Jump to content

How to remove "allowed script" from website, that I accidentally allowed


Recommended Posts

Greetigns

Any clue where I can find an allowed website [it contains JS Miner]?

I accidentally allowed it, and I can't find the exclusion nowhere :(

This is the one, I want to block again [please see attached file].

Thank You!

Kind regards

uplink

herp-derp.jpg

Edited by uplink
Link to comment
Share on other sites

  • Administrators

If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.

Link to comment
Share on other sites

10 hours ago, Marcos said:

If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.

Greetings Marcos,

Thank You for Your fast reply! I did press "exclude" by mistake. The one in the pop-up. Now I'm unable to find the exclusion I created anywhere in the settings. I even reset the whole Eset, reinstalled Eset [with Revo uninstaller] and did other things :/

On my server [running volume lic. of EES] it didn't even ask about the miner, it simply blocks it and ignores it silently [running Win 2k16 server].

On my desktop, whenever I enter the webpage, all 16 cores hit 100% and I need to turn off the tab immediately. Both because of immense heat it produces [the miner is more cruel than Intel Torture Test, one has yet to see such a marvel] and since they're all running 4.6 GHz, I'm hitting 100°C roof very soon. It's kind of dangerous this little miner.

Any clue where it's included, in what settings? I went through all exclusions, I even excluded the website + url of the script itself, and it's still being ignored by EIS.

Please advise

With kind regards

uplink

Link to comment
Share on other sites

  • Administrators

If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.

Link to comment
Share on other sites

2 hours ago, Marcos said:

If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.

Hmm, so this is bad?

capture.jpg

Link to comment
Share on other sites

12 hours ago, galaxy said:

everything worked ???

Erm, no, nothing worked. I don't have any record of the page being blocked, or the script, or nothing, nowhere within the EiS.

Link to comment
Share on other sites

In Eset's GUI Internet Protection ->  Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button.

Link to comment
Share on other sites

9 minutes ago, itman said:

In Eset's GUI Internet Protection ->  Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button.

Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manually :(

screenshot.jpg

Link to comment
Share on other sites

3 minutes ago, uplink said:

Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manu

For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from.

Link to comment
Share on other sites

6 minutes ago, itman said:

For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from.

Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more!

Link to comment
Share on other sites

1 hour ago, uplink said:

Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more!

I must ask this. Why are you going to a web site that you know does coin mining?

Link to comment
Share on other sites

21 hours ago, itman said:

I must ask this. Why are you going to a web site that you know does coin mining?

Because it's a functional website I visit for around 5 years, it just acquired coin miner. And it was removed as I wrote it to the admin of the website.

Link to comment
Share on other sites

  • Most Valued Members
23 hours ago, itman said:

I must ask this. Why are you going to a web site that you know does coin mining?

Didn't a news site or something get hacked and A coin miner places on it. So there's risks on popular well known sites.

Link to comment
Share on other sites

58 minutes ago, peteyt said:

Didn't a news site or something get hacked and A coin miner places on it. So there's risks on popular well known sites.

Exactly. This is why one should never override an Eset PUA for a coin miner and allow it.

Link to comment
Share on other sites

  • Most Valued Members
11 hours ago, itman said:

Exactly. This is why one should never override an Eset PUA for a coin miner and allow it.

Yeah I think the user actually ignored it accidently. I actually think the theory behind coin minining used in this was could have some small mertit. People hate adverts but small sites need revenue to survive and this could be the right balance but they tend to use far too much of a computers power and in turn can become dangerous e.g. lead to overheating. Also most sites don't seem to even tell users they are using coin mining

Link to comment
Share on other sites

The problem is hackers are modifying web sites to place malicious coin miners on them. They modify the code to redirect to malicious web sites under their control.

Note that there are two types of coin miners; those that attempt to modify browser memory and those resident on the web server servicing the web site. Eset's PUA protection blocks the former type. The only way you can block the later type is by using an ad blocker with good coin miner protection or create your own coin miner URL block list using Eset's Web Filtering. 

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...