• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

JSCoinminer Crippling my Computers

I'm getting alerts every few minutes such as: Norton blocked Web Attack: JSCoinminer Download 6  (or 8). About half the websites I try to visit are blocked (intrusion attempt by same.) Even norton and symantec websites are blocked for malicious attacks. Live update does not usually run (likely web access is blocked.) It just started one day on all four computers in the house. All run Windows 10 and Google Chrome. Same thing happens with MS Edge browser. Same thing happens using my phone as hotspot (i.e. different ISP, bypassing my router). 

I ran a comlete Norton scan, Malware Bytes, HitmanPro, Emsisoft. All clean. I removed and reinstalled Norton Security. Same problems. I removed Chrome, thinking maybe an extension was causing problems--no luck. 

I don't know what else to try other than to uninstall Norton Security. That solved the problem, but not really a solution. Interesting that even then HitmanPro (realtime monitoring) detected some hits from coinhive.com, but not nearly to the same degree. 

I've read that cryptomining scripts can reside at websites, user computers, or intermediate routers. Not sure what is going on here. Any suggestions? I'm pretty much at wit's end.

Replies

Kudos0

Re: JSCoinminer Crippling my Computers

I can't really offer much help with the coinminer issue but HitmanPro doesn't have real-time monitoring, unless you mean HMP.Alert?

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: JSCoinminer Crippling my Computers

Yeah, I think that's what they call it. It's a 30 day free trial with HitmanPro.

Kudos2 Stats

Re: JSCoinminer Crippling my Computers

Hi @Edward D,

I've forwarded this to my team to look at. We might need more information to diagnose what is going on.

It sounds like malware is redirecting your browsing traffic to coinhive. 

And it sounds similar to this router malware, but you already ruled out the router. https://www.symantec.com/blogs/threat-intelligence/hacked-mikrotik-router

"Symantec has been tracking a large-scale coin-mining campaign which, as per Shodan, has currently infected about 157,000 MikroTik routers."

Kudos0

Re: JSCoinminer Crippling my Computers

Hi @Edward D,  I have sent you a private message requesting logs and more details for further investigation. Thanks

Sunil_GA | Norton Forums Administrator | Symantec Corporation

This thread is closed from further comment. Please visit the forum to start a new thread.