrencies
https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html
-
Thank you. After reading this I wasn't sure what all the fuss was about.
This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back ;). I wouldn't visit the websites that trigger this popup though!
-
If it is only a mining script (which the name also suggests)... Why is it, that when you google "JS:Miner-C" you get results like:
https://www.fortiguard.com/encyclopedia/virus/7526385
"JS/Miner.C!tr is classified as a trojan."
http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/
"JS:Miner-C is an dangerous Trojan Horse that invades Windows and MAC machines silently and opens backdoor for Adware or PUP."
http://greatis.com/blog/howto/remove-jsminer-c.htm
"JS:MINER-C causes the great problems for you, such as replacing your browser starting page with malicious one, browser search redirecting, changing security settings and allowing popup advertisements to show up."
http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
"JS:Miner-C is a Trojan and its danger index can ranked as severe. you should delete JS:Miner-C as soon as possible, especially before the tragedy happened."
http://getridofmalware.removemalwares.com/jsminer-c-deletion-effective-way-to-uninstall-jsminer-c-manually
"Somehow, the virus can also encrypt your files if you do not get rid of it immediately. Even, the virus may ask you to pay ransom to anonymous hackers."
These are sites making different claims. Any explanation for this?
Javascript (assumed that's what virusscanners refer to by "js") can only instruct the browser-window that runs the script in a very limited way (for safety purposes). In other words, JS itself can only play by the browser's rules. AFAIK, when only javascript is involved, only an undiscovered exploit in a browser could lead to problems as big as described by these sites.
So, why would they publish this information?
-
You should learn to avoid sponsored links.
Almost any malware search you will have results that recomend Spyhunter, they have spammed the entire Internet with ads. Only your first link is good
Anyway I am not sure I understand what you think is a problem here?
-
Lol, good information on the first link? "JS/Miner.C!tr is classified as a trojan".
Look, I know the web is full of crap, but it is not about whether these links are picked out good or not by me, these sites are the first to show up in Google and are not advertisements. It is rather concerning that this incorrect/misleading information is in Google's top results.
-
Lol, good information on the first link? "JS/Miner.C!tr is classified as a trojan".
Look, I know the web is full of crap, but it is not about whether these links are picked out good or not by me, these sites are the first to show up in Google and are not advertisements. It is rather concerning that this incorrect/misleading information is in Google's top results.
Why is it wrong to classify it as a trojan?
-
It's only an innocent script man. It does not infect your computer, it only uses some extra CPU while the site is open.
A trojan typically infects your computer in order to open a backdoor for a 'hacker' in order to gain control/access.
Seems AVG pretty much agrees:
https://www.avg.com/en/signal/what-is-a-trojan
Personally I would be careful with these definitions, but antivirus companies also need to make a living I guess.
-
It's only an innocent script man. It does not infect your computer, it only uses some extra CPU while the site is open.
Innocent or not, if the script say it is one thing but does something else (disguised) then i guess it qualify as a trojan. Some vendors call it riskware
If you dont know, avast and AVG now use same detection name >> https://blog.avast.com/avast-and-avg-become-one
The naming of malware is quite complicated
A New Virus Naming Convention
http://www.caro.org/articles/naming.html
Naming malware
https://www.microsoft.com/en-us/wdsi/help/malware-naming
A Virus by Any Other Name: Virus Naming Practices
https://www.symantec.com/connect/articles/virus-any-other-name-virus-naming-practices
from the last link, scroll down to > Where Do the Names Come From? but i recomend reading it all as it explains lots
-
Or, read nothing and simply accept the fact. :)
-
Or, read nothing and simply accept the fact. :)
Common Bob, don´t be a circle jerker. ;) http://i0.kym-cdn.com/photos/images/original/000/605/413/732.gif (http://i0.kym-cdn.com/photos/images/original/000/605/413/732.gif)
-
What if you delete all Chrome extensions?
-
Luddite Bob at work here. This JS:Miner-C may be "benign", but my "threat detected" verbal warning and pop up screen have become intrusive as it is continual even if I haven't opened my browser. I'm using Chrome and have deleted everything in History and have run "Smart" and Full Scans back to back to back with "no problems" being detected. Typing this short reply has seen three (3) pop ups and verbal warnings of the threat being detected. Any simple cures? By the way, two (2) more warnings while I quickly read over this reply. My avast is the regular paid for protection, not the free partial coverage.
Cheers
-
I have the same issue. Reboot, new session of FireFox, and the popup from Avast every 30 seconds telling me the same thing;
"Threat secured We've moved coinhive.min[1].js to your Virus Chest because it was infected with JS:Miner-C[Trj]."
I have ran a scan with no findings, rebooted, and did the same again with no results, yet this stupid things keeps popping up and ruining my day. Because I can't find an explanation or resolution, the only option I see is to switch virus software and remove Avast, since that is where the pop up is coming from, and there doesn't appear to be a resolution here. Before I do that, is there any other suggestion I should try before jumping off the cliff? BTW - While I might be considered an advanced user, I am not the guy that's going to look at codes and things, I just need it to work. If there is anything beyond a regular resolution, let me know that too.
I thank anyone for their feedback and opinion in advance.
OffDWall
-
Those who want help / a computer check should
1.start there own topic in viruses and worms section
2. follow instructions in the sticky post (logs to assist...) at top in viruses and worms section
-
Those who want help / a computer check should
1.start there own topic in viruses and worms section
2. follow instructions in the sticky post (logs to assist...) at top in viruses and worms section
Tento trojan se poprve obevil pri spousteni filmu ze stranky bombuj.eu potom na strankach freefilm.sk a dnes onlinefilmy.net. Pokazde musim delat test Boot-Time Scan protoze to je jediny test ktery zachyti trojana a presune ho do truhly jiny jiny test ukaze ze nic nenalezl. Ma otazka zni Jak moc a jak skodlivy tento trojan je? Dekuji za odpoved a prosim o posileni ochrany pracuji ve stejnem pc s kryptomenou a pouzivam Avast Premier Beta
-
JS:Miner-C upozorňuje na využití výkonu Vašeho prohlížeče k těžení kryptoměn. Není to extra škodlivé a není potřeba dělat jakýkoli scan - soubor může zůstat v cachi prohlížeče, ale rozhodně se nespustí.
-
I have OS X High Sierra, and since few days ago receiving this message constantly:
How can stop it and remove the threat?
-
Set this to disabled: Settings -> Advanced -> Continue running background apps when Chromium is closed.
In windows you can have a look with task manager.
polonus
-
I too keep getting this message popping up. No real response from any Avast staff as to what this is or what to do about it for Mac users. Why not? Why does JS-Miner-C find no postings on this forum, but plenty of them (on this forum) when I do a Google search. Ignorance is not bliss. Help us Avast!! Do not tell us to post in some other place in forum, tell us what to do about this!!
Screenshot of two error messages should be attached here!!
-
It is not true that we do not respond to topics about JS:Miner detections. On the contrary - we even published a blogpost about it! https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
If you have any additional questions, do not hesitate to ask them, as I have been ansering them in this thread as they come.
-
Avast reported the following this morning
(http://screencast-o-matic.com/screenshots/u/Lh/1512741497341-10878.png)
Clicking on details gives me this
(http://screencast-o-matic.com/screenshots/u/Lh/1512741585454-98655.png)
Selecting the Virus Chest shows the following
(http://screencast-o-matic.com/screenshots/u/Lh/1512741682640-95747.png)
Since no path is given, what is this and where was it found ?
I receive my mail via Gmail. Any reasonable explanation would be helpful. Thanks
-
in your second pic it say detected by Mail shield ...
in third pic it say e-mail ...
any suspicious mail / spam ?
-
in your second pic it say detected by Mail shield ...
in third pic it say e-mail ...
any suspicious mail / spam ?
I use Gmail. There isn't anything stored on my computer.
-
in your second pic it say detected by Mail shield ...
in third pic it say e-mail ...
any suspicious mail / spam ?
I use Gmail. There isn't anything stored on my computer.
You read those mail's in your browser don't you .... js.miner is a java script in html code that your browser read
https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html
-
My browser wasn't open and I wasn't reading any emails.