Author Topic: Web Shield - JS:Miner- AV [trj]  (Read 921 times)

0 Members and 1 Guest are viewing this topic.

Offline john1611

  • Newbie
  • *
  • Posts: 2
Web Shield - JS:Miner- AV [trj]
« on: October 07, 2019, 02:56:24 PM »
Hi, I need some assistance.

We are struggling with two PC's on the same network that keeps getting an Avast popup for a threat secured: JS:Miner-AV[Trj] detected in svchost.exe, the URL it tries to connect to changes constantly and a scan with Avast does not pick up anything. I've done full virus scans and a Boot scan, will attach the log files. I've also reset the routers and reset chrome.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 72920
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Web Shield - JS:Miner- AV [trj]
« Reply #1 on: October 07, 2019, 03:02:53 PM »
Start a topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0
Win 8.1 [x64] - Avast PremSec 21.11.6787.IBC [UI.681] - EEK - Firefox ESR 91.3 [NS/uBO/PB] - TB 91.3.2
Avast-Tools: Secure Browser 96.0 - Cleanup 21.4 - SecureLine 5.14 - Driver Updater 21.4 - CCleaner 5.87
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline jursa

  • Avast team
  • Jr. Member
  • *
  • Posts: 38
Re: Web Shield - JS:Miner- AV [trj]
« Reply #2 on: October 08, 2019, 11:07:19 AM »
Hi, I need some assistance.

We are struggling with two PC's on the same network that keeps getting an Avast popup for a threat secured: JS:Miner-AV[Trj] detected in svchost.exe, the URL it tries to connect to changes constantly and a scan with Avast does not pick up anything. I've done full virus scans and a Boot scan, will attach the log files. I've also reset the routers and reset chrome.

Hi, according to symtopms; detection: JS:Miner-AV[Trj] and the source process svchost, on two computers - it looks like that you have infected network and someone in the middle is inserting malicious javascript to legitimate traffic.

Could you please use curl/wget tools and printscreen the response from the following URL ? http://www.msftconnecttest.com/connecttest.txt

« Last Edit: October 08, 2019, 11:11:03 AM by jursa »

Offline john1611

  • Newbie
  • *
  • Posts: 2
Re: Web Shield - JS:Miner- AV [trj]
« Reply #3 on: October 16, 2019, 05:28:16 PM »
Hi,

Here is the response I got from onlinecurl.com

Thanks