i downloaded a malicious software about “coinhive” by mistake. then, Safari start automatically and cannot be closed. How to reslove this problem?
thanks.
You definitely have a malware. Coinhive is not really a virus by itself : it is a JavaScript cryptocurrency miner. Since Coinhive is browser-based, your malware is probably hidden in an extension or somewhere else.
Start by disabling dubious browser extensions and then run an antivirus, like Malwarebytes Anti-Malware.
Related
After installing heroku cli, windows defender gave me a trojan alert Trojan:BAT/Killav.DJ!MSR,
affected file was this:
amsi: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
it said it is removed or restored
after the alert i did a search with Malwarebytes but nothing came up, i was wondering if it was a false positive or is there anything to be worried about.
Thanks.
This happened to me too. It's a false positive as far as I can see and it's nothing to worry about. Heroku is a trusted company.
I found this same trojan while trying to install a browser. It kept turning on the Focus assist feature so that you don't notice it being flagged. To remedy:
I made a quick back up of a couple of vital files to a separate drive. Ones that I really needed from C:\
As of the moment, Windows Defender failed to completely remove it from C:\ which left me with the only other option of resetting my PC and reinstalling Windows.
Luckily, after reseting my PC, none of the antivirus programs picked it up and seemingly, I'm in the clear.
When I try to access every site without using HTTPS. I get a popup from avast telling me they have blocked it.
It says 'JS:Miner-AI[PUP]'. When I try to access google.com (without https) it happens as well.
I have tried the following:
Scan with Avast, adaware and Malwarebytes (used to remove previous versions of js:miner)
Does anyone have any suggestions on what I can do to remove it?
Not sure what is going on but I am sure google.com is not malicious so my best guess is that your computer is infected with malware which tries to inject Javascript/HTML code into every page you visit probably by hooking wininet functions.
Most Malwares inject code into chrome, firefox and internet explorer. one way to check is to install another web browser and check if everything is good in that browser or not. Another way is to restart the computer and run again in safe mode (disable all the start up programs except for AV) and again run your favorite browser to see if the problem solved. if the browser's exe file (chrome.exe or firefox.exe) or any of the their DLLs are infected, then you have to reinstall the browser.
hope it helps :-)
Turns out that the router was infected. Once the router was replaced the problem was solved.
I'm not able to install the browser extension, which is based on the Crossrider API, on a computer with Windows OS. The antivirus software by Symantec warns of a trojan/virus named “Suspicious.Cloud.9” (see picture below).
I guess there is no possibility to change the generation of the Windows install wizard, except requesting a code signing certificate. Crossrider suggests three certification agencies and of them is Symantec itself.
Has/Had anyone the same or a similar problem? Will code signing solve my problem?
Thanks in advance!
Niels
Yes... i know of this issue, Suspicious Cloud 9 and Suspicious Pythia, Which you may also encounter, ARE NOT viruses or Worms, they are Merely a Message that Symantec Generates to simply say "we consider this software suspicious or suspect" and it MAY (MAY being the operative word) Contain Viruses, Now as to the reason why it considers it suspicious, the reasons are many, usually the software doesn't have a lot of Downloads behind it and is therefore untrusted Stuff Like that, You can add an exception in Norton for these things. so that it does install. the other way to do it is to disable Norton During the install, and When it detects it later, allow the instance and Norton will automatically create an exception. Hope that helps
Recently i installed Microsoft Visual Studio 2013 Preview Ultimate on Windows 7. Everything went smoothly except now i can't access www.microsoft.com and www.skype.com anymore. Tried latest IE10 and FireFox, both show blank page when accessing the above mentioned web sites. Firefox in its left bottom corner shows that it is waiting for ajax.aspnetcdn.com.
I'd really like not to reinstall OS on my machine, so i'd appreciate any idea how to fix this. For myself i tried to stop Firewall service and disable MS Security Essentials runtime protection, neither helped.
PS: I can access www.microsoft.com and www.skype.com from another machine in the same local network
UPDATE: i am using tfs.visulstudio.com as my TFS server and it opens fine if i am not signed in. But once i am trying to log in it opens blank, like browser is waiting for something (the same as for microsoft.com and skype.com). Something related to live ID?
Don't think this is the website to post this kind of question but try uninstalling VS2013 preview because you think that's causing the problem. Search in Google for people getting similar problem. I also don't think it is VS2013 because I can't think of anyway of how VS2013 would somehow disable you from going to a certain website. Make sure the sites weren't down at the time or if you're having something kind of Internet server issues.
skype is owned by microsoft, so you can't enter both microsoft pages. This could be related with some kind of ISP (Internet Service Provider) and not with VS2013, or you can try rebooting your router. Last thing i would do is traceroute both address and see where they fall.
I wanted to write this as a comment but I don't have enough reputation yet. Anyway, obviously trying to uninstall the program and trying again would be a good start as already mentioned, but you should also look inside your hosts file for any weird redirections some virus of malware might have set up. It's located at "C:\Windows\System32\drivers\etc" and you can open this inside notepad (might require notepad to be run as an administrator). Check to see if skype.com or microsoft.com are in there and are pointing to a different IP address. If they are you can just remove them and save the file (might require a restart to take effect). If still no luck you should try a livecd of a linux distro to make sure the problem is definitely inside your windows somewhere.
Let us know how it goes.
What would cause FireFox to crash with a signature of RtlpWorkerCallout, crash reason = EXCEPTION_ACCESS_VIOLATION? I'm trying to figure out what feature or plugin would be involved.
The same problem seems to be causing trouble with IE, but not with Chrome.
It turned out to be a conflict with the Firewall portion of Trend Micro Antivirus. I didn't find a workaround. I switched to a different antivirus program.