Magnified 0 Posted August 22, 2018 Posted August 22, 2018 Have tried this link several times and gotten warned off. Might this be a false positive? Thanks
Administrators Marcos 5,735 Posted August 22, 2018 Administrators Posted August 22, 2018 Are you using a Mikrotik router? If so, it might have been compromised and a CoinMiner javascript is being added through a special html file that has the original page included via a frame. This is currently detected as a PUA (JS/CoinMiner.AH) so make sure that you have PUA detection enabled and modules updated.
Magnified 0 Posted August 23, 2018 Author Posted August 23, 2018 I am using a TP-link AC1200 switch; as far as i am aware nothing has been compromised, but this is not my specialty. Thanks for the reply.
Administrators Marcos 5,735 Posted August 23, 2018 Administrators Posted August 23, 2018 If the detection is still triggered on the website, please provide ELC logs but also select "quarantined files" prior to collecting the stuff.
Recommended Posts