Trojan:HTML/CoinMiner

[DCP16]

Very interesting. Win Defender just quarantined that same file after a restart. I have ASC v. 12, and haven't updated to 13. (As a matter of fact, ASC just tried to push 13.)

 

I've had ASC for years and years. I just disabled it at start up within the program (which I've tried to do numerous times, many different ways, we'll see), and killed it in Task Mgr (hahaha, why not?).

 

I also checked auto-update, and I had all of that shut off already.

 

So how did this evil file find me? I am two seconds away from uninstalling ASC. I find it's sticky proprietary settings (start up, etc) extremely irritating, and always have. This nasty virus could be it.

 

Oh! And isn't it the ultimate irony that the infected file was found under sub-folder Surfing Protection?

[sjlarowe]

So Windows Defender reports this as Trojan, BUT if you goto the file location, there is another file called "ASCMinerList.db" open that file with notepad and this is what you get:

 

"*://*/*cryptonight.wasm

*://*/*deepMiner.js

*://*/*deepMiner.min.js

*://*/*?proxy=wss://*

*://*/*?proxy=ws://*

*://*/*coinhive.min.js*

*://*/*monero-miner.js*

*://*/*wasmminer.wasm*

*://*/*wasmminer.js*

*://*/*cn-asmjs.min.js*

*://*/*plugins/aj-cryptominer*

*://*/*plugins/ajcryptominer*

*://*/*plugins/wp-monero-miner-pro*

*://*/*lib/crlt.js*

*://*/*pool/direct.js*

*://*/*n.2.1.js*

*://*/*n.2.1.l*.js*

*://*/*gridcash.js*

*://*/*worker-asmjs.min.js*

*://load.jsecoin.com/*

*://*.coin-hive.com/lib*

*://*.coin-hive.com/proxy*

*://*.coin-hive.com/captcha*

*://*.edgeno.de/*

 

And that list goes on and on. Meaning this was deliberate, and I want a damn refund

[MiSFiT203]

sadly, Iobit are unlikely to respond to this Topic, as they no longer seem to care about Users issues.

So, I do not know where it will go from here, other than to suggest that you use ASC 12 for now.

Also it may be worth sending a report to Majorgeeks to make them aware of the issue.

 

I made an account specifically to respond to this thread, I came here cause like everyone else i went to IOBit's official website to get update for ASC which i have been using for more years than i can remember. I always had the utmost trust for IOBit products and used most of them at one time or another when i needed them. I came here patient and willing to wait to see what happens with this issue being resolved, but after seeing the above quote from a forum "MODERATOR", I decided i'm not gonna risk it. If they dont care about users and issues, especially trojans, then i'm out. done with IOBit products and removing them all. all trust is lost. Not gonna trust a company that adds trojans to my PC. Bye Bye!

 

and just so people know, i dont have ASC 13, I just noticed in remove programs that im on version ASC v.12.6.0

[Scannan]

So Windows Defender reports this as Trojan, BUT if you goto the file location, there is another file called "ASCMinerList.db" open that file with notepad and this is what you get:

 

"*://*/*cryptonight.wasm

*://*/*deepMiner.js

*://*/*deepMiner.min.js

*://*/*?proxy=wss://*

*://*/*?proxy=ws://*

*://*/*coinhive.min.js*

*://*/*monero-miner.js*

*://*/*wasmminer.wasm*

*://*/*wasmminer.js*

*://*/*cn-asmjs.min.js*

*://*/*plugins/aj-cryptominer*

*://*/*plugins/ajcryptominer*

*://*/*plugins/wp-monero-miner-pro*

*://*/*lib/crlt.js*

*://*/*pool/direct.js*

*://*/*n.2.1.js*

*://*/*n.2.1.l*.js*

*://*/*gridcash.js*

*://*/*worker-asmjs.min.js*

*://load.jsecoin.com/*

*://*.coin-hive.com/lib*

*://*.coin-hive.com/proxy*

*://*.coin-hive.com/captcha*

*://*.edgeno.de/*

 

And that list goes on and on. Meaning this was deliberate, and I want a damn refund

 

I think that you may have mis-understood this list's function. I believe that this is the database of sites to be blocked by Surfing Protection, similar to a malware database.

[Cicely]

Hi there,

 

This Cicely from IObit.

 

To solve this false positive, we have worked out a new version for ASC. Could you please check whether it is all right you download it from the following link?

 

http://update.iobit.com/dl/advanced-systemcare-setup.exe

 

At the same time, we are still communicating with Microsoft about the detection.

 

Anyway, sorry about the inconvenience

[Cicely]

Hi there,

 

This is Cicely from IObit.

 

To solve this false positive, we have worked out a new version for ASC. Could you please check whether it is all right you download it from the following link?

 

http://update.iobit.com/dl/advanced-systemcare-setup.exe

 

At the same time, we are still communicating with Microsoft about the detection.

 

Anyway, sorry about the inconvenience

[Emil]

Hi, I've been infected by the Trojan: HTML / CoinMiner following a download of ASC version 13. I read in the forum that I would have solved the problem with the following: Advanced SystemCare 13.0 (13.0.2.170) is released! [October 24, 2019] (Updated to version 13.0.2.171 - November 07, 2019) (Updated to version 13.0.2.172 - November 19, 2019). I have scanned and repaired but the problem persists. In windows defender the trojan: HTML / CoinMiner is disabled but there is the writing: This threat or app may not be completely correct. How do I solve the problem? I attach a photo but it is in italian language. Thanks

[coinmineduser1]

+++NOT SOLVED+++ This Trojan is NO wrong alert. PLUS there seems to be something else hidden in iUNINSTALLER. Smart Defrag and Driver Booster were easy to remove, iUNINSTALLER was a bit harder.

By the way, I should not be able to register here anonymously with TRASH MAIL like I just did.

This calls for a BIG SORRY that you did not notice YOU WERE HACKED IN NOVEMBER FOR SURE

[Cicely]

Hi there,

 

If the report is still there, could you please send us a screenshot of the detection?