Author Topic: Web Shield - JS:Miner- AV [trj]  (Read 1514 times)

0 Members and 1 Guest are viewing this topic.

Offline john1611

  • Newbie
  • *
  • Posts: 2
Web Shield - JS:Miner- AV [trj]
« on: October 07, 2019, 02:56:24 PM »
Hi, I need some assistance.

We are struggling with two PC's on the same network that keeps getting an Avast popup for a threat secured: JS:Miner-AV[Trj] detected in svchost.exe, the URL it tries to connect to changes constantly and a scan with Avast does not pick up anything. I've done full virus scans and a Boot scan, will attach the log files. I've also reset the routers and reset chrome.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Web Shield - JS:Miner- AV [trj]
« Reply #1 on: October 07, 2019, 03:02:53 PM »
Start a topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4
Instructions (basic diagnostic logs): https://forum.avast.com/index.php?topic=194892.0
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline jursa

  • Avast team
  • Jr. Member
  • *
  • Posts: 39
Re: Web Shield - JS:Miner- AV [trj]
« Reply #2 on: October 08, 2019, 11:07:19 AM »
Hi, I need some assistance.

We are struggling with two PC's on the same network that keeps getting an Avast popup for a threat secured: JS:Miner-AV[Trj] detected in svchost.exe, the URL it tries to connect to changes constantly and a scan with Avast does not pick up anything. I've done full virus scans and a Boot scan, will attach the log files. I've also reset the routers and reset chrome.

Hi, according to symtopms; detection: JS:Miner-AV[Trj] and the source process svchost, on two computers - it looks like that you have infected network and someone in the middle is inserting malicious javascript to legitimate traffic.

Could you please use curl/wget tools and printscreen the response from the following URL ? http://www.msftconnecttest.com/connecttest.txt

« Last Edit: October 08, 2019, 11:11:03 AM by jursa »

Offline john1611

  • Newbie
  • *
  • Posts: 2
Re: Web Shield - JS:Miner- AV [trj]
« Reply #3 on: October 16, 2019, 05:28:16 PM »
Hi,

Here is the response I got from onlinecurl.com

Thanks