Jump to content

Archived

This topic is now archived and is closed to further replies.

PurpleRanarr

Constant Coinminer.D from Coinhive

Recommended Posts

Pretty much the only thing that my NOD32 Antivirus blocks these days is a program called JS/Coinminer.d or JS/Coinminer.f
I am fully aware of what this program is and what it does, and I am very thankful that my fantastic antivirus stops it from abusing my computer. However, the sheer amount of this bug/trojan/virus is worrying. Attached is a list of recent quarantines.
Is there any way I can permanently block this site (coinhive.com) or their unwanted applications without my antivirus having to do it for me?
Thanks in advance,
Purple.

coin hive ESET.JPG

Share this post


Link to post
Share on other sites

This coin mining script is loaded by other websites, usually to gain some profit instead of displaying ads to the user. You can add the logged domain to the list of blocked websites in the url management setup.

Share this post


Link to post
Share on other sites

Thank you very much for the quick response. I have now made the changes you recommended.
10/10 for response time, helpfulness and problem solving.

Share this post


Link to post
Share on other sites

I added coinhive.com to my hosts file

0.0.0.0 coinhive.com

I hope this wil help

Share this post


Link to post
Share on other sites

Is there a way for me to let this script run? Because it is blocking even on sites that are asking people to mine in exchange for some service. Currently I am disabled from using the site.

thanks

Share this post


Link to post
Share on other sites
5 hours ago, Gpeter said:

Is there a way for me to let this script run? Because it is blocking even on sites that are asking people to mine in exchange for some service. Currently I am disabled from using the site.

thanks

You can exclude this particular PUA from detection by its name.

Share this post


Link to post
Share on other sites

Even If I 've disabled protection for a period of time (1 hour) the page is still blocked? how is that possible?

thanks

Share this post


Link to post
Share on other sites

No answer to this? All tutorials are showing older versions of software

Share this post


Link to post
Share on other sites
2 hours ago, Gpeter said:

No answer to this? All tutorials are showing older versions of software

Post the URL for the web site you want to use. I need to see the alert you are receiving.

Share this post


Link to post
Share on other sites

If you are ok with Coinminer running on the machines, did you exclude @NAME=JS/CoinMiner.D and @NAME=JS/CoinMiner.F for whole drives, ie. with * as the path?

Share this post


Link to post
Share on other sites

Malwarebytes has an interesting way of handling this situation.

In the scan exclude list you would first add the coin miner domain you wish to exclude i.e. coinhive.com and then the IP address of URL running the script. So if hxxp://www.crapsite.com is IP address 1.1.1.1 and running Coin Hive script-wise using coinhive.com, you would add both coinhive.com and 1.1.1.1 to the exclude list. MBAM interprets this as only allow connection to coinhive.com from hxxp://www.crapsite.com.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...