Jump to content

Windows web Site - JS/CoinMiner

Pambos Zeniou

By Pambos Zeniou
in Malware Finding and Cleaning

 Share

Recommended Posts

Pambos Zeniou

Pambos Zeniou 0

Posted
Posted

Dear All,

I am getting notifications for windows web site like windows updates that the link and the attachment contains virus. See below the notification that i am getting

9/27/2018 1:49:55 AM - Module HTTP filter - Threat Alert triggered on computer EMAIL:  hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a640b841a3f8dd0d contains JS/CoinMiner.BF trojan.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Also this morning while i was checking my Even Viewer on the Email Server i found an error and when i try to open the link on the error the ESET block it....See below the notification.

Access to the web page was blocked.
hxxp://go.microsoft.com/fwlink/events.asp?ProdName=Microsoft®+Exchange&ProdVer=15.0.1104.0&EvtID=1009&EvtSrc=MSExchangeFastSearch&LCID=2057

Threat: JS/CoinMiner.AH potentially unwanted application

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Can someone advise how i can solve this issue.

Best Regards

Pambos Zeniou

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

If you are using a Mikrotik router, reset it to factory settings and upgrade the firmware to the latest version.

If that doesn't help, it could be that your ISP is using a compromised Mikrotik router.

Link to comment
Share on other sites
Pambos Zeniou

Pambos Zeniou 0

Posted
  • Author
Posted

Thanks for your reply,

I don't understand why Mikrotik can be the issue here. Can you please explain it to me.

Also when i try to open the same link from my Laptop its OK, but from the Server i am getting this report. If it was something to do with the Mikrotik why from my laptop it works.

 

Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted
6 hours ago, Pambos Zeniou said:

I don't understand why Mikrotik can be the issue here. Can you please explain it to me.

Also when i try to open the same link from my Laptop its OK, but from the Server i am getting this report. If it was something to do with the Mikrotik why from my laptop it works.

To begin with, the issue is not solely related to Mikrotik. Other router manufacturers have also been identified as having vulnerabilities.

Also, the issue is not restricted to locally installed routers. Many ISP routers and related backbone devices have been likewise infected. Many of these like recent postings in the forum have been traced backed to the ISP equipment being the source of the infection. 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...