Author Topic: JS:Miner-C  (Read 44626 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
JS:Miner-C
« on: October 10, 2017, 01:41:57 AM »
Avast is constantly sending messages of blocked infection of a trojan called JS:Miner-C. I tried to clean my MAC 3 times with avast and messages continue appearing.

Is my computer infected? What can I do?

Thank you

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: JS:Miner-C
« Reply #1 on: October 10, 2017, 02:10:21 AM »
Post screenshot of Avast popup message


REDACTED

  • Guest
Re: JS:Miner-C
« Reply #2 on: October 11, 2017, 03:58:30 AM »
Mine happens as well. Here's an screenshoot of it (macOS)

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: JS:Miner-C
« Reply #3 on: October 11, 2017, 07:08:00 AM »
Detection seems to be correct


URL blacklist check > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/url/f1ba6b71bb297654de88c95ec9f8b5af3c994343e35b67ebbc07ac38e8cfbcce/detection

Java script file scan > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/file/67c0907af5d865753dfe9d74309005a3f215e5130cfd6d756702fd9a95775354/detection





Offline HonzaZ

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1039
Re: JS:Miner-C
« Reply #4 on: October 11, 2017, 11:05:15 AM »
This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back ;). I wouldn't visit the websites that trigger this popup though!

REDACTED

  • Guest
Re: JS:Miner-C
« Reply #5 on: October 14, 2017, 05:38:27 PM »
I am constantly getting the same message, but it lists is as JS:Miner-C [Trj] and the url is a google page (I am using Chrome and going to Google.com) hxxps://clients2.googleusercontent[.]com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP0uaFhXpD7ZTt35XjX_R_SGx37EYuHnk_cl6B4R06pCQir8AVQ_bwJM-TETzp53TaEw2owsmx_Pi2j1qz_FZwesAMZSmuU5aJdYisrxGZyoSzyMwg7Uu1d5cQ/extension_4_2_5.crx. I have searched for extension_4_2_5.crx with no luck.
« Last Edit: October 16, 2017, 07:50:29 AM by HonzaZ »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: JS:Miner-C
« Reply #6 on: October 14, 2017, 05:54:23 PM »
Quote
I have searched for extension_4_2_5.crx with no luck.     
@foley Detection seems correct
https://www.virustotal.com/#/file/c6817811da485aa9cab3f5891da1d4a046dde94b81d6170c94636582f90ac060/detection

OBS: edit your post and make the malicious link unclikable to avoid accidental clicking

« Last Edit: October 14, 2017, 06:51:22 PM by Pondus »

Offline bob3160

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 47757
  • 62 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: JS:Miner-C
« Reply #7 on: October 14, 2017, 06:09:56 PM »
For future reference, NEVER post live links for any suspected file or website.
Thanks
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 22.12, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
The best things in life are free.

REDACTED

  • Guest
Re: JS:Miner-C
« Reply #9 on: October 18, 2017, 01:52:41 AM »
Every hour or so I get the attached warning from Avast that JS:Miner-C has been blocked. This happens after I've clear all browser history and cookies. I simply open Chrome and this warning comes up. I'm not going to any websites.

I re-downloaded my Chrome Browser Version 62.0.3202.62 (Official Build) (64-bit) on my Mac OSX 10.11.6.

I'm still getting this warning from Avast and this happens before I go to any websites.

How can I find out where this file is on my computer??

thanks



Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: JS:Miner-C
« Reply #10 on: October 18, 2017, 02:25:24 AM »
Quote
     How can I find out where this file is on my computer??
What does the popup from avast say?    ..... post a screenshot


Offline Judy56

  • Newbie
  • *
  • Posts: 2
Re: JS:Miner-C
« Reply #11 on: October 18, 2017, 03:58:05 PM »
I've also been getting this from one particular site and I'm curious about how dangerous it actually is. Avast says that the coinhive site is infected with this Trojan. I've found other sites where it's described as a very serious trojan. Are the people writing for those sites talking bs?
http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37132
  • Not a avast user
Re: JS:Miner-C
« Reply #12 on: October 18, 2017, 04:23:38 PM »
« Last Edit: October 18, 2017, 04:27:22 PM by Pondus »

Offline Judy56

  • Newbie
  • *
  • Posts: 2
Re: JS:Miner-C
« Reply #13 on: October 18, 2017, 05:03:26 PM »
Thank you. After reading this I wasn't sure what all the fuss was about.

This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back ;). I wouldn't visit the websites that trigger this popup though!

REDACTED

  • Guest
Re: JS:Miner-C
« Reply #14 on: October 18, 2017, 11:01:46 PM »
If it is only a mining script (which the name also suggests)... Why is it, that when you google "JS:Miner-C" you get results like:

https://www.fortiguard.com/encyclopedia/virus/7526385
"JS/Miner.C!tr is classified as a trojan."

http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/
"JS:Miner-C is an dangerous Trojan Horse that invades Windows and MAC machines silently and opens backdoor for Adware or PUP."

http://greatis.com/blog/howto/remove-jsminer-c.htm
"JS:MINER-C causes the great problems for you, such as replacing your browser starting page with malicious one, browser search redirecting, changing security settings and allowing popup advertisements to show up."

http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
"JS:Miner-C is a Trojan and its danger index can ranked as severe. you should delete JS:Miner-C as soon as possible, especially before the tragedy happened."

http://getridofmalware.removemalwares.com/jsminer-c-deletion-effective-way-to-uninstall-jsminer-c-manually
"Somehow, the virus can also encrypt your files if you do not get rid of it immediately. Even, the virus may ask you to pay ransom to anonymous hackers."

These are sites making different claims. Any explanation for this?

Javascript (assumed that's what virusscanners refer to by "js") can only instruct the browser-window that runs the script in a very limited way (for safety purposes). In other words, JS itself can only play by the browser's rules. AFAIK, when only javascript is involved, only an undiscovered exploit in a browser could lead to problems as big as described by these sites.
So, why would they publish this information?
« Last Edit: October 18, 2017, 11:46:15 PM by abc71625 »