Jean93 0 Posted November 5, 2018 Share Posted November 5, 2018 Hi all, The threat JS/CoinMiner.BF trojan keeps appearing in my threat logs on ESET Remote Administrator Console. Action taken by ESET is "connection terminated". This is happening again after i did a fresh windows install on the client. i can see that the trojan is being detected when the client is accessing a network printer as well. Can anyone please advise how to remove the JS/CoinMiner.BF trojan Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted November 5, 2018 Most Valued Members Share Posted November 5, 2018 (edited) @Jean93,It happened here before : https://forum.eset.com/topic/16584-jscoinminerbf-keeps-poping-up/ Take a look at the replies and see if something helps you , check your router , it might be that your router is infected , or redirecting you to the CoinMiner. As far as I know it's Mikrotek routers that got infected the most , see @Marcos's reply here : "Install the latest firmware available for your Mikrotik router and reset it to factory settings. Reinstalling Windows won't help since it's router that serves a CoinMiner script. " Edited November 5, 2018 by Rami Link to comment Share on other sites More sharing options...
Jean93 0 Posted November 6, 2018 Author Share Posted November 6, 2018 Hi Rami, Thank you for your reply. I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider. However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat. Any advise what tools i can use to remove the trojan from the client? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted November 6, 2018 Administrators Share Posted November 6, 2018 12 minutes ago, Jean93 said: Any advise what tools i can use to remove the trojan from the client? The malicious code is most likely injected in the router. The solution is to reset router's firmware to factory settings and install the latest version of firmware. If the vendor does not maintain the firmware any more, it will be necessary to replace it with a newer and fully supported one. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 202 Posted November 6, 2018 Most Valued Members Share Posted November 6, 2018 17 minutes ago, Jean93 said: Hi Rami, Thank you for your reply. I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider. However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat. Any advise what tools i can use to remove the trojan from the client? The client most likely is not infected , as Marcos said , it's your router that is trying to redirect you to the CoinMiner Link to comment Share on other sites More sharing options...
Recommended Posts