Hello,
Avast block one site and mark it as JS:Miner-S. Athough i know on that site is coinhive miner, i use ublock origin to block it. So why Avast detect it? It is some new version that ublock not block?
Before that it was Miner C now is S, what is difference?
Thank you.
Hi,
Yes, detection JS:Miner-S blocks new coinhive scripts.
Lukas
Avast block one site and mark it as JS:Miner-S. Athough i know on that site is coinhive miner, i use ublock origin to block it. So why Avast detect it? [b]It is some new version that ublock not block?[/b]Maybe, or avast webshield read the html code before Ublock
Before that it was Miner C now is S, what is difference?Just like cars, there are many variations and all dont come from the same factory ;)
they may also add url block … double protection
what URL is it? post it none clickable
Sucuri >> https://sitecheck.sucuri.net/results/primeassteens.com
Malware entry: malware.cryptominer.3 >> http://labs.sucuri.net/db/malware/malware.cryptominer.3
HTML_sample scan >> https://www.virustotal.com/#/file/7da3ba6dd20d61ccb18bfb9785b5280890db417770401efd596fa0103b556d1a/detection
Sample.txt? Still dont understant what trigger this popup.
Website is infected with miner script … what is strange?
post screenshot of the popup
primeassteens.com >> HTML code
The .js file at that location changes, you find many previous versions (different MD5) searching VT
Yes it is possible, but if i go that site without ublock, avast report 2 detections. One C version that marked js. file and S version which marked html code. But when i block that js file by ublock, avast still report me S version even that miner cannot work without that js.
I found S version trigger this script:
(script)
var miner = new C o i n H i v e. A n o n y m o u s(‘XXXXXXXXXXXXXXXXXXXXXXXXX’, {
// threads: X,
throttle: X,
});
miner.start();
(/script)
Today i no longer see JS:Miner-S detection on that site although that code is still present. I saved html code to .txt file and send to Virustotal and also right clicked that file → scan by Avast. Both detect JS:Miner-S but web shield not. When i copied that code here, avast detect too. That means this code is whitelisted on that site?
Hello.
Script is contaminated by all links from primeassteens,not only homepage.
Avast detected JS:Miner-S blocked is all, if this is not for,the address will connect to the server coinhive as authedmine unnoticed by the user and download i.e 2 variants.
worker-asmjs.min.js
coinhive.min[1].js
JS Miner-C contained the known code Cryptojacking that used,it was modified with a new variant in the site of the coinhive, it is detected as BV:Miner-T [Trj] algoritm new CryptoNight.
Hello all!
I have this virus for a month or two and it connects on a site when I start firefox. Avast blocks this attempt but he doesn’t show where the virus is located, or perhaps it is in firefox. Can somebody help me locate it?
Miner script is found on this website scanning tool: http://urlquery.net/report/22b5edd4-362f-4845-b05d-af6c5286fd78
Please follow instructions here: https://forum.avast.com/index.php?topic=194892.0
Sass Drake will be notified once you post the logs.
I removed 51 threats but JS:Miner-S [Trj] is still there.
Logs from the Farbar Recovery Scan Tool.
Good job.
Sass Drake has been notified.
Yes “he” does
The JS:Miner-S [Trj] is detected on the website (-http://siska.tv/ = a porn site ) and not in your computer, however you have something trying to connect to that URL. Tried to clear your browsers surf history/cache ?
URL Blacklist check
https://www.virustotal.com/#/url/a160501d6ea44e2d7ebba72ccc184c5507f90a3916823132f11e59e3574cf9ec/detection
Open if Firefox this URL.
about:serviceworkers
And remove/unregister everything it lists.
Report status after that.
Sure, I have done all cleanings and a new installation of firefox but nothing changed.