6547 0 Posted December 17, 2017 Share Posted December 17, 2017 First, sorry for the bad english. it's not my native language.. So i have this problem since 12/10/2017, with this Malware " JS/CoinMiner.J " Almost every website that i opened up is giving ESET notification even even IGN website... Here's the Log File it's started since 12/10/2017 I have try to block it from my ESET Management though, but the problem still occurs Here's one of the log files <?xml version="1.0" encoding="utf-8" ?> <ESET> <LOG> <RECORD> <COLUMN NAME="Time">12/17/2017 2:03:23 PM</COLUMN> <COLUMN NAME="Scanner">JavaScript scanner</COLUMN> <COLUMN NAME="Object type">file</COLUMN> <COLUMN NAME="Object">https://cfs.uzone.cf/xmr/m.js?proxy=wss://ws-pool.uzone.cf/xmr</COLUMN> <COLUMN NAME="Threat">JS/CoinMiner.J potentially unwanted application</COLUMN> <COLUMN NAME="Action">blocked</COLUMN> <COLUMN NAME="Information"></COLUMN> <COLUMN NAME="Hash">A7F2CFB63CCB6EC92DF4693653BE6FF850E41090</COLUMN> <COLUMN NAME="First seen here"></COLUMN> </RECORD> </LOG> </ESET> Link to comment Share on other sites More sharing options...
Administrators Marcos 4,718 Posted December 17, 2017 Administrators Share Posted December 17, 2017 First make sure that you have SSL/TLS filtering enabled. Then remove the two addresses from the list of blocked addresses and add just the following: *cfs.uzone.cf.com* Link to comment Share on other sites More sharing options...
6547 0 Posted December 17, 2017 Author Share Posted December 17, 2017 (edited) It's enabled... and my web browser is on the list of SSL/TLS filtered application And i have been add the url, but still no changes at all... Edited December 17, 2017 by 6547 Link to comment Share on other sites More sharing options...
itman 1,542 Posted December 18, 2017 Share Posted December 18, 2017 7 hours ago, 6547 said: And i have been add the url, but still no changes at all... Try this. Change this "*cfs.uzone.cf.com*" in the List of blocked address URL list to *.cfs.uzone.cf.com/* . Also checkmark the option "Notify when applying" in the List of blocked address URL Lists. This will show an alert every time the above coin miner URL is detected and blocked. Link to comment Share on other sites More sharing options...
6547 0 Posted December 18, 2017 Author Share Posted December 18, 2017 Thank you guys! It's i think it's because my wifi ISP, cfs.uzone.cf is redirect link from my ISP. I try to connect to other wifi that have different ISP. And nothing happen, so i assumed that is because my ISP. But i either way, thank you for the advice guys! you're the best @itman@Marcos Link to comment Share on other sites More sharing options...
Recommended Posts