PurpleRanarr 0 Posted December 16, 2017 Share Posted December 16, 2017 Pretty much the only thing that my NOD32 Antivirus blocks these days is a program called JS/Coinminer.d or JS/Coinminer.f I am fully aware of what this program is and what it does, and I am very thankful that my fantastic antivirus stops it from abusing my computer. However, the sheer amount of this bug/trojan/virus is worrying. Attached is a list of recent quarantines. Is there any way I can permanently block this site (coinhive.com) or their unwanted applications without my antivirus having to do it for me? Thanks in advance, Purple. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted December 16, 2017 Administrators Share Posted December 16, 2017 This coin mining script is loaded by other websites, usually to gain some profit instead of displaying ads to the user. You can add the logged domain to the list of blocked websites in the url management setup. Link to comment Share on other sites More sharing options...
PurpleRanarr 0 Posted December 16, 2017 Author Share Posted December 16, 2017 Thank you very much for the quick response. I have now made the changes you recommended. 10/10 for response time, helpfulness and problem solving. Link to comment Share on other sites More sharing options...
yvon 0 Posted December 27, 2017 Share Posted December 27, 2017 I added coinhive.com to my hosts file 0.0.0.0 coinhive.com I hope this wil help Link to comment Share on other sites More sharing options...
Gpeter 0 Posted February 10, 2018 Share Posted February 10, 2018 Is there a way for me to let this script run? Because it is blocking even on sites that are asking people to mine in exchange for some service. Currently I am disabled from using the site. thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted February 10, 2018 Administrators Share Posted February 10, 2018 5 hours ago, Gpeter said: Is there a way for me to let this script run? Because it is blocking even on sites that are asking people to mine in exchange for some service. Currently I am disabled from using the site. thanks You can exclude this particular PUA from detection by its name. Link to comment Share on other sites More sharing options...
Gpeter 0 Posted February 20, 2018 Share Posted February 20, 2018 Even If I 've disabled protection for a period of time (1 hour) the page is still blocked? how is that possible? thanks Link to comment Share on other sites More sharing options...
Gpeter 0 Posted February 25, 2018 Share Posted February 25, 2018 No answer to this? All tutorials are showing older versions of software Link to comment Share on other sites More sharing options...
itman 1,746 Posted February 25, 2018 Share Posted February 25, 2018 2 hours ago, Gpeter said: No answer to this? All tutorials are showing older versions of software Post the URL for the web site you want to use. I need to see the alert you are receiving. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted February 25, 2018 Administrators Share Posted February 25, 2018 If you are ok with Coinminer running on the machines, did you exclude @NAME=JS/CoinMiner.D and @NAME=JS/CoinMiner.F for whole drives, ie. with * as the path? Link to comment Share on other sites More sharing options...
itman 1,746 Posted February 25, 2018 Share Posted February 25, 2018 Malwarebytes has an interesting way of handling this situation. In the scan exclude list you would first add the coin miner domain you wish to exclude i.e. coinhive.com and then the IP address of URL running the script. So if hxxp://www.crapsite.com is IP address 1.1.1.1 and running Coin Hive script-wise using coinhive.com, you would add both coinhive.com and 1.1.1.1 to the exclude list. MBAM interprets this as only allow connection to coinhive.com from hxxp://www.crapsite.com. Link to comment Share on other sites More sharing options...
Recommended Posts