Jump to content

Constant Coinminer.D from Coinhive


Recommended Posts

Pretty much the only thing that my NOD32 Antivirus blocks these days is a program called JS/Coinminer.d or JS/Coinminer.f
I am fully aware of what this program is and what it does, and I am very thankful that my fantastic antivirus stops it from abusing my computer. However, the sheer amount of this bug/trojan/virus is worrying. Attached is a list of recent quarantines.
Is there any way I can permanently block this site (coinhive.com) or their unwanted applications without my antivirus having to do it for me?
Thanks in advance,
Purple.

coin hive ESET.JPG

Link to post
Share on other sites
  • Administrators

This coin mining script is loaded by other websites, usually to gain some profit instead of displaying ads to the user. You can add the logged domain to the list of blocked websites in the url management setup.

Link to post
Share on other sites
  • 2 weeks later...
  • 1 month later...

Is there a way for me to let this script run? Because it is blocking even on sites that are asking people to mine in exchange for some service. Currently I am disabled from using the site.

thanks

Link to post
Share on other sites
  • Administrators
5 hours ago, Gpeter said:

Is there a way for me to let this script run? Because it is blocking even on sites that are asking people to mine in exchange for some service. Currently I am disabled from using the site.

thanks

You can exclude this particular PUA from detection by its name.

Link to post
Share on other sites
  • 2 weeks later...
2 hours ago, Gpeter said:

No answer to this? All tutorials are showing older versions of software

Post the URL for the web site you want to use. I need to see the alert you are receiving.

Link to post
Share on other sites
  • Administrators

If you are ok with Coinminer running on the machines, did you exclude @NAME=JS/CoinMiner.D and @NAME=JS/CoinMiner.F for whole drives, ie. with * as the path?

Link to post
Share on other sites

Malwarebytes has an interesting way of handling this situation.

In the scan exclude list you would first add the coin miner domain you wish to exclude i.e. coinhive.com and then the IP address of URL running the script. So if hxxp://www.crapsite.com is IP address 1.1.1.1 and running Coin Hive script-wise using coinhive.com, you would add both coinhive.com and 1.1.1.1 to the exclude list. MBAM interprets this as only allow connection to coinhive.com from hxxp://www.crapsite.com.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...