Issue begins just this morning (1st Oct 2018)

My Chrome browser has a default page: http://www.universalis.com/asia.india/mass.htm
It opened fine by default.

Then i went to my daly website: http://stpius10mulund.org/
and got the error (attached Screenshots of Avast Notifications)
At times the site appeared; at times browser flashed “Site cant be reached” and AVAST gave message “Threat detected”

I tried accessing the URL from Firefox and Internet Explorer; similar message from both browsers. The website was not shown.

AVAST would show the message later for other urls too
I ran a Smart Scan
Checked for UPDATES to definitions & program

Agreed with AVAST to update FLASH, Quick Time, and VLC
While Quick Time was updating, AVAST flashed a Threat msg for ocsp.verisign too

Update work on http://stpius10mulund.org/ is halted for today.

Kindly suggest what must be done to fix this…

Thanks,
Ashley

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

installed MBAM and ran it as directed
Also FRST…

attached MBAM and FRST logs

Thank you

Noticing that the Threat Message is not flashed with HTTPS websites…

Same result with Firefox & IE, too.

Would someone know what’s going on…?

• Open Notepad (click Start button → type notepad.exe → press Enter)
• Copy text from code block below and paste it into Notepad

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://www.universalis.com/asia.india/530/mass.htm"
HKU\S-1-5-21-3585094920-1370802678-2760561222-1000\...\ChromeHTML: ->  <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [135]
EmptyTemp:

• Go to File → Save As
• Make sure that UTF-8 is selected as Encoding (left side of Save button)
• Save it as fixlist.txt on Desktop
• Open again FRST and click on button Fix
• Wait until FRST finishes
• fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.

Thank you.
Done as instructed

fixlog attached.

What is system status now?

I feel, the ------- JS Miner [PUP] Threat Blocked ------- messages stopped since last noon (Wed, 3-Sep).
I didn’t do anything for that to happen… (or might u have caused it?)

I just did an MBAM Scan just now and it was all clean.

Can’t thank u guys enough for your assistance/response during the weird time.
Do say if the issue is clear; cause i dont understand what has happened (cause i did nothing)

God bless~
Grateful…

Hi Ashley

A lot of people, in the last couple of days, including me were infected with JS:Miner infection, and I just found out what really happened, please read this:
https://badpackets.net/200000-mikrotik-routers-worldwide-have-been-compromised-to-inject-cryptojacking-malware/
https://twitter.com/bad_packets/status/1045720327823605761

The problem is now gone, but still contact your ISP and ask them to update your Mikrotik router/modem RouterOS to new stable version or it will be still vulnerable to the same Coinhive miner problem