JS:Miner-C

[REDACTED]

Avast is constantly sending messages of blocked infection of a trojan called JS:Miner-C. I tried to clean my MAC 3 times with avast and messages continue appearing.

Is my computer infected? What can I do?

Thank you

[Pondus]

Post screenshot of Avast popup message

[REDACTED]

Mine happens as well. Here's an screenshoot of it (macOS)

[Pondus]

Detection seems to be correct


URL blacklist check > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/url/f1ba6b71bb297654de88c95ec9f8b5af3c994343e35b67ebbc07ac38e8cfbcce/detection

Java script file scan > traffic.adxprts.com/tpb/na/728x90/m.js
https://www.virustotal.com/#/file/67c0907af5d865753dfe9d74309005a3f215e5130cfd6d756702fd9a95775354/detection

[HonzaZ]

This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back . I wouldn't visit the websites that trigger this popup though!

[REDACTED]

I am constantly getting the same message, but it lists is as JS:Miner-C [Trj] and the url is a google page (I am using Chrome and going to Google.com) hxxps://clients2.googleusercontent[.]com/crx/blobs/QgAAAC6zw0qH2DJtnXe8Z7rUJP0uaFhXpD7ZTt35XjX_R_SGx37EYuHnk_cl6B4R06pCQir8AVQ_bwJM-TETzp53TaEw2owsmx_Pi2j1qz_FZwesAMZSmuU5aJdYisrxGZyoSzyMwg7Uu1d5cQ/extension_4_2_5.crx. I have searched for extension_4_2_5.crx with no luck.

[Pondus]

I have searched for extension_4_2_5.crx with no luck.     

@foley Detection seems correct
https://www.virustotal.com/#/file/c6817811da485aa9cab3f5891da1d4a046dde94b81d6170c94636582f90ac060/detection

OBS: edit your post and make the malicious link unclikable to avoid accidental clicking

[bob3160]

For future reference, NEVER post live links for any suspected file or website.
Thanks

[Lisandro]

https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming

[REDACTED]

Every hour or so I get the attached warning from Avast that JS:Miner-C has been blocked. This happens after I've clear all browser history and cookies. I simply open Chrome and this warning comes up. I'm not going to any websites.

I re-downloaded my Chrome Browser Version 62.0.3202.62 (Official Build) (64-bit) on my Mac OSX 10.11.6.

I'm still getting this warning from Avast and this happens before I go to any websites.

How can I find out where this file is on my computer??

thanks

[Pondus]

     How can I find out where this file is on my computer??

What does the popup from avast say?    ..... post a screenshot

[Judy56]

I've also been getting this from one particular site and I'm curious about how dangerous it actually is. Avast says that the coinhive site is infected with this Trojan. I've found other sites where it's described as a very serious trojan. Are the people writing for those sites talking bs?
http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/

[Pondus]

INFO   

Coinhive Is Rapidly Becoming a Favorite Tool Among Malware Devs
https://www.bleepingcomputer.com/news/security/coinhive-is-rapidly-becoming-a-favorite-tool-among-malware-devs/

Drive-by mining and ads: The Wild Wild West
https://blog.malwarebytes.com/threat-analysis/2017/09/drive-by-mining-and-ads-the-wild-wild-west/

Hacked Websites Mine Cryptocurrencies
https://blog.sucuri.net/2017/09/hacked-websites-mine-crypocurrencies.html

[Judy56]

Thank you. After reading this I wasn't sure what all the fuss was about.

This means that the JS you are trying to download is mining coins. Nothing to be worried about, Avast's got your back . I wouldn't visit the websites that trigger this popup though!

[REDACTED]

If it is only a mining script (which the name also suggests)... Why is it, that when you google "JS:Miner-C" you get results like:

https://www.fortiguard.com/encyclopedia/virus/7526385
"JS/Miner.C!tr is classified as a trojan."

http://computerfixguide.com/how-to-remove-jsminer-c-effectively-windows-os-and-mac-os/
"JS:Miner-C is an dangerous Trojan Horse that invades Windows and MAC machines silently and opens backdoor for Adware or PUP."

http://greatis.com/blog/howto/remove-jsminer-c.htm
"JS:MINER-C causes the great problems for you, such as replacing your browser starting page with malicious one, browser search redirecting, changing security settings and allowing popup advertisements to show up."

http://quickremovevirus.com/methods-to-remove-jsminer-c-completely/
"JS:Miner-C is a Trojan and its danger index can ranked as severe. you should delete JS:Miner-C as soon as possible, especially before the tragedy happened."

http://getridofmalware.removemalwares.com/jsminer-c-deletion-effective-way-to-uninstall-jsminer-c-manually
"Somehow, the virus can also encrypt your files if you do not get rid of it immediately. Even, the virus may ask you to pay ransom to anonymous hackers."

These are sites making different claims. Any explanation for this?

Javascript (assumed that's what virusscanners refer to by "js") can only instruct the browser-window that runs the script in a very limited way (for safety purposes). In other words, JS itself can only play by the browser's rules. AFAIK, when only javascript is involved, only an undiscovered exploit in a browser could lead to problems as big as described by these sites.
So, why would they publish this information?