Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

Trojan:HTML/CoinMiner


Captain Hastings
 Share

Recommended Posts

Very interesting. Win Defender just quarantined that same file after a restart. I have ASC v. 12, and haven't updated to 13. (As a matter of fact, ASC just tried to push 13.)

 

I've had ASC for years and years. I just disabled it at start up within the program (which I've tried to do numerous times, many different ways, we'll see), and killed it in Task Mgr (hahaha, why not?).

 

I also checked auto-update, and I had all of that shut off already.

 

So how did this evil file find me? I am two seconds away from uninstalling ASC. I find it's sticky proprietary settings (start up, etc) extremely irritating, and always have. This nasty virus could be it.

 

Oh! And isn't it the ultimate irony that the infected file was found under sub-folder Surfing Protection?

Link to comment
Share on other sites

So Windows Defender reports this as Trojan, BUT if you goto the file location, there is another file called "ASCMinerList.db" open that file with notepad and this is what you get:

 

"*://*/*cryptonight.wasm

*://*/*deepMiner.js

*://*/*deepMiner.min.js

*://*/*?proxy=wss://*

*://*/*?proxy=ws://*

*://*/*coinhive.min.js*

*://*/*monero-miner.js*

*://*/*wasmminer.wasm*

*://*/*wasmminer.js*

*://*/*cn-asmjs.min.js*

*://*/*plugins/aj-cryptominer*

*://*/*plugins/ajcryptominer*

*://*/*plugins/wp-monero-miner-pro*

*://*/*lib/crlt.js*

*://*/*pool/direct.js*

*://*/*n.2.1.js*

*://*/*n.2.1.l*.js*

*://*/*gridcash.js*

*://*/*worker-asmjs.min.js*

*://load.jsecoin.com/*

*://*.coin-hive.com/lib*

*://*.coin-hive.com/proxy*

*://*.coin-hive.com/captcha*

*://*.edgeno.de/*

 

And that list goes on and on. Meaning this was deliberate, and I want a damn refund

Link to comment
Share on other sites

sadly, Iobit are unlikely to respond to this Topic, as they no longer seem to care about Users issues.

So, I do not know where it will go from here, other than to suggest that you use ASC 12 for now.

Also it may be worth sending a report to Majorgeeks to make them aware of the issue.

 

I made an account specifically to respond to this thread, I came here cause like everyone else i went to IOBit's official website to get update for ASC which i have been using for more years than i can remember. I always had the utmost trust for IOBit products and used most of them at one time or another when i needed them. I came here patient and willing to wait to see what happens with this issue being resolved, but after seeing the above quote from a forum "MODERATOR", I decided i'm not gonna risk it. If they dont care about users and issues, especially trojans, then i'm out. done with IOBit products and removing them all. all trust is lost. Not gonna trust a company that adds trojans to my PC. Bye Bye!

 

and just so people know, i dont have ASC 13, I just noticed in remove programs that im on version ASC v.12.6.0

  • Like 1
Link to comment
Share on other sites

So Windows Defender reports this as Trojan, BUT if you goto the file location, there is another file called "ASCMinerList.db" open that file with notepad and this is what you get:

 

"*://*/*cryptonight.wasm

*://*/*deepMiner.js

*://*/*deepMiner.min.js

*://*/*?proxy=wss://*

*://*/*?proxy=ws://*

*://*/*coinhive.min.js*

*://*/*monero-miner.js*

*://*/*wasmminer.wasm*

*://*/*wasmminer.js*

*://*/*cn-asmjs.min.js*

*://*/*plugins/aj-cryptominer*

*://*/*plugins/ajcryptominer*

*://*/*plugins/wp-monero-miner-pro*

*://*/*lib/crlt.js*

*://*/*pool/direct.js*

*://*/*n.2.1.js*

*://*/*n.2.1.l*.js*

*://*/*gridcash.js*

*://*/*worker-asmjs.min.js*

*://load.jsecoin.com/*

*://*.coin-hive.com/lib*

*://*.coin-hive.com/proxy*

*://*.coin-hive.com/captcha*

*://*.edgeno.de/*

 

And that list goes on and on. Meaning this was deliberate, and I want a damn refund

 

I think that you may have mis-understood this list's function. I believe that this is the database of sites to be blocked by Surfing Protection, similar to a malware database.

Link to comment
Share on other sites

Hi there,

 

This Cicely from IObit.

 

To solve this false positive, we have worked out a new version for ASC. Could you please check whether it is all right you download it from the following link?

 

http://update.iobit.com/dl/advanced-systemcare-setup.exe

 

At the same time, we are still communicating with Microsoft about the detection.

 

Anyway, sorry about the inconvenience

Link to comment
Share on other sites

Hi there,

 

This is Cicely from IObit.

 

To solve this false positive, we have worked out a new version for ASC. Could you please check whether it is all right you download it from the following link?

 

http://update.iobit.com/dl/advanced-systemcare-setup.exe

 

At the same time, we are still communicating with Microsoft about the detection.

 

Anyway, sorry about the inconvenience

Link to comment
Share on other sites

  • 4 weeks later...

Hi, I've been infected by the Trojan: HTML / CoinMiner following a download of ASC version 13. I read in the forum that I would have solved the problem with the following: Advanced SystemCare 13.0 (13.0.2.170) is released! [October 24, 2019] (Updated to version 13.0.2.171 - November 07, 2019) (Updated to version 13.0.2.172 - November 19, 2019). I have scanned and repaired but the problem persists. In windows defender the trojan: HTML / CoinMiner is disabled but there is the writing: This threat or app may not be completely correct. How do I solve the problem? I attach a photo but it is in italian language. Thanks

Link to comment
Share on other sites

+++NOT SOLVED+++ This Trojan is NO wrong alert. PLUS there seems to be something else hidden in iUNINSTALLER. Smart Defrag and Driver Booster were easy to remove, iUNINSTALLER was a bit harder.

By the way, I should not be able to register here anonymously with TRASH MAIL like I just did.

This calls for a BIG SORRY that you did not notice YOU WERE HACKED IN NOVEMBER FOR SURE

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...