• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Norton tells me sytem infected by Coinminer

Hello all,

As of today I'm getting messages from my Norton security that my system is infected. It states: System infected: Coinminer Activity 8.

I've googled and read up on some stuff and found out that my system isn't infected because norton is blocking it (I think?!). However I would like to figure out where its coming from and if there is a way of fixing it. The last few days I didn't install any software. Actually, I was on holiday and no one has access to my computer. 

As you can see on the printscreen attached to this post it happens now and then and I can't find the solution or problem whats causing this issue. I did a full system scan and did a anti malware/ransomware scan and nothing was found.

I'm using version: 22.14.2.13 on Windows 10.

Kind regards,

Remco

File Attachment: 

Replies

Kudos0

Re: Norton tells me sytem infected by Coinminer

System Infected: CoinMiner Activity 8
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30875

FWIW ~

http://www.ipvoid.com/

http://www.urlvoid.com/ip/40.115.22.134/

http://www.urlvoid.com/scan/min-api.cryptocompare.com/


No engines detected this URL
URL http: // min-api.cryptocompare. com/Hostmin-api.cryptocompare. com  
Last analysis 2018-07-17 12:07:34 UTC <here> --
https://virustotalcloud.appspot.com/nui/index.html#/domain/min-api.cryptocompare.com


If you believe Norton made a mistaken detection, you may submit a dispute at. https://submit.symantec.com/false_positive/.

Lets hear from Community

Kudos0

Re: Norton tells me sytem infected by Coinminer

Remcove:

However I would like to figure out where its coming from and if there is a way of fixing it. 

.... are you familiar with

https://safeweb.norton.com/report/show?url=cryptocompare.com

FWIW ~ YMMV

Kudos0

Re: Norton tells me sytem infected by Coinminer

Hello,

Thanks for your posts. I'm not familiar with this site. Never been on it to my knowledge.

Remco

Kudos0

Re: Norton tells me sytem infected by Coinminer

Hi
Um, does "More Options" offer any more info.   

Kudos0

Re: Norton tells me sytem infected by Coinminer

See attached images for the extra info from "more options"

Kudos0

Re: Norton tells me sytem infected by Coinminer

Um, are the "intrusion attempts" ongoing ...?

Kudos0

Re: Norton tells me sytem infected by Coinminer

Yes, Norton keeps on giving me messages that it blocked the attempt. Every like 30 minutes or so.

Kudos0

Re: Norton tells me sytem infected by Coinminer

Have you cleared browser and system temporary files and cleared cookies and machine restart?

Um, what other security programs now, before Norton?

Lets hear from Community

since you've googled and run scans... maybe, Chat with Official Norton Support

Kudos0

Re: Norton tells me sytem infected by Coinminer

Um, have you looked > Programs Files\WindowsApps\you'll need permission

Kudos0

Re: Norton tells me sytem infected by Coinminer

What you may be seeing are redirects from malformed ads on some web site you are viewing. If this is what is happening, nothing is being downloaded to your computer and the issue goes away when you close the browser tab that is involved.

You might get relief from these warnings by installing an ad blocker extension in your browser.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Norton tells me sytem infected by Coinminer

Kudos0

Re: Norton tells me sytem infected by Coinminer

I just did the clear browser etc. - Still same issue

I used the windows anti virus (windows defender or something it was called?) and another one which I forgot the name of.

Kudos0

Re: Norton tells me sytem infected by Coinminer

Ravaga Crypto Chart ?
 

Kudos0

Re: Norton tells me sytem infected by Coinminer

I tried entering the folder but it tells me access denied and when I try to give myself acces it tells me:

This acces control entry is corrupt. Delete it and create a new one.

I checked via CMD in Admin mode what files are in that specific folder and I found the following results: (look at the top 3 and bottom 3).

Kudos1 Stats

Re: Norton tells me sytem infected by Coinminer

Yeah, but what to do.  IDK

Yeah, the IP <here> pointed to Microsoft.  

Sorry, we're over my pay grade.  

Kudos1 Stats

Re: Norton tells me sytem infected by Coinminer

I submitted https://submit.symantec.com/false_positive/ ....but, don't know whether I submitted enough information.  
I'll update thread if n' when I hear back.

I'll presume (for now) Ravaga Crypto Chart is legit app? 

Regards w Respect

Kudos1 Stats

Re: Norton tells me sytem infected by Coinminer

Thank you for your efforts!

Currently I did the following things (no Norton messages so far)

- Change the ownership of the WindowsAPPS folder to my current account

- Installed Unlocker

- Tried unlocking the folders as in a previous post that contain anything that had to do with Coins or Crypto. The software told me that there was nothing to unlock but gave me the option to remove the folder. I did that.

- Changed ownership back to origional state.

I could not find any way possible to remove the folder in a "normal" way. Not via safe mode, not via CMD in admin mode. Only way I had succes was via the Unlocker software.

I would still like to hear from you if you get a response from te Norton team.

Kind regards,

Remco

Kudos0

Re: Norton tells me sytem infected by Coinminer

FWIW ~

When you uninstall a desktop app (program), it will uninstall it for all users on the PC.
When you uninstall a Windows app (ex: from Store), it will uninstall it for only your user account since each Microsoft account owns their own modern apps like a smart phone. There are options in the tutorial to uninstall Windows apps for all users and new users.
Understand the different apps included in Windows 10

https://www.tenforums.com/tutorials/4689-uninstall-apps-windows-10-a.html

I recall Brink wrote:

Unfortunately, some of the default apps that Windows uses cannot be uninstalled. 
If you already uninstalled an app for your account, it also won't let you uninstall it for all users from within your account afterwards.

https://www.tenforums.com/tutorials/4689-uninstall-apps-windows-10-a-42.html#post1388740
 

Remcove: - Installed Unlocker

curious, which Unlocker? 

Kudos1 Stats

Re: Norton tells me sytem infected by Coinminer

Hello,

Thanks for the post again. I vagely remember installing that Crypto Chart app so that should be why it was on my system. I indeed could not remove it any further without doing it "manually". 

As of now I didn't get any more messages from Norton telling me about the coinminer so I guess it is fixed. The unlocker/guide I used was found via: https://www.sitepoint.com/force-windows-delete-file/ Step 1 didn't work for me so I tried step 2 and that worked.

Kind regards,

Remco

Kudos0

Re: Norton tells me sytem infected by Coinminer

Thanks 

Kudos0

Re: Norton tells me sytem infected by Coinminer

I am in the USA....  A few days ago I began being harassed by Norton 360 pop ups to keep warning me that Norton's 360 has blocked a Web attack - CSCoinminer Website.  It tells me in "details"  ... "no action is required"

It happens almost everywhere I browse now!  It even happened when I entered this thread!!!!   

Its become annoying. Like swatting gnats and flies.... No sooner I click off the warning box,  another one soon pops up.

It happens both at home on my PC, and on my laptop at work.  Started only about three days ago.  Its why I am here.

    thanks,  Gene

Kudos0

Re: Norton tells me sytem infected by Coinminer

These attacks are usually from some malformed ads on a web site you are visiting. Nothing is downloaded and the issue goes away when you close that browser tab. You might be able to help stop these attacks by installing an ad blocker extension in your browser.

Just to be sure, start with a full system scan with Norton. Then I would suggest a second opinion scan using the FREE version of Malwarebytes. You can find it here https://www.malwarebytes.com/premium/

If you wish, you can disable the Premium version trial to use the product as an on demand scanner by using the instructions here.  https://support.malwarebytes.com/docs/DOC-1033

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Norton tells me sytem infected by Coinminer

I have done all that.   Malwarebytes, and Norton's full scan. 

When I came back here to see your response the same thing just happened again HERE! 

Kudos0

Re: Norton tells me sytem infected by Coinminer

Do you have any other browser tabs open while posting here? It is probably one of the other tabs that would be involved with the attacks.

Clear your browser cache and restart the browser again. Then if you still see these attacks, try adding an ad blocker to your browser. 

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: Norton tells me sytem infected by Coinminer

I have an ad blocker... I clear my cache often.  I can do as you say and it will make no difference.

It only started a few days ago....  

I just tried IE and noticed its not happening with it.  I use Firefox as my main browser.

Kudos1 Stats

Re: Norton tells me sytem infected by Coinminer

I found the cause in my case.  I use Firefox.  It does not happen in the IE browser.   So, I began a specific search in reference to Firefox. 

One add on I had -  You Tube Best Video Downloader 2.   I disabled it, and the Norton warnings stopped.

Kudos0

Re: Norton tells me sytem infected by Coinminer

genez: I am in the USA....  A few days ago I began being harassed by Norton 360 pop ups to keep warning me that Norton's 360 has blocked a Web attack - CSCoinminer Website. 

CSCoinminer Website ?
https://www.symantec.com/security_response/attacksignatures/#C
Maybe, JSCoinminer Website
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30548

Please post screenshots like thread starter Remcove.   
Note: Remcove event appear related to Ravaga Crypto Chart.

Note: thread starter Remcove reported
System Infected: CoinMiner Activity 8
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30875

Posted: 18-Jul-2018 | 6:56AM •
Hello,
Thanks for the post again. I vaguely remember installing that Crypto Chart app so that should be why it was on my system. I indeed could not remove it any further without doing it "manually".  As of now I didn't get any more messages from Norton telling me about the coinminer so I guess it is fixed. 

https://community.norton.com/en/comment/7952701#comment-7952701 

Kudos0

Re: Norton tells me sytem infected by Coinminer

genez: I found the cause in my case.  I use Firefox.  It does not happen in the IE browser.   So, I began a specific search in reference to Firefox. 

One add on I had -  You Tube Best Video Downloader 2.   I disabled it, and the Norton warnings stopped.

YouTube Best Video Downloader 2 for Firefox recently received an update which causes it to load three “tracking/analytics” scripts on Every page you view. One forum thread mentions this script carries out Cryptocoin mining, [...]

https://www.youtube.com/watch?v=IyKTlNqH9kE 

Kudos0

Re: Norton tells me sytem infected by Coinminer

Yup!       And,   that video also helped me better understand a function of the uBlock software.

Kudos0

Re: Norton tells me sytem infected by Coinminer

genez:

Yup!       And,   that video also helped me better understand a function of the uBlock software.

https://www.dailywoke.com/how-to-use-ublock-origin-to-block-all-ads-complete-guide/

~ uBlock Origin Medium mode
https://github.com/gorhill/uBlock/wiki/Blocking-mode:-medium-mode 

~ and for uBlock Origin help 
https://www.wilderssecurity.com/threads/ublock-a-lean-and-fast-blocker.365273/page-138

Kudos0

Re: Norton tells me sytem infected by Coinminer

Remcove:

As of today I'm getting messages from my Norton security that my system is infected. It states: System infected: Coinminer Activity 8.

In relation to submission 99567.
Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.
The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate
Please note that whitelisting can take up to 24 hours to take effect.
Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape. 
Sincerely,
Symantec Security Response

This thread is closed from further comment. Please visit the forum to start a new thread.