Avast WEBforum

Consumer Products => Avast Mac Security => Topic started by: drake145 on November 25, 2017, 06:04:43 PM

Title: JS: Cryptonight [Trj] Found
Post by: drake145 on November 25, 2017, 06:04:43 PM
Hi all,

After running a scan on my MacBook Pro it found a Trojan (name on the subject line).
The path it was found it is as follows:
/private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64.
Below is a short summary of what happened:
-After the Trojan was found, I moved the file to quarantine and checked the forums to see if it might be a false positive.
-Upon not seeing anything, I deleted the file.
-I ran a scan with Malwarebytes, several times, and found nothing.
-After restarting, I ran the scan again, with avast, it found the file again with the same path. I also noticed the scan took longer.

Can anyone please confirm if you are also seeing this file being detected?
If no one else is seeing this, how should I proceed?
I have submitted the file to the virus lab from quarantine.

I appreciate any help.

Avast version:13.1
Virus definitions: 17112406
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on November 25, 2017, 08:20:16 PM
OK, so I ran another scan again, and it found the infection again with the same path.

I also notice that, once more, the scan took longer.

original: 1h 17min
2nd: 1h 28 min
3rd: 1h 30 min

I am suspecting that it is either a false positive, or there is some other malware in my system that neither Avast nor Malwarebytes can detect.

Update 2:
It looks like Avast auto-updated to version: 17112500
I also found that I cannot auto-update Avast at this time (after 17112500), since it gives me an error advising that "An error Occurred During the Updating." I have included a screenshot.

Update 3:
I went to, and scanned the specific file folder, and it did not find anything.
I restarted my mac, and the update issue mentioned in Update 2 was not solved.
I scanned the folder once more, and sure enough, it found the infection. So it seems to return only after a restart.

Update 4:
I uninstalled and reinstalled avast, and the error that I described in updates 2 and 3 is gone. However, the trojan once again showed up when I scanned the folder directly. Scanning the folder again turned up nothing, but I suspect it will return once I perform a restart.

Title: Re: JS: Cryptonight [Trj] Found
Post by: Pondus on November 25, 2017, 11:04:24 PM
Upload and scan file at www.virustotal.com    post link to scan result here

Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on November 26, 2017, 02:56:41 AM
Pondus,

Link:
https://www.virustotal.com/#/file/4b263d8b55c3478f4e9d9d1af37ee277d59200cf5b6eb22ecd343eef25b0627b/detection

Title: Re: JS: Cryptonight [Trj] Found
Post by: FrostBird on November 26, 2017, 12:20:41 PM
Same thing happened to me, (I nearly died) I researched the virus and found this page: https://superuser.com/questions/1271760/avast-on-macos-high-sierra-claims-it-has-caught-the-windows-only-cryptonight-v
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on November 26, 2017, 12:54:51 PM
Frostbird,

Thanks for the link.

Based on the posts in the link, it looks like we will need to wait for Avast to issue an update that can discriminate between the macOS generated file and the windows malware.

Does anyone know how long it takes for the virus lab to analyze files sent to them?
Title: Re: JS: Cryptonight [Trj] Found
Post by: uuuuuhhhh on November 26, 2017, 09:14:14 PM
I had the same problem, avast picking up the same /private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64. I checked out the file and it had a ton of windows specific filepaths, which is odd... this being a mac and all.  And, interestingly enough, I noticed there was a lot of text at the bottom of the file that was reversed, so I reversed the text and there was a lot of profanity in it.  A few examples:
Code: [Select]
Fpt_Fuck_AllInOne_UploadA and
Code: [Select]
KeysStealerBearshareStartuser_browserstotalfuckshitsteam_fuckkeyftp_ and
Code: [Select]
FuckTheKeyExampleAppDarthVader  I'm not much of a security guy, just thought it was interesting?  :)
Title: Re: JS: Cryptonight [Trj] Found
Post by: danton2 on November 27, 2017, 01:26:58 AM
I had the same problem on Mac OS 10.12.6. .Went to apple store . They looked in the hidden library folder, could not find a virus and recommended another anti malware program though they did not know of  this specific problem with Avast
Title: Re: JS: Cryptonight [Trj] Found
Post by: Martti4 on November 27, 2017, 04:33:27 AM
Hey, I have come up with the same problem. Has this matter gotten anywhere?

So the very same story after restarting my MacBook, avast finds the malware again.

Are we any smarter with the fact that this is just and avast-bug, or an actual malware that avast can't get rid of?
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on November 27, 2017, 08:59:33 AM
Hello everyone,

I can confirm this is a false positive. The superuser.com post describes the issue quite well - MacOS seems to have accidentally created a file that contains fragments of malicious cryptocurrency miner which also happen to trigger one of our detections. One thing the article is not right about is that this is a Windows-specific malware.  It is a Javascript-based one designed to run in browsers with HTML5 support. That means it can run on any platform that has a compatible web browser.

I'll fix the detection and post an update on when it gets released.

@uuuuuhhhh: I'd recommend running a full scan on your computer (and if it does not find anything, try Malwarebytes or some other scanner just to be sure). The snippets you posted look very suspicious and since the detected file is part of system logging database it may indicate that your computer is infected.


Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on November 27, 2017, 01:47:59 PM
Hi Jiri,

thanks for the response.
Title: Re: JS: Cryptonight [Trj] Found
Post by: Red899 on November 27, 2017, 02:29:32 PM
I have the same rude text in the file as uuuuuhhhh. I have run a Malwarebytes scan and it picks up nothing. I am no cybersecurity expert but I suspect the other users may have the same rude text in the file?
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on November 27, 2017, 02:37:58 PM
I went to the very bottom of the text file and I don't see that reverse text.

Can you post a screenshot of it?
Title: Re: JS: Cryptonight [Trj] Found
Post by: Radek Brich on November 27, 2017, 03:08:31 PM
Hello, I'll just add a bit more information.

The file is created by MacOS system, it's actually part of "cpu usage" diagnostic report. The report is created because Avast uses the CPU heavily during the scan.

The UUID (7BBC8EE8-D092-34D9-9DD8-B85A99E46C64) identifies a library which is a part of Avast detections DB (algo.so). The content of the
file is debugging information extracted from the library. Unfortunately, this seems to contain a string which is in return detected by Avast as a malware.

(The "rude" texts are probably just names of malware.)
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on November 28, 2017, 01:02:32 PM
Hello everyone,

as Radek mentioned in the previous post the issue was not as straightforward as fixing a faulty detection because the issue was in leaking some stirngs that may trigger a detection. I've fixed that and once the changes pass QA they will get released (as VPS update, probably tomorrow or on Thursday).

You may need to purge the logs as advised in the superuser.com post.

If the issue still persists with Friday's VPS and logs purged, please let me know. Thanks!


Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: oineg on November 28, 2017, 03:13:35 PM
Excuse my English. I'm italian. Since yesterday the problem is happening equally on my Mac OS Sierra 10.12.6
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on November 28, 2017, 03:44:44 PM
Hello oineg,

it is a false positive (due to certain incompatibility of Avast VPS with MacOS Sierra) and a fix for this issue has been submitted for QA. It should get released within a day or two.

Regards
Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: oineg on November 28, 2017, 06:42:47 PM
Thanks for the reply
Title: Re: JS: Cryptonight [Trj] Found
Post by: danton2 on November 29, 2017, 01:37:04 AM
Not being computer savvy isn’t this problem just cosmetic and what is a VPS update and how to obtain it
Title: Re: JS: Cryptonight [Trj] Found
Post by: Asyn on November 29, 2017, 05:39:04 AM
...and what is a VPS update and how to obtain it
Update of the virus definitions, you should get it automatically.
Title: Re: JS: Cryptonight [Trj] Found
Post by: michel on November 29, 2017, 01:30:16 PM
me too got the same fals positive on my Mac ....
Title: Re: JS:Cryptonight [Trj] Found
Post by: Jcubed1959 on November 29, 2017, 04:58:32 PM
Yesterday, I was filling out online forms and when I went to certain corporate websites to fill out the forms, I noticed my data entry, i.e., keystrokes, were slow, like twice as so. I suspected a key logger was at work on my MacBookAir. I changed my most import passwords and ran avast full system scan.

After I ran a full system scan last night and avast (version: 12.9, virus definition version: 17112802) found the following virus file: /private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64 JS: Cryptonight [Trj]

It appears avast will have a VPS update today or tomorrow so solve this false positive, but I am curious if anyone else noticed this behavior on their macs.
Title: Re: JS: Cryptonight [Trj] Found
Post by: oineg on November 30, 2017, 09:30:37 AM
Avast when to fix this problem?
Sorry for my English
Title: Re: JS: Cryptonight [Trj] Found
Post by: ryan_syseng on November 30, 2017, 09:36:36 AM
I'd like to add to this, to where many have mentioned this is a false positive, I think this is a catalyst that has let something else in. After reading up on typical behavior of a machine being infected with JS:Cryptonight, my machine is reacting in a similar way. First scan showed me the trojan with the same path. Antivirus said it couldn't quarantine it or delete it. Next antivirus scans are getting stuck, never happened before and mac is all of a sudden slowing down. Does anyone have any ideas on what I should check? I'm thinking to just wipe my machine versus waiting for a vps update.
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on November 30, 2017, 09:49:57 AM
Hello,

I've checked the release status and it looks like the fix will be included in tomorrow's VPS. You can add the folder /private/var/db/uuidtext to Filesystem shield exclusions as a workaround.

Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: havesail1 on November 30, 2017, 04:30:18 PM
1.Ran Bitdefender and Avast simultaneously Avast found JS:Cryptonight Bitdefender didn’t.
2. Placed JS:Cryptonight in Bitdefender's virus removal tool and it was not found.
3.On Bitdefender suggestion,after deleting JS:Cryptonight and uninstalling Avast ran Bitdefender which found nothing. Reinstalled Avast and it found JS:Cryptonight.
3.Sent scan logs to Bitdefender.
4.Sent /private/var/db/7B/BCBEE...........64 to Bitdefender along with a copy from console after I deleted aforementioned file. Also informed them of this forum and Frostbites link.
5. 12/3 running definition 17120300 and the odd thing is that the file no longer appears in the 7B folder. I can see Avast making a change that doesn't label the BCBEE8D09234D99DD8B85A99E46C64 as a cryptonight virus but why wouldn't my Mac keep generating this file?
6. As of 12/5 Bitdefender is sending the BCBEE.....64 file I sent to them to their virus lab. I wouldn't get all warm and fuzzy about this being a false positive quite yet as they apparently haven't dismissed it as such.
7. 12/13 finally received a confirmation from Bitdefender that this is a false positive.
Title: Re: JS: Cryptonight [Trj] Found
Post by: crb1177 on November 30, 2017, 07:31:06 PM
Avast is pissing me off on this.  We shouldn't have to play virus detective like this.  They ought to at least have a way to contact them and get an answer.  I am paying them for security and they should be doing it.  I shouldn't have to ferret around on forums to TRY to figure out what the should actually be DOING.
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on November 30, 2017, 08:40:41 PM
I'd like to add to this, to where many have mentioned this is a false positive, I think this is a catalyst that has let something else in. After reading up on typical behavior of a machine being infected with JS:Cryptonight, my machine is reacting in a similar way. First scan showed me the trojan with the same path. Antivirus said it couldn't quarantine it or delete it. Next antivirus scans are getting stuck, never happened before and mac is all of a sudden slowing down. Does anyone have any ideas on what I should check? I'm thinking to just wipe my machine versus waiting for a vps update.

Ryan,

I have not experienced not being able to quarantine or delete the file, but I suggest that you attempt the following before re-formatting your mac:

1) Downloading Malwarebytes and running a scan to see if it detects anything.
2) Re-install Avast to see if it fixes the hanging scans.

You could also wait for the VPS update tomorrow to see if things improve.
Title: Re: JS:Cryptonight [Trj] Found
Post by: drake145 on November 30, 2017, 08:54:12 PM
Yesterday, I was filling out online forms and when I went to certain corporate websites to fill out the forms, I noticed my data entry, i.e., keystrokes, were slow, like twice as so. I suspected a key logger was at work on my MacBookAir. I changed my most import passwords and ran avast full system scan.

After I ran a full system scan last night and avast (version: 12.9, virus definition version: 17112802) found the following virus file: /private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64 JS: Cryptonight [Trj]

It appears avast will have a VPS update today or tomorrow so solve this false positive, but I am curious if anyone else noticed this behavior on their macs.

Jcubed1959,

If Avast did not detect anything else in your system, I would suggest that you download, and run a scan, with Malwarebytes to see if it finds anything.
Title: Re: JS: Cryptonight [Trj] Found
Post by: ryan_syseng on December 01, 2017, 12:54:59 AM
Thanks Drake, I already have MBAM and MBAM does not come up with anything. After restarting the machine, the file comes back but I am now able to quarantine it. My mac is running considerably slower than normal. I may try re installing antivirus but have read that running updates and downloading anything helps fuel the fire with this JS: Cryptonight.
Title: Re: JS: Cryptonight [Trj] Found
Post by: viristim on December 01, 2017, 08:53:50 AM
Hi,

Pardon my English.
I have the same problem. Avast scan found two issues on my computer.
Has anyone else had this Cryptonight in mobilebackups as well? Photo in attachments.
Also, this morning when I opened the computer I got a notification that my computee's IP number in being used by another computer. So, I restarted the computer and this time I didn't get the message. Wonder what that was about? I'm not a tech person, so hopefully Avast get this thing sorted out soon.
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on December 01, 2017, 09:05:44 AM
Hello everyone,

as long as this detection triggers in /private/var/db/uuidtext/ folder, it's a Avast-specific issue caused by incompatibility of Avast VPS with the latest MacOS (including the effect of triggering after reboot). The workaround  mentioned above - adding the folder /private/var/db/uuidtext/ to exclusions should resolve the problem.

Also the fix has passed the QA and will get released in today's VPS (I'll post an update with the VPS number). If the issue persists after VPS update, you may need to purge MacOS logs as advised in this superuser.com post: https://superuser.com/questions/1271760/avast-on-macos-high-sierra-claims-it-has-caught-the-windows-only-cryptonight-v (https://superuser.com/questions/1271760/avast-on-macos-high-sierra-claims-it-has-caught-the-windows-only-cryptonight-v)


@viristim: The detection triggerend on the same file (just in different folders) and it is caused by the aforementioned bug so it is safe to ignore the detection.

UPDATE: The fix has been released in VPS 17120100 (will be available in a couple of minutes once it gets distributed to update servers)


Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: sam53143 on December 01, 2017, 04:25:40 PM
Just ran a scan and it's still showing....  @Jiri Sembera  It's been awhile since you posted that the fix will be released in a few minutes.  Was there a problem and the release held up?   Thank you for your help!
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on December 01, 2017, 04:47:56 PM
Just ran a scan and it's still showing....  @Jiri Sembera  It's been awhile since you posted that the fix will be released in a few minutes.  Was there a problem and the release held up?   Thank you for your help!

Sam,

Do you have VPS 17120100?
Title: Re: JS: Cryptonight [Trj] Found
Post by: sam53143 on December 01, 2017, 04:54:15 PM
@drake145, how can I tell?  I did download an update before I ran the scan..


I am running VPS 17120100...
Title: Re: JS: Cryptonight [Trj] Found
Post by: Pondus on December 01, 2017, 05:52:14 PM
@drake145, how can I tell?  I did download an update before I ran the scan..


I am running VPS 17120100...
Did you run the scan as soon as it was downloaded?
Some AV use a minute or two to unpack and install it ...

Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on December 01, 2017, 06:36:10 PM
Sam,

the detected file is part of system logging/diagnostic database and some signature fragments have leaked into due to a bug in the VPS. Therefore even after VPS update the detection may trigger if such file is present on your system. But the fix resolves the issue with leaking signature fragments so new files that trigger the detection should not appear unless MacOS recreates the old files that have been already detected and deleted. In such case you will need to purge the logging/diagnostic database (as mentioned in my previous post)


Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: sam53143 on December 01, 2017, 08:05:11 PM
@Pondus and @Jiri Sembera,   I ran the scan again and everything seems to be ok.  Thank you for your help!
Title: Re: JS: Cryptonight [Trj] Found
Post by: AnotherUsername on December 01, 2017, 10:12:22 PM
I just had an alert for a Windows machine.  I then immediately found this thread.   

Threat Description: JS:Cryptonight [Trj]
Threat Severity: Infection
Threat Shield: Antivirus
Object Name: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
Client Version:17.7.2526
Virus DB Version:171129-2

It sounds like a Virus DB update might help?

We're an old AVG client that has been on this horrible AVG > Avast ride.  To say that Avast has been unimpressive would be a drastic understatement.

Title: Re: JS: Cryptonight [Trj] Found
Post by: Sher3 on December 02, 2017, 03:53:33 AM
I got that message (JS: Cryptonight [Trj]) on the first screen shot 2 days ago and again today. I put the infections in the virus chest, deleted them, and emptied the trash.

Today Apple Support suggested I run the scan again, which I'm doing now, and the same virus is coming up with a different path.

2 screen shots attached - the path that came up earlier and the path that's coming up now. I'm on macOS Sierra 10.12.6.

I'm not that skilled so I don't know what to do. Please help. Thanks.

Title: Re: JS: Cryptonight [Trj] Found
Post by: Sher3 on December 02, 2017, 03:57:52 AM
I also use MBAM; the infection doesn't show up on that scan. If I uninstall Avast after I finish the current scan and delete the virus, will that stop it from happening again or has damage already been done?
Thanks.
Title: Re: JS: Cryptonight [Trj] Found
Post by: Pondus on December 02, 2017, 09:37:30 AM
I also use MBAM; the infection doesn't show up on that scan. If I uninstall Avast after I finish the current scan and delete the virus, will that stop it from happening again or has damage already been done?
Thanks.
Did you read all the posts here? speciffically from those posters that have Avast Team / avast logo in there name
Title: Re: JS: Cryptonight [Trj] Found
Post by: Sher3 on December 02, 2017, 09:50:51 AM
I did read all the posts. I don't know how to delete logs. That's way I'm asking for help.
Title: Re: JS: Cryptonight [Trj] Found
Post by: viristim on December 02, 2017, 10:54:52 AM
Hi again,

I have the latest Avast virus updates downloaded, I did run Malwarebytes (didn't find anything), and I purged all the caches with OnyX as suggested. Yet, when I run Avast scan, the same virus is coming up with mobilebackups path. Advice?
Title: Re: JS: Cryptonight [Trj] Found
Post by: Asyn on December 02, 2017, 11:00:56 AM
Hi again, I have the latest Avast virus updates downloaded, I did run Malwarebytes (didn't find anything), and I purged all the caches with OnyX as suggested. Yet, when I run Avast scan, the same virus is coming up with mobilebackups path. Advice?
Best you wait for Jiri...
Title: Re: JS: Cryptonight [Trj] Found
Post by: Philip4k on December 02, 2017, 12:33:55 PM
Hello! I did a virus search this morning and Avast showed me the same "virus" that you've been having trouble with. It was in the "private/var/db/uuidtext" folder so from what you're saying it's not a virus? Should I just ignore it and wait for Avast to come up with a update or what's going on? And should I put the file that it detected to The "quarantine/chest" or delete it? Best regards, Philip

"edit". I deleted the virus file "/private/var/db/uuidtext/7B/BC8EE8D09234D99DD8B85A99E46C64 JS: Cryptonight [Trj]", and did a new search and nothing showed, maybe it's all good then?
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on December 02, 2017, 01:47:26 PM
Philip4k,

Yes, this is a false positive. The VPS update yesterday should have resolved the issue, but it still persists for me. From Jiri's (Avast Team) posts, it appears that the VPS update is more to mitigate future events like this from happening, as the current issues seems rather difficult to fix.

I have not tried purging the logs yet as has been suggested, as another user has reported that the detection came back somewhere else.

I believe if you restart your mac, it will appear again, as the file re-generates (for the reason, see the superuser post: https://superuser.com/questions/1271760/avast-on-macos-high-sierra-claims-it-has-caught-the-windows-only-cryptonight-v).
Title: Re: JS: Cryptonight [Trj] Found
Post by: Philip4k on December 02, 2017, 02:58:44 PM
Ah I see @Drake145! Thanks for the Reply! Glad that it's not anything dangerous! Now I can stop worrying about this and focus on my work ;)!

I will restart my Mac later and then run a virus scan and see if anything pops up!
Title: Re: JS: Cryptonight [Trj] Found
Post by: danton2 on December 02, 2017, 05:23:16 PM
This whole problem seems to be cosmetic without functional ramifications .  What is wrong with uninstalling avast and using a different product leaving behind some remnants in the log file ? Or maybe I’m missing something.
Title: Re: JS: Cryptonight [Trj] Found
Post by: viristim on December 03, 2017, 07:43:04 AM
Hi,

Thought I just let you know that Avast scan does not find anymore the "fake virus" on my mac. As I wrote earlier: I updated Avast, purged logs with OnyX and run Malwarebytes. Then I restarted the computer, and at first, the fake virus was found again. Then later the day, when I restarted the computer again and run Avast scan, the fake virus was gone. So, maybe Avast took some time to update or something, but now everything seems good and clean.
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on December 03, 2017, 04:03:35 PM
Hi,

Thought I just let you know that Avast scan does not find anymore the "fake virus" on my mac. As I wrote earlier: I updated Avast, purged logs with OnyX and run Malwarebytes. Then I restarted the computer, and at first, the fake virus was found again. Then later the day, when I restarted the computer again and run Avast scan, the fake virus was gone. So, maybe Avast took some time to update or something, but now everything seems good and clean.

After reading the above, I quarantined the file, deleted it, re-started, and, curiously, the log did not regenerate.
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on December 03, 2017, 04:11:10 PM
This whole problem seems to be cosmetic without functional ramifications .  What is wrong with uninstalling avast and using a different product leaving behind some remnants in the log file ? Or maybe I’m missing something.

Yes, this issue may not have any functional ramifications, but a false positive may cause unneeded stress, and if someone does not come to the forums first to see if others are having the same issue, they may end up spending time, and monetary resources, going to a computer technician in order to troubleshoot a non-consequential issue.

Also, false positives are not exclusive to Avast. If you look at the virustotal link (https://www.virustotal.com/#/file/4b263d8b55c3478f4e9d9d1af37ee277d59200cf5b6eb22ecd343eef25b0627b/detection) that I  posted, you will see that, as of this post, 4 other AVs flag this file. When I originally submitted the file, it was only 2.
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on December 04, 2017, 02:03:20 PM
Hello viristim,

your problem seems to be caused by MacOS' MobileBackup tool. It looks like it has picked up the detected file and keeps restoring it. This might help: https://discussions.apple.com/thread/7333209?start=0&tstart=0

Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: gbp_bnc on December 06, 2017, 01:55:52 AM
I have the issue on my windows7 PC. The URL aborted keeps changing Avast says:

JS: cryptonight [Trj]

URL: http://94.130.97.189/m/g367thgwe29fhe4r/build.js
(The next time was 94.130.98.207)

Process: C;\Program Files (x86)\Google\Chrome\Application\chrome.exe

Detected by: Web shield

Status: Connection aborted
Title: Re: JS: Cryptonight [Trj] Found
Post by: drake145 on December 08, 2017, 04:57:34 PM
I have the issue on my windows7 PC. The URL aborted keeps changing Avast says:

JS: cryptonight [Trj]

URL: http://94.130.97.189/m/g367thgwe29fhe4r/build.js
(The next time was 94.130.98.207)

Process: C;\Program Files (x86)\Google\Chrome\Application\chrome.exe

Detected by: Web shield

Status: Connection aborted

I think this may need to be posted on the Windows forum, as this looks like something different than what is being discussed in this post.
Title: Re: JS: Cryptonight [Trj] Found
Post by: Jiří Šembera on December 11, 2017, 05:34:34 PM
I have the issue on my windows7 PC. The URL aborted keeps changing Avast says:

JS: cryptonight [Trj]

URL: http://94.130.97.189/m/g367thgwe29fhe4r/build.js
(The next time was 94.130.98.207)

Process: C;\Program Files (x86)\Google\Chrome\Application\chrome.exe

Detected by: Web shield

Status: Connection aborted

Hello gbp_bnc,

in this case it is a legitimate blocking of malicious crypto miner which uses your computer to mine crypto currencies using your computer. It results in lower computer performance, shorter battery life and higher electricity bills.

Jiri
Title: Re: JS: Cryptonight [Trj] Found
Post by: gbp_bnc on December 15, 2017, 12:46:59 AM
Thank you. It was in one of the Chrome extensions.