Jump to content

Archived

This topic is now archived and is closed to further replies.

rharesh

JS/Coinminer.BF Keeps Poping up

Recommended Posts

Eset keeps blocking JS/Coinminer.BF for every website i visit, even gmail, msn etc once it will popup if i hit enter again it will work

It does same for IDM, Adobe or any internet based software, done full system scan, used eset rescue disk, checked with tech support etc not sure what is the source is it from my pc or isp ?

coinminer.JPG

Share this post


Link to post
Share on other sites

To fix this, perform a factory reset of your router and install the latest version of firmware. It appears that your router was hacked. Are you using Mikrotik? What model?

Share this post


Link to post
Share on other sites

I have a TP-Link wifi router which i configured with connection from fiber channel provider OptiLink device

Share this post


Link to post
Share on other sites

My isp has mikrotik router.. I gave direct connection to my system bypassing my tplink router same issue... Looks like issue from isp side...

Share this post


Link to post
Share on other sites

Its not my router i reset it aswell.. i guess its from isp or its coming from some other pc which is going through the same gateway

Share this post


Link to post
Share on other sites
1 hour ago, rharesh said:

Its not my router i reset it aswell

If your router is one of the vulnerable TP-Link ones, a reset is not enough. You will have to apply a firmware update if one is available from TP-Link to the router . 

Share this post


Link to post
Share on other sites

If you have an opportunity to try a router of a different brand, please do so and let us know if the issue goes away. I'd also suggest trying SysRescue and the browser included with it to see if the alert is still triggered to rule out a local system infection.

Share this post


Link to post
Share on other sites

Hi,

we have many of this infection notifications since friday, could there be a bug? Different mashines and different routers. (private home office and different business locations)

Share this post


Link to post
Share on other sites
21 minutes ago, HSW said:

we have many of this infection notifications since friday, could there be a bug? Different mashines and different routers. (private home office and different business locations)

I'd suggest creating a SysRescue medium, booting from it and opening a website through the built-in browser. If the threat is detected, it's likely either the router or ISP that was compromised.

Share this post


Link to post
Share on other sites

It is a homepage not the clients. Eset reacts to the http of this side https is all fine. Its our own hp.

Share this post


Link to post
Share on other sites

@marcos i send you private the link.

 

Share this post


Link to post
Share on other sites
On 9/5/2018 at 1:10 PM, urbmend26 said:

I solve the problem, with Mikrotik Router.

How did you solve it with Mikrotik router? Can you please explain it? Today I start getting this annoying popup JS/Coinminer.AH not BF

I am thinking to reformat my Windows, please help.

Share this post


Link to post
Share on other sites
12 minutes ago, Hasan Halim said:

How did you solve it with Mikrotik router? Can you please explain it? Today I start getting this annoying popup JS/Coinminer.AH not BF

I am thinking to reformat my Windows, please help.

Install the latest firmware available for your Mikrotik router and reset it to factory settings. Reinstalling Windows won't help since it's router that serves a CoinMiner script.

Share this post


Link to post
Share on other sites

Hi Marcos, your reply is really helpful, it solves my problem. I was so stressed of annoying popup JS/Coinminer.AH

It was really unexpected that the cause would be MikroTik router and yes when I check my MikroTik settings, the Firewall rules and NAT had been changed.

Again, thank you.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...