Jump to content
Jean93

JS/CoinMiner.BF trojan

Recommended Posts

Hi all,

 

The threat JS/CoinMiner.BF trojan keeps appearing in my threat logs on ESET Remote Administrator Console. Action taken by ESET is "connection terminated". This is happening again after i did a fresh windows install on the client. i can see that the trojan is being detected when the client is accessing a network printer as well.

Can anyone please advise how to remove the JS/CoinMiner.BF trojan

Share this post


Link to post
Share on other sites

@Jean93,It happened here before : https://forum.eset.com/topic/16584-jscoinminerbf-keeps-poping-up/

Take a look at the replies and see if something helps you , check your router , it might be that your router is infected , or redirecting you to the CoinMiner.

As far as I know it's Mikrotek routers that got infected the most , see @Marcos's reply here : "Install the latest firmware available for your Mikrotik router and reset it to factory settings. Reinstalling Windows won't help since it's router that serves a CoinMiner script. "

 

Edited by Rami

Share this post


Link to post
Share on other sites

Hi Rami,

Thank you for your reply.

I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider.

However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat.

 

Any advise what tools i can use to remove the trojan from the client?

Share this post


Link to post
Share on other sites
12 minutes ago, Jean93 said:

Any advise what tools i can use to remove the trojan from the client?

The malicious code is most likely injected in the router. The solution is to reset router's firmware to factory settings and install the latest version of firmware. If the vendor does not maintain the firmware any more, it will be necessary to replace it with a newer and fully supported one.

Share this post


Link to post
Share on other sites
17 minutes ago, Jean93 said:

Hi Rami,

Thank you for your reply.

I have identified what i suspect has been holding the trojan. Indeed i have a mikrotek router on my network which i grant remote access to my VOIP services support. I have isolate the router from the network and waiting for a new replacement and updated firmware from my service provider.

However one of my client is still being affected by the same trojan. When surfing the net ESET is now blocking websites with the JS/CoinMiner.BF trojan as a threat.

 

Any advise what tools i can use to remove the trojan from the client?

The client most likely is not infected , as Marcos said , it's your router that is trying to redirect you to the CoinMiner

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×