Jump to content

JS/CoinMiner.BF trojan


Jean93

Recommended Posts

Hi all,

 

The threat JS/CoinMiner.BF trojan keeps appearing in my threat logs on ESET Remote Administrator Console. Action taken by ESET is "connection terminated". This is happening again after i did a fresh windows install on the client. i can see that the trojan is being detected when the client is accessing a network printer as well.

Can anyone please advise how to remove the JS/CoinMiner.BF trojan

Link to comment
Share on other sites

  • Most Valued Members

@Jean93,It happened here before : https://forum.eset.com/topic/16584-jscoinminerbf-keeps-poping-up/

Take a look at the replies and see if something helps you , check your router , it might be that your router is infected , or redirecting you to the CoinMiner.

As far as I know it's Mikrotek routers that got infected the most , see @Marcos's reply here : "Install the latest firmware available for your Mikrotik router and reset it to factory settings. Reinstalling Windows won't help since it's router that serves a CoinMiner script. "

 

Edited by Rami
Link to comment
Share on other sites

Hi Rami,

Thank you for your reply.

I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider.

However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat.

 

Any advise what tools i can use to remove the trojan from the client?

Link to comment
Share on other sites

  • Administrators
12 minutes ago, Jean93 said:

Any advise what tools i can use to remove the trojan from the client?

The malicious code is most likely injected in the router. The solution is to reset router's firmware to factory settings and install the latest version of firmware. If the vendor does not maintain the firmware any more, it will be necessary to replace it with a newer and fully supported one.

Link to comment
Share on other sites

  • Most Valued Members
17 minutes ago, Jean93 said:

Hi Rami,

Thank you for your reply.

I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider.

However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat.

 

Any advise what tools i can use to remove the trojan from the client?

The client most likely is not infected , as Marcos said , it's your router that is trying to redirect you to the CoinMiner

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...