Announcement

Collapse
No announcement yet.

Trojan:HTML/CoinMiner

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I have ALWAYS download from "Download.com" and didn't have a problem until yesterday when Defender found "Trojan:HTML/CoinMiner". I uninstalled ASM 13 immediately and decided to install ASM 12 from a thumb drive and it was infected with "Trojan:HTML/CoinMiner" also. What gives? Have I been infected all this time?

    Comment


    • #17
      Originally posted by workn View Post
      I have ALWAYS download from "Download.com" and didn't have a problem until yesterday when Defender found "Trojan:HTML/CoinMiner". I uninstalled ASM 13 immediately and decided to install ASM 12 from a thumb drive and it was infected with "Trojan:HTML/CoinMiner" also. What gives? Have I been infected all this time?
      Just uninstall ASC and ensure all remnants/folders are removed.
      Scan your thumbdrive to be sure it is not infected.
      If all is well, install ASC 12 from the thumb drive.
      To err is Human. To really mess things up you need a PC.

      Comment


      • #18
        @ Scannan RE: install ASC 12 from the thumb drive.

        Like I SAID ASC 12 was also infected with the same Trojan:HTML/CoinMiner as ASM 13 was. I just wonder how long I have been infected since I has ASM 12 installed a long time. Really makes we wonder about iobit Uninstaller too.

        Comment


        • #19
          Originally posted by Scannan View Post

          If you received ASC from a third party vendor, it is possible that the Trojan may have been added by the vendor.
          I suggest uninstalling ASC making sure to clean all remnants and folders. Then download ASC from the recommended sites in in the News & Updates section of the Forum.
          Originally posted by Scannan View Post

          If you received ASC from a third party vendor, it is possible that the Trojan may have been added by the vendor.
          I suggest uninstalling ASC making sure to clean all remnants and folders. Then download ASC from the recommended sites in in the News & Updates section of the Forum.

          I downloaded straight from the iobit site. I try 2 times. Same problem. I have 2 computers and both have same problem. (sorry my bad english)

          Comment


          • #20
            Das Problem scheint sich erledigt zu haben.

            Wurde am 18.11.2019 von Microsoft Defender nach Update Viren-Defenitionen als schädlich erkannt.
            Auf Virus Total wurde ein schädlicher Fund im Zusammenhang mit der Datei nur von Microsoft - Defender lokalisiert.

            Hab vorsorglich neu mit Direktdownload (wie hier im Thread eindeutig angegeben!) installiert
            (Downloadlink für pro kann aber auch auf der Webseite für E-Mail-Empfang angefordert werden).

            Die angegebene Datei im Zusammenhang mit dem mutmaßlichen schädlichen Fund ist aktuell vorhanden, aber kein schädlicher Fund mehr von Microsoft – Defender bei den hier von mir getesteten Systemen.

            Hintergründe/ Ursachen bleiben offen,
            ob es eine fehlerhafte Erkennung von Microsoft – Defender war (?) oder
            andere Ursachen gegeben waren (?) oder
            ob das Problem noch vorhanden ist und nur nicht mehr erkannt wird (?).

            Wer noch die Möglichkeit hat, kann auch die Datei an Microsoft senden zwecks Überprüfung
            und das Ergebnis hier bekanntgeben.

            Meine nur Vermutung ist, es war ein Fehlalarm. Ich weiß es aber nicht!


            ===============================================================================

            Was Anmeldung im Forum betrifft, scheint eine Sonderkategorie zu sein.
            Wird hier nur die Bestell – E-Mail – Adresse akzeptiert?



            EDIT : enoskype
            Google Translation


            The problem seems to have been resolved.

            Was on 18.11.2019 by Microsoft Defender after update detected virus defenses as harmful.
            On Virus Total, a malicious find related to the file was located only by Microsoft - Defender.

            Have precaution newly installed with direct download (as clearly stated here in the thread!)
            (Download link for pro can also be requested on the website for e-mail reception).

            The specified file related to the alleged malicious find is currently available, but no more damaging finding from Microsoft Defender on the systems I've tested here.

            Backgrounds / causes remain open,
            whether it was a faulty detection of Microsoft Defender (?) or
            other causes were given (?) or
            if the problem is still present and only not recognized (?).

            If you still have the option, you can also send the file to Microsoft for review
            and announce the result here.

            My only guess is it was a false alarm. But I do not know!


            ================================================== =============================

            Regarding registration in the forum seems to be a special category.
            Will only the order email address be accepted here?

            Comment


            • #21
              After translating the above German posting, which stated that the problem was resolved, I checked again and the problem is still not resolved (see included screen capture). What's interesting is that I updated a friend's computer last Thursday with the very same version (13.0.2) and it installed without any virus, so this virus infection is either a recent addition that someone hacked or something changed with Windows Defender that is catching this.

              Comment


              • #22
                Vielleicht hilft es Dir, wenn Du so vorgehst, wie ich es tat.

                Unter Schutzverlauf Windows – Defender bei allen Meldungen „Entfernen“.

                ASC herunterladen (free) https://www.iobit.com/de/products.php
                Pro wird später selbständig erkannt bei nachfolgender Vorgehensweise.

                ASC deinstallieren über Systemsteuerung Windows.
                Kontrolliere zuvor und danach das Vorhandensein / Nichtvorhandensein der fraglichen Datei
                im Windows – Explorer.

                Prüfe die herunter geladene Datei mit Windows – Defender.

                Installiere ASC neu. Hab etwas Geduld.

                Gehe zur fraglichen Datei im Explorer und prüfe diese mit Windows Defender (und beispielsweise mit Virus Total).
                Es sollte eine Datei überprüft worden sein.

                Der Windows – Defender scheint einige Probleme zu haben. Auf einem der 3 Testgeräte
                hatte ich zuvor die Datei wieder hergestellt. Dort wird angezeigt, dass ein Ausschluss für die Datei bestünde. Somit wurden 0 Dateien überprüft. Es gibt aber keine Ausschlusse.
                Bei den anderen zwei Testgeräten wurden keine Bedrohungen erkannt.

                Versuche das einfach einmal so und lass wissen, ob es funktionierte oder ob es Probleme gab.

                Viel Glück!

                EDIT : enoskype
                Google Translation


                Maybe it will help you if you act as I did.

                Under Protection Windows - Defender on all messages "Remove".

                Download ASC (free) https://www.iobit.com/products.php
                Pro will later be independently recognized in the following procedure.

                Uninstall ASC through Windows Control Panel.
                Before and after, check the presence / absence of the file in question
                in Windows Explorer.

                Check the downloaded file with Windows Defender.

                Reinstall ASC. Be patient.

                Go to the file in question in Explorer and check it with Windows Defender (and Virus Total for example).
                A file should have been checked.

                The Windows Defender seems to have some problems. On one of the 3 test devices
                I had previously restored the file. It will indicate there is an exclusion for the file. Thus, 0 files were checked. But there are no exclusions.
                The other two testers did not detect any threats.

                Just try it and let it know if it worked or if it had problems.

                Good luck!


                Comment


                • #23
                  Inzwischen, nach etwa 24 Stunden, hat der Microsoft Defender es geschafft, den Ausschluss bei dem einen Gerät zu erkennen und anzuzeigen.
                  Somit konnte dieser wieder entfernt werden.

                  Hier nun ein Screenshot für die Prüfung durch Microsoft Defender auf dem Geräte mit der fraglichen Datei. Bitte beachten, dass der Pfad der Datei sich bei 32 bit und 64 bit Windows leicht unterscheidet.



                  EDIT : enoskype
                  Google Translation


                  Meanwhile, after about 24 hours, the Microsoft Defender has managed to detect the exclusion of the one device and display.
                  Thus, this could be removed again.

                  Here is a screenshot for the review by Microsoft Defender on the device with the file in question. Please note that the path of the file differs slightly for 32 bit and 64 bit Windows.

                  Comment


                  • #24
                    Hier einmal noch einen Ausschnitt der Prüfung der Datei im Beispielfall bei Win 10 32 bit "C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db" auf Virus Total (bei Win 10 64 bit analoges Ergebnis):



                    EDIT : enoskype
                    Google Translation


                    Here is an excerpt from the check of the file in the example case with Win 10 32 bit "C: \ Program Files \ IObit \ Advanced SystemCare \ Surfing Protection \ Database \ ASCSpecialUrl.db" on Virus Total (with Win 10 64 bit analogue result):

                    Comment


                    • #25
                      Hi Tomsoli 123, welcome to IObit Forum!

                      The forum is English only, please give at least a web translation if you write in another language as I did for you, otherwise you will not get response from Forum Leaders.

                      Thank you and cheers.
                      enoskype

                      - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                      Comment


                      • #26
                        Very interesting. Win Defender just quarantined that same file after a restart. I have ASC v. 12, and haven't updated to 13. (As a matter of fact, ASC just tried to push 13.)

                        I've had ASC for years and years. I just disabled it at start up within the program (which I've tried to do numerous times, many different ways, we'll see), and killed it in Task Mgr (hahaha, why not?).

                        I also checked auto-update, and I had all of that shut off already.

                        So how did this evil file find me? I am two seconds away from uninstalling ASC. I find it's sticky proprietary settings (start up, etc) extremely irritating, and always have. This nasty virus could be it.

                        Oh! And isn't it the ultimate irony that the infected file was found under sub-folder Surfing Protection?

                        Comment


                        • #27
                          So Windows Defender reports this as Trojan, BUT if you goto the file location, there is another file called "ASCMinerList.db" open that file with notepad and this is what you get:

                          "*://*/*cryptonight.wasm
                          *://*/*deepMiner.js
                          *://*/*deepMiner.min.js
                          *://*/*?proxy=wss://*
                          *://*/*?proxy=ws://*
                          *://*/*coinhive.min.js*
                          *://*/*monero-miner.js*
                          *://*/*wasmminer.wasm*
                          *://*/*wasmminer.js*
                          *://*/*cn-asmjs.min.js*
                          *://*/*plugins/aj-cryptominer*
                          *://*/*plugins/ajcryptominer*
                          *://*/*plugins/wp-monero-miner-pro*
                          *://*/*lib/crlt.js*
                          *://*/*pool/direct.js*
                          *://*/*n.2.1.js*
                          *://*/*n.2.1.l*.js*
                          *://*/*gridcash.js*
                          *://*/*worker-asmjs.min.js*
                          *://load.jsecoin.com/*
                          *://*.coin-hive.com/lib*
                          *://*.coin-hive.com/proxy*
                          *://*.coin-hive.com/captcha*
                          *://*.edgeno.de/*

                          And that list goes on and on. Meaning this was deliberate, and I want a damn refund

                          Comment


                          • #28
                            Originally posted by Scannan View Post
                            sadly, Iobit are unlikely to respond to this Topic, as they no longer seem to care about Users issues.
                            So, I do not know where it will go from here, other than to suggest that you use ASC 12 for now.
                            Also it may be worth sending a report to Majorgeeks to make them aware of the issue.
                            I made an account specifically to respond to this thread, I came here cause like everyone else i went to IOBit's official website to get update for ASC which i have been using for more years than i can remember. I always had the utmost trust for IOBit products and used most of them at one time or another when i needed them. I came here patient and willing to wait to see what happens with this issue being resolved, but after seeing the above quote from a forum "MODERATOR", I decided i'm not gonna risk it. If they dont care about users and issues, especially trojans, then i'm out. done with IOBit products and removing them all. all trust is lost. Not gonna trust a company that adds trojans to my PC. Bye Bye!

                            and just so people know, i dont have ASC 13, I just noticed in remove programs that im on version ASC v.12.6.0

                            Comment


                            • #29
                              Originally posted by sjlarowe View Post
                              So Windows Defender reports this as Trojan, BUT if you goto the file location, there is another file called "ASCMinerList.db" open that file with notepad and this is what you get:

                              "*://*/*cryptonight.wasm
                              *://*/*deepMiner.js
                              *://*/*deepMiner.min.js
                              *://*/*?proxy=wss://*
                              *://*/*?proxy=ws://*
                              *://*/*coinhive.min.js*
                              *://*/*monero-miner.js*
                              *://*/*wasmminer.wasm*
                              *://*/*wasmminer.js*
                              *://*/*cn-asmjs.min.js*
                              *://*/*plugins/aj-cryptominer*
                              *://*/*plugins/ajcryptominer*
                              *://*/*plugins/wp-monero-miner-pro*
                              *://*/*lib/crlt.js*
                              *://*/*pool/direct.js*
                              *://*/*n.2.1.js*
                              *://*/*n.2.1.l*.js*
                              *://*/*gridcash.js*
                              *://*/*worker-asmjs.min.js*
                              *://load.jsecoin.com/*
                              *://*.coin-hive.com/lib*
                              *://*.coin-hive.com/proxy*
                              *://*.coin-hive.com/captcha*
                              *://*.edgeno.de/*

                              And that list goes on and on. Meaning this was deliberate, and I want a damn refund
                              I think that you may have mis-understood this list's function. I believe that this is the database of sites to be blocked by Surfing Protection, similar to a malware database.
                              To err is Human. To really mess things up you need a PC.

                              Comment


                              • #30
                                Hi there,

                                This Cicely from IObit.

                                To solve this false positive, we have worked out a new version for ASC. Could you please check whether it is all right you download it from the following link?

                                http://update.iobit.com/dl/advanced-...care-setup.exe

                                At the same time, we are still communicating with Microsoft about the detection.

                                Anyway, sorry about the inconvenience
                                IObit Support Team --
                                If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

                                Comment

                                Working...
                                X