Author Topic: JS:Miner-S  (Read 12429 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #15 on: June 13, 2018, 01:43:13 AM »
Hello all!

I have this virus for a month or two and it connects on a site when I start firefox. Avast blocks this attempt but he doesn't show where the virus is located, or perhaps it is in firefox. Can somebody help me locate it?



https://ibb.co/gau3Ud

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: JS:Miner-S
« Reply #16 on: June 13, 2018, 02:40:44 AM »
Miner script is found on this website scanning tool:  http://urlquery.net/report/22b5edd4-362f-4845-b05d-af6c5286fd78

Please follow instructions here:  https://forum.avast.com/index.php?topic=194892.0

Sass Drake will be notified once you post the logs.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #17 on: June 13, 2018, 05:58:36 AM »
I removed 51 threats but JS:Miner-S [Trj] is still there.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #18 on: June 13, 2018, 06:13:15 AM »
Logs from the Farbar Recovery Scan Tool.

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: JS:Miner-S
« Reply #19 on: June 13, 2018, 07:16:38 AM »
Good job.

Sass Drake has been notified.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user
Re: JS:Miner-S
« Reply #20 on: June 13, 2018, 07:44:12 AM »
Hello all!

I have this virus for a month or two and it connects on a site when I start firefox. Avast blocks this attempt but he doesn't show where the virus is located, or perhaps it is in firefox. Can somebody help me locate it?



https://ibb.co/gau3Ud
Yes "he" does   

The JS:Miner-S [Trj] is detected on the website (-http://siska.tv/  = a porn site ) and not in your computer, however you have something trying to connect to that URL. Tried to clear your browsers surf history/cache ?

URL Blacklist check
https://www.virustotal.com/#/url/a160501d6ea44e2d7ebba72ccc184c5507f90a3916823132f11e59e3574cf9ec/detection

HTML scan
https://www.virustotal.com/#/file/599d2d25b1dceac8e4a8a385001b59cea6d9d92896f08be04fbb61e1cba21cd0/detection

https://sitecheck.sucuri.net/results/siska.tv



« Last Edit: June 13, 2018, 04:05:34 PM by Pondus »

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: JS:Miner-S
« Reply #21 on: June 13, 2018, 04:53:29 PM »
Open if Firefox this URL.

Code: [Select]
about:serviceworkers
And remove/unregister everything it lists.

Report status after that.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #22 on: June 13, 2018, 05:49:01 PM »
Hello all!

I have this virus for a month or two and it connects on a site when I start firefox. Avast blocks this attempt but he doesn't show where the virus is located, or perhaps it is in firefox. Can somebody help me locate it?



https://ibb.co/gau3Ud
Yes "he" does   

The JS:Miner-S [Trj] is detected on the website (-http://siska.tv/  = a porn site ) and not in your computer, however you have something trying to connect to that URL. Tried to clear your browsers surf history/cache ?

URL Blacklist check
https://www.virustotal.com/#/url/a160501d6ea44e2d7ebba72ccc184c5507f90a3916823132f11e59e3574cf9ec/detection

HTML scan
https://www.virustotal.com/#/file/599d2d25b1dceac8e4a8a385001b59cea6d9d92896f08be04fbb61e1cba21cd0/detection

https://sitecheck.sucuri.net/results/siska.tv

Sure, I have done all cleanings and a new installation of firefox but nothing changed.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #23 on: June 13, 2018, 06:02:04 PM »
Open if Firefox this URL.

Code: [Select]
about:serviceworkers
And remove/unregister everything it lists.

Report status after that.

I did, still there.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: JS:Miner-S
« Reply #24 on: June 13, 2018, 10:19:59 PM »
Try to refresh Firefox. Go to:
about:support

and click on Refresh Firefox on the right.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #25 on: June 14, 2018, 01:25:38 AM »
Try to refresh Firefox. Go to:
about:support

and click on Refresh Firefox on the right.

I found on the right side the option for cleaning up firefox, I used it and no change, the miner is still present.

Also Malwarebytes alarms me about additional connections to diverse sites from malware that it can not find.

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: JS:Miner-S
« Reply #26 on: June 14, 2018, 07:31:10 PM »
Lets check if router is one to blame. Set Google DNS on your PC. Instructions -> https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10

Restart your PC after this and check if notifications will appear again.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #27 on: June 20, 2018, 04:38:57 AM »
Lets check if router is one to blame. Set Google DNS on your PC. Instructions -> https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10

Restart your PC after this and check if notifications will appear again.

The problem continues.  :-\

Offline Sass Drake

  • MyCity AMF R2
  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 820
Re: JS:Miner-S
« Reply #28 on: June 20, 2018, 04:25:57 PM »
Please post new FRST.txt and Addition.txt.

REDACTED

  • Guest
Re: JS:Miner-S
« Reply #29 on: June 25, 2018, 09:15:34 AM »
Please post new FRST.txt and Addition.txt.


Suddenly avast stopped to alarm about the threat.
« Last Edit: June 25, 2018, 09:24:29 AM by Explorer97 »