Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

Trojan:HTML/CoinMiner


Captain Hastings
 Share

Recommended Posts

Itens afetados:

 

containerfile: C:\Program Files (x86)\IObit\Advanced SystemCare\PatchSetup_A13.exe

 

file: C:\Program Files (x86)\IObit\Advanced SystemCare\PatchSetup_A13.exe->(inno#000356)

 

 

If you received ASC from a third party vendor, it is possible that the Trojan may have been added by the vendor.

I suggest uninstalling ASC making sure to clean all remnants and folders. Then download ASC from the recommended sites in in the News & Updates section of the Forum.

Link to comment
Share on other sites

I have a similar issue and tried uninstalling ASCv13 using IObit uninstaller, cleaning disc of IOBit data, and cleaning registry - to no avail. Installed the version 12 downloaded at the time of purchase and everything seem to work fine. But when ASC upgraded to V13, I got the Trojan message again similar to the ones reported. What gives??

Link to comment
Share on other sites

I have a similar issue and tried uninstalling ASCv13 using IObit uninstaller, cleaning disc of IOBit data, and cleaning registry - to no avail. Installed the version 12 downloaded at the time of purchase and everything seem to work fine. But when ASC upgraded to V13, I got the Trojan message again similar to the ones reported. What gives??

 

As I do not know whether you got your ASC or your upgrade from a third party vendor...it is difficult to help you.

So, as per my previous post when you uninstall ASC download ASC 13 from the approved site(s)/

If you then have the same issue we can assume Iobit are at fault. If not then the 3rd party vendor is the culprit.

 

 

  • Like 1
Link to comment
Share on other sites

Came here looking for answers about the same thing.

 

Windows Defender quantified this ASCSpecialUrl.db file as an HTML/CoinMiner trojan.

 

But I know that I received ACS directly from the source, not third party, so I selected Allow, however, Win10 opted to quarantine regardless.

  • Like 1
Link to comment
Share on other sites

The installation was performed directly from IObit servers. Windows Defender is blocking every single action made with ASC or other IObit productos

 

It you download from the News and Update section of the forum as I suggested.....you will download from Majorgeeks....not Iobits servers.

If you do not want to follow my advice, it is difficult to solve your issue.

 

 

Link to comment
Share on other sites

Well Scannon, this is interesting! I've tried both the News & Updates with no success in resolving the issue. However, I did reinstall the previous version12 that was downloaded with my original purchase with success (no Trojan reported!). However when the ASC12 does the auto update to Version13, the Trojan comes back after a reboot. I am assuming that updates come from the IOBit servers and not 'Major Geeks' or for that matter 'Download.com' Perhaps if you could provide a link direct to IOBit.com servers, we could assess where the issue lies. This is because IOBits web page 'free download' redirects you to 3rd party download sites unless you want to purchase a fresh copy of ASC13 - and I don't as I've already paid for it!

Link to comment
Share on other sites

Hi Scannan, Yep that was one attempt, but more importantly when the V12 is reinstalled, it works fine (No trojan reported on next boot), but when you expedite an update using the update feature on V12 to take it from V12 to V13, the next time you boot the Trojan report re-occurs. I am assuming that the internal sw update mechanism in V12 downloads the update from IOBit servers and not third party distributers - hence the request for a direct link to iobit servers. Hope that helps although methinks as many seem to have this issue from multiple sites, there's a serious problem

Link to comment
Share on other sites

If you downloaded ASC 13 from Majorgeeks and got a trojan....then yes...there is a serious problem, as Majorgeeks is absolutely reliable and safe. This means that Iobit are responsible and Majorgeeks is not aware that the download is compromised.

I do not understand why you reinstall ASC 12 repeatedly and then Update to ASC 13 knowing that you will get a Trojan.

Obviously ASC 12 is clean and therefore you should stay with that for the time being.

It would appear that Iobit has decided to include the CoinMiner trojan in their ASC 13 release. They probably did this because the CoinMiner trojan can be used to download unwanted programs such as pups etc...

Windows Defender will remove it, so it is not a great issue.

sadly, Iobit are unlikely to respond to this Topic, as they no longer seem to care about Users issues.

So, I do not know where it will go from here, other than to suggest that you use ASC 12 for now.

Also it may be worth sending a report to Majorgeeks to make them aware of the issue.

Link to comment
Share on other sites

Thanks Scannan, not the answer I was expecting but will follow your advice. It's a pretty poor show for a Software supplier to do that and not expect some flack for it. I would be interested to know if other users have the same experience with iobit - in my country they would run foul of the law if they knowingly included a Trojan like that in a paid product. Cheers!

Link to comment
Share on other sites

I have ALWAYS download from "Download.com" and didn't have a problem until yesterday when Defender found "Trojan:HTML/CoinMiner". I uninstalled ASM 13 immediately and decided to install ASM 12 from a thumb drive and it was infected with "Trojan:HTML/CoinMiner" also. What gives? Have I been infected all this time?

Link to comment
Share on other sites

I have ALWAYS download from "Download.com" and didn't have a problem until yesterday when Defender found "Trojan:HTML/CoinMiner". I uninstalled ASM 13 immediately and decided to install ASM 12 from a thumb drive and it was infected with "Trojan:HTML/CoinMiner" also. What gives? Have I been infected all this time?

 

Just uninstall ASC and ensure all remnants/folders are removed.

Scan your thumbdrive to be sure it is not infected.

If all is well, install ASC 12 from the thumb drive.

Link to comment
Share on other sites

@ Scannan RE: install ASC 12 from the thumb drive.

 

Like I SAID ASC 12 was also infected with the same Trojan:HTML/CoinMiner as ASM 13 was. I just wonder how long I have been infected since I has ASM 12 installed a long time. Really makes we wonder about iobit Uninstaller too.

 

 

Link to comment
Share on other sites

 

If you received ASC from a third party vendor, it is possible that the Trojan may have been added by the vendor.

I suggest uninstalling ASC making sure to clean all remnants and folders. Then download ASC from the recommended sites in in the News & Updates section of the Forum.

 

 

If you received ASC from a third party vendor, it is possible that the Trojan may have been added by the vendor.

I suggest uninstalling ASC making sure to clean all remnants and folders. Then download ASC from the recommended sites in in the News & Updates section of the Forum.

 

 

I downloaded straight from the iobit site. I try 2 times. Same problem. I have 2 computers and both have same problem. (sorry my bad english)

Link to comment
Share on other sites

Das Problem scheint sich erledigt zu haben.

 

Wurde am 18.11.2019 von Microsoft Defender nach Update Viren-Defenitionen als schädlich erkannt.

Auf Virus Total wurde ein schädlicher Fund im Zusammenhang mit der Datei nur von Microsoft - Defender lokalisiert.

 

Hab vorsorglich neu mit Direktdownload (wie hier im Thread eindeutig angegeben!) installiert

(Downloadlink für pro kann aber auch auf der Webseite für E-Mail-Empfang angefordert werden).

 

Die angegebene Datei im Zusammenhang mit dem mutmaßlichen schädlichen Fund ist aktuell vorhanden, aber kein schädlicher Fund mehr von Microsoft – Defender bei den hier von mir getesteten Systemen.

 

Hintergründe/ Ursachen bleiben offen,

ob es eine fehlerhafte Erkennung von Microsoft – Defender war (?) oder

andere Ursachen gegeben waren (?) oder

ob das Problem noch vorhanden ist und nur nicht mehr erkannt wird (?).

 

Wer noch die Möglichkeit hat, kann auch die Datei an Microsoft senden zwecks Überprüfung

und das Ergebnis hier bekanntgeben.

 

Meine nur Vermutung ist, es war ein Fehlalarm. Ich weiß es aber nicht!

 

 

===============================================================================

 

Was Anmeldung im Forum betrifft, scheint eine Sonderkategorie zu sein.

Wird hier nur die Bestell – E-Mail – Adresse akzeptiert?

 

 

 

EDIT : enoskype

Google Translation

 

 

The problem seems to have been resolved.

 

Was on 18.11.2019 by Microsoft Defender after update detected virus defenses as harmful.

On Virus Total, a malicious find related to the file was located only by Microsoft - Defender.

 

Have precaution newly installed with direct download (as clearly stated here in the thread!)

(Download link for pro can also be requested on the website for e-mail reception).

 

The specified file related to the alleged malicious find is currently available, but no more damaging finding from Microsoft Defender on the systems I've tested here.

 

Backgrounds / causes remain open,

whether it was a faulty detection of Microsoft Defender (?) or

other causes were given (?) or

if the problem is still present and only not recognized (?).

 

If you still have the option, you can also send the file to Microsoft for review

and announce the result here.

 

My only guess is it was a false alarm. But I do not know!

 

 

================================================== =============================

 

Regarding registration in the forum seems to be a special category.

Will only the order email address be accepted here?

 

Link to comment
Share on other sites

After translating the above German posting, which stated that the problem was resolved, I checked again and the problem is still not resolved (see included screen capture). What's interesting is that I updated a friend's computer last Thursday with the very same version (13.0.2) and it installed without any virus, so this virus infection is either a recent addition that someone hacked or something changed with Windows Defender that is catching this.

 

  • Like 1
Link to comment
Share on other sites

Vielleicht hilft es Dir, wenn Du so vorgehst, wie ich es tat.

 

Unter Schutzverlauf Windows – Defender bei allen Meldungen „Entfernen“.

 

ASC herunterladen (free) https://www.iobit.com/de/products.php

Pro wird später selbständig erkannt bei nachfolgender Vorgehensweise.

 

ASC deinstallieren über Systemsteuerung Windows.

Kontrolliere zuvor und danach das Vorhandensein / Nichtvorhandensein der fraglichen Datei

im Windows – Explorer.

 

Prüfe die herunter geladene Datei mit Windows – Defender.

 

Installiere ASC neu. Hab etwas Geduld.

 

Gehe zur fraglichen Datei im Explorer und prüfe diese mit Windows Defender (und beispielsweise mit Virus Total).

Es sollte eine Datei überprüft worden sein.

 

Der Windows – Defender scheint einige Probleme zu haben. Auf einem der 3 Testgeräte

hatte ich zuvor die Datei wieder hergestellt. Dort wird angezeigt, dass ein Ausschluss für die Datei bestünde. Somit wurden 0 Dateien überprüft. Es gibt aber keine Ausschlusse.

Bei den anderen zwei Testgeräten wurden keine Bedrohungen erkannt.

 

Versuche das einfach einmal so und lass wissen, ob es funktionierte oder ob es Probleme gab.

 

Viel Glück!

 

EDIT : enoskype

Google Translation

 

 

Maybe it will help you if you act as I did.

 

Under Protection Windows - Defender on all messages "Remove".

 

Download ASC (free) https://www.iobit.com/products.php

Pro will later be independently recognized in the following procedure.

 

Uninstall ASC through Windows Control Panel.

Before and after, check the presence / absence of the file in question

in Windows Explorer.

 

Check the downloaded file with Windows Defender.

 

Reinstall ASC. Be patient.

 

Go to the file in question in Explorer and check it with Windows Defender (and Virus Total for example).

A file should have been checked.

 

The Windows Defender seems to have some problems. On one of the 3 test devices

I had previously restored the file. It will indicate there is an exclusion for the file. Thus, 0 files were checked. But there are no exclusions.

The other two testers did not detect any threats.

 

Just try it and let it know if it worked or if it had problems.

 

Good luck!

 

 

Link to comment
Share on other sites

Inzwischen, nach etwa 24 Stunden, hat der Microsoft Defender es geschafft, den Ausschluss bei dem einen Gerät zu erkennen und anzuzeigen.

Somit konnte dieser wieder entfernt werden.

 

Hier nun ein Screenshot für die Prüfung durch Microsoft Defender auf dem Geräte mit der fraglichen Datei. Bitte beachten, dass der Pfad der Datei sich bei 32 bit und 64 bit Windows leicht unterscheidet.

 

 

 

EDIT : enoskype

Google Translation

 

 

Meanwhile, after about 24 hours, the Microsoft Defender has managed to detect the exclusion of the one device and display.

Thus, this could be removed again.

 

Here is a screenshot for the review by Microsoft Defender on the device with the file in question. Please note that the path of the file differs slightly for 32 bit and 64 bit Windows.

 

Link to comment
Share on other sites

Hier einmal noch einen Ausschnitt der Prüfung der Datei im Beispielfall bei Win 10 32 bit "C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\Database\ASCSpecialUrl.db" auf Virus Total (bei Win 10 64 bit analoges Ergebnis):

 

 

 

EDIT : enoskype

Google Translation

 

 

Here is an excerpt from the check of the file in the example case with Win 10 32 bit "C: \ Program Files \ IObit \ Advanced SystemCare \ Surfing Protection \ Database \ ASCSpecialUrl.db" on Virus Total (with Win 10 64 bit analogue result):

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...