Jump to content

JS/CoinMiner.J Malware


6547
 Share

Recommended Posts

First, sorry for the bad english. it's not my native language..
So i have this problem since 12/10/2017, with this Malware " JS/CoinMiner.J "

Almost every website that i opened up is giving ESET notification

image.thumb.png.01d491474f0a4c4a6527f1980206453a.pngeven

even IGN website...

Here's the Log File it's started since 12/10/2017

image.png.ba94b4e387f0fb6b59cd6b4297703c21.png

I have try to block it from my ESET Management though, but the problem still occursimage.png.21231a5f3a2f158d05fa04f6d4999cfe.png

 

Here's one of the log files

<?xml version="1.0" encoding="utf-8" ?>
<ESET>
  <LOG>
    <RECORD>
      <COLUMN NAME="Time">12/17/2017 2:03:23 PM</COLUMN>
      <COLUMN NAME="Scanner">JavaScript scanner</COLUMN>
      <COLUMN NAME="Object type">file</COLUMN>
      <COLUMN NAME="Object">https://cfs.uzone.cf/xmr/m.js?proxy=wss://ws-pool.uzone.cf/xmr</COLUMN>
      <COLUMN NAME="Threat">JS/CoinMiner.J potentially unwanted application</COLUMN>
      <COLUMN NAME="Action">blocked</COLUMN>
      <COLUMN NAME="Information"></COLUMN>
      <COLUMN NAME="Hash">A7F2CFB63CCB6EC92DF4693653BE6FF850E41090</COLUMN>
      <COLUMN NAME="First seen here"></COLUMN>
    </RECORD>
 </LOG>
</ESET>

Link to comment
Share on other sites

  • Administrators

First make sure that you have SSL/TLS filtering enabled. Then remove the two addresses from the list of blocked addresses and add just the following:
*cfs.uzone.cf.com*

Link to comment
Share on other sites

It's enabled... and my web browser is on the list of SSL/TLS filtered application
image.png.2778bb6a7883610da4279cf291716621.png

And i have been add the url, but still no changes at all...

Edited by 6547
Link to comment
Share on other sites

7 hours ago, 6547 said:

And i have been add the url, but still no changes at all...

Try this.

Change this "*cfs.uzone.cf.com*" in the List of blocked address URL list to *.cfs.uzone.cf.com/* . Also checkmark the option "Notify when applying" in the List of blocked address URL Lists. This will show an alert every time the above coin miner URL is detected and blocked. 

Link to comment
Share on other sites

Thank you guys! It's i think it's because my wifi ISP, cfs.uzone.cf is redirect link from my ISP. I try to connect to other wifi that have different ISP. And nothing happen, so i assumed that is because my ISP. But i either way, thank you for the advice guys! you're the best @itman@Marcos

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...