uplink 1 Posted December 11, 2017 Posted December 11, 2017 (edited) Greetigns Any clue where I can find an allowed website [it contains JS Miner]? I accidentally allowed it, and I can't find the exclusion nowhere This is the one, I want to block again [please see attached file]. Thank You! Kind regards uplink Edited December 11, 2017 by uplink
Administrators Marcos 5,450 Posted December 12, 2017 Administrators Posted December 12, 2017 If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it.
uplink 1 Posted December 12, 2017 Author Posted December 12, 2017 10 hours ago, Marcos said: If you the CoinMiner wasn't excluded from further detection, it will be detected again once the user opens the website that loads it. Greetings Marcos, Thank You for Your fast reply! I did press "exclude" by mistake. The one in the pop-up. Now I'm unable to find the exclusion I created anywhere in the settings. I even reset the whole Eset, reinstalled Eset [with Revo uninstaller] and did other things :/ On my server [running volume lic. of EES] it didn't even ask about the miner, it simply blocks it and ignores it silently [running Win 2k16 server]. On my desktop, whenever I enter the webpage, all 16 cores hit 100% and I need to turn off the tab immediately. Both because of immense heat it produces [the miner is more cruel than Intel Torture Test, one has yet to see such a marvel] and since they're all running 4.6 GHz, I'm hitting 100°C roof very soon. It's kind of dangerous this little miner. Any clue where it's included, in what settings? I went through all exclusions, I even excluded the website + url of the script itself, and it's still being ignored by EIS. Please advise With kind regards uplink
Administrators Marcos 5,450 Posted December 12, 2017 Administrators Posted December 12, 2017 If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded.
uplink 1 Posted December 12, 2017 Author Posted December 12, 2017 2 hours ago, Marcos said: If you excluded the PUA from detection, you'll find it under Antivirus -> Exclusions in the advanced setup. If it's not there, the PUA is not excluded. Hmm, so this is bad?
uplink 1 Posted December 13, 2017 Author Posted December 13, 2017 12 hours ago, galaxy said: everything worked ??? Erm, no, nothing worked. I don't have any record of the page being blocked, or the script, or nothing, nowhere within the EiS.
itman 1,801 Posted December 13, 2017 Posted December 13, 2017 In Eset's GUI Internet Protection -> Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button.
uplink 1 Posted December 13, 2017 Author Posted December 13, 2017 9 minutes ago, itman said: In Eset's GUI Internet Protection -> Web Access protection -> URL Address Management, click on "Edit" for Address List. Then click on "List of allowed addresses" to highlight it. Then click on "Edit." Then check if the Coin Miner url is listed there. If it is, click on it and the click on the "Remove" button. Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manually
itman 1,801 Posted December 13, 2017 Posted December 13, 2017 3 minutes ago, uplink said: Thank You kindly for Your reply. Well, how should I put it. Been there, it's empty, just like every other place where I can add exceptions. I can only fill them out manu For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from.
uplink 1 Posted December 13, 2017 Author Posted December 13, 2017 6 minutes ago, itman said: For the time being add this to the "list of blocked addresses" - *.coinhive.com/* . Make sure the list is set to active. At least this should stop the coin mining. Then check where the connection is coming from. Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more!
itman 1,801 Posted December 14, 2017 Posted December 14, 2017 1 hour ago, uplink said: Thank You! I will try to use this. I wrote to the author of the website and the miner is down since today so, I'll know till next time. Thank You once more! I must ask this. Why are you going to a web site that you know does coin mining?
uplink 1 Posted December 14, 2017 Author Posted December 14, 2017 21 hours ago, itman said: I must ask this. Why are you going to a web site that you know does coin mining? Because it's a functional website I visit for around 5 years, it just acquired coin miner. And it was removed as I wrote it to the admin of the website.
Most Valued Members peteyt 396 Posted December 14, 2017 Most Valued Members Posted December 14, 2017 23 hours ago, itman said: I must ask this. Why are you going to a web site that you know does coin mining? Didn't a news site or something get hacked and A coin miner places on it. So there's risks on popular well known sites.
itman 1,801 Posted December 15, 2017 Posted December 15, 2017 58 minutes ago, peteyt said: Didn't a news site or something get hacked and A coin miner places on it. So there's risks on popular well known sites. Exactly. This is why one should never override an Eset PUA for a coin miner and allow it.
Most Valued Members peteyt 396 Posted December 15, 2017 Most Valued Members Posted December 15, 2017 11 hours ago, itman said: Exactly. This is why one should never override an Eset PUA for a coin miner and allow it. Yeah I think the user actually ignored it accidently. I actually think the theory behind coin minining used in this was could have some small mertit. People hate adverts but small sites need revenue to survive and this could be the right balance but they tend to use far too much of a computers power and in turn can become dangerous e.g. lead to overheating. Also most sites don't seem to even tell users they are using coin mining
itman 1,801 Posted December 15, 2017 Posted December 15, 2017 (edited) The problem is hackers are modifying web sites to place malicious coin miners on them. They modify the code to redirect to malicious web sites under their control. Note that there are two types of coin miners; those that attempt to modify browser memory and those resident on the web server servicing the web site. Eset's PUA protection blocks the former type. The only way you can block the later type is by using an ad blocker with good coin miner protection or create your own coin miner URL block list using Eset's Web Filtering. Edited December 15, 2017 by itman
Recommended Posts