Author Topic: JS:Miner-C  (Read 36301 times)

0 Members and 1 Guest are viewing this topic.

Offline Dani44

  • Newbie
  • *
  • Posts: 2
JS:Miner-C
« on: October 10, 2017, 01:41:57 AM »
Avast is constantly sending messages of blocked infection of a trojan called JS:Miner-C. I tried to clean my MAC 3 times with avast and messages continue appearing.

Is my computer infected? What can I do?

Thank you

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35471
Re: JS:Miner-C
« Reply #1 on: October 10, 2017, 02:10:21 AM »
Post screenshot of Avast popup message

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline GDantas

  • Newbie
  • *
  • Posts: 1
Re: JS:Miner-C
« Reply #2 on: October 11, 2017, 03:58:30 AM »
Mine happens as well. Here's an screenshoot of it (macOS)

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35471
Re: JS:Miner-C
« Reply #3 on: October 11, 2017, 07:08:00 AM »
Detection seems to be correct


URL blacklist check > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/url/f1ba6b71bb297654de88c95ec9f8b5af3c994343e35b67ebbc07ac38e8cfbcce/detection

Java script file scan > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/file/67c0907af5d865753dfe9d74309005a3f215e5130cfd6d756702fd9a95775354/detection




Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1084
Re: JS:Miner-C
« Reply #4 on: October 11, 2017, 11:05:15 AM »
This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back ;). I wouldn't visit the websites that trigger this popup though!

Offline foley

  • Newbie
  • *
  • Posts: 2
Re: JS:Miner-C
« Reply #5 on: October 14, 2017, 05:38:27 PM »
I am constantly getting the same message, but it lists is as JS:Miner-C [Trj] and the url is a google page (I am using Chrome and going to Google.com) hxxps://clients2.googleusercontent[.]com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP0uaFhXpD7ZTt35XjX_R_SGx37EYuHnk_cl6B4R06pCQir8AVQ_bwJM-TETzp53TaEw2owsmx_Pi2j1qz_FZwesAMZSmuU5aJdYisrxGZyoSzyMwg7Uu1d5cQ/extension_4_2_5.crx. I have searched for extension_4_2_5.crx with no luck.
« Last Edit: October 16, 2017, 07:50:29 AM by HonzaZ »

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35471
Re: JS:Miner-C
« Reply #6 on: October 14, 2017, 05:54:23 PM »
Quote
I have searched for extension_4_2_5.crx with no luck.     
@foley Detection seems correct
https://www.virustotal.com/#/file/c6817811da485aa9cab3f5891da1d4a046dde94b81d6170c94636582f90ac060/detection

OBS: edit your post and make the malicious link unclikable to avoid accidental clicking

« Last Edit: October 14, 2017, 06:51:22 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40123
  • 59 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: JS:Miner-C
« Reply #7 on: October 14, 2017, 06:09:56 PM »
For future reference, NEVER post live links for any suspected file or website.
Thanks
Free avast! Security Seminar: https://goo.gl/kh3cqR  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v1809 64bit, 8 Gig Ram, AvastFree 19.2.2364, WinPatrol, Unchecky How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67278
The best things in life are free.

Offline pdeaton

  • Newbie
  • *
  • Posts: 1
Re: JS:Miner-C
« Reply #9 on: October 18, 2017, 01:52:41 AM »
Every hour or so I get the attached warning from Avast that JS:Miner-C has been blocked. This happens after I've clear all browser history and cookies. I simply open Chrome and this warning comes up. I'm not going to any websites.

I re-downloaded my Chrome Browser Version 62.0.3202.62 (Official Build) (64-bit) on my Mac OSX 10.11.6.

I'm still getting this warning from Avast and this happens before I go to any websites.

How can I find out where this file is on my computer??

thanks



Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35471
Re: JS:Miner-C
« Reply #10 on: October 18, 2017, 02:25:24 AM »
Quote
     How can I find out where this file is on my computer??
What does the popup from avast say?    ..... post a screenshot

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Judy56

  • Newbie
  • *
  • Posts: 2
Re: JS:Miner-C
« Reply #11 on: October 18, 2017, 03:58:05 PM »
I've also been getting this from one particular site and I'm curious about how dangerous it actually is. Avast says that the coinhive site is infected with this Trojan. I've found other sites where it's described as a very serious trojan. Are the people writing for those sites talking bs?
http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35471
Re: JS:Miner-C
« Reply #12 on: October 18, 2017, 04:23:38 PM »
« Last Edit: October 18, 2017, 04:27:22 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Judy56

  • Newbie
  • *
  • Posts: 2
Re: JS:Miner-C
« Reply #13 on: October 18, 2017, 05:03:26 PM »
Thank you. After reading this I wasn't sure what all the fuss was about.

This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back ;). I wouldn't visit the websites that trigger this popup though!

Offline abc71625

  • Newbie
  • *
  • Posts: 4
Re: JS:Miner-C
« Reply #14 on: October 18, 2017, 11:01:46 PM »
If it is only a mining script (which the name also suggests)... Why is it, that when you google "JS:Miner-C" you get results like:

https://www.fortiguard.com/encyclopedia/virus/7526385
"JS/Miner.C!tr is classified as a trojan."

http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/
"JS:Miner-C is an dangerous Trojan Horse that invades Windows and MAC machines silently and opens backdoor for Adware or PUP."

http://greatis.com/blog/howto/remove-jsminer-c.htm
"JS:MINER-C causes the great problems for you, such as replacing your browser starting page with malicious one, browser search redirecting, changing security settings and allowing popup advertisements to show up."

http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
"JS:Miner-C is a Trojan and its danger index can ranked as severe. you should delete JS:Miner-C as soon as possible, especially before the tragedy happened."

http://getridofmalware.removemalwares.com/jsminer-c-deletion-effective-way-to-uninstall-jsminer-c-manually
"Somehow, the virus can also encrypt your files if you do not get rid of it immediately. Even, the virus may ask you to pay ransom to anonymous hackers."

These are sites making different claims. Any explanation for this?

Javascript (assumed that's what virusscanners refer to by "js") can only instruct the browser-window that runs the script in a very limited way (for safety purposes). In other words, JS itself can only play by the browser's rules. AFAIK, when only javascript is involved, only an undiscovered exploit in a browser could lead to problems as big as described by these sites.
So, why would they publish this information?
« Last Edit: October 18, 2017, 11:46:15 PM by abc71625 »