JS/Miner
My latest virus scan found and quarantined a trojan called JS/Miner. Does anyone know how to remove this? Or what it does?
iMac, OS X El Capitan (10.11.6)
My latest virus scan found and quarantined a trojan called JS/Miner. Does anyone know how to remove this? Or what it does?
iMac, OS X El Capitan (10.11.6)
I had the same issue. After poking around the file itself, it seems that your antivirus and the mine detect the javascript of coinhive, a script embedded in webpages using the power of your computer to mine Monero crypto money (a cousin of Bitcoin) for the owner of the website.
I would suggest installing an ad-blocker on your web browser to rid yourself of these king of scripts and ads.
[Edit : bad spelling, veri bad speeling :/ ]
I had the same issue. After poking around the file itself, it seems that your antivirus and the mine detect the javascript of coinhive, a script embedded in webpages using the power of your computer to mine Monero crypto money (a cousin of Bitcoin) for the owner of the website.
I would suggest installing an ad-blocker on your web browser to rid yourself of these king of scripts and ads.
[Edit : bad spelling, veri bad speeling :/ ]
See if you can find the file(s) using one of these programs. If you go Finder/View/Show Path Bar, it will show you where it is located. Once located, delete it.
EasyFind – Spotlight Replacement
I have just had the same issue, flagged up by my Intego Virusbarrier. It is the first time I have ever had malware discovered on my Mac. Most of the websites I have visited today are well-known names that I have visited many times before without problems; and I have made no downloads.
The malware file was shown as: Home ▸ Library ▸ Caches ▸ com.apple.Safari ▸ WebKitCache ▸ Version 11 ▸ Records ▸ A96A6E93C6D1D95967F4D4D86A725C47D7F5BF95 ▸ Resource ▸ 8BF1E1E0EFB2836AA4A4A06B2B3445DA51449878-blob.
Virus barrier was unable to repair the file and I was initially unable to locate it. I ran a full scan and this time it showed up as: Home ▸ Library ▸ Caches ▸ com.apple.Safari ▸ WebKitCache ▸ Version 11 ▸ Blobs ▸ 5DA700392AA09717087380102B0823FF27E3C359
I transferred the file to Quarantine and when Intego could not repair the file, I deleted it. I ran a further full scan which showed my Mac as clear of all malware.
I have since located and searched the Library caches and the malware file is not present in the location indicated.
Has the malware really been removed and is the Mac now safe again?
After doing a little research, my understanding is that the JS/Miner trojan is actually part of a botnet that steals processing time from you (and others) in order to mine for a version of Bitcoin called Monero. It doesn't damage your files, but slows your computer because its using your CPU as an element in a networked "supercomputer" to find and create coin.
That being said, get rid of it.
PS: If you don't need them, delete the time machine backups from around the same time. If you ever restore from one of those backups, I'm told you might restore JS/Miner.
Thanks for both replies. They are helpful and, to an extent, reassuring. I have run further scans on both Mac and Time Machine Back-Up Disk and no malware has been identified. My Mac also seems to be operating at normal speed.
I too have read that there is a Mac Version of the malware which tries to use the power of PC or Mac to mine cyber coins. I am a little disturbed that it might have come from a website that I visit often since it might imply that one of these well-known sites have been targetted.
Thank you again. Again further comments would be very welcome.
I am puzzled how a trojan arrived on my Mac when I made no downloads and, as far as I recall, gave no permission for anything to be loaded into my Mac. Yet I read that trojans can only gain access to a Mac if given permission.
I also read that there are no viruses that enter a Mac uninvited.
Well, to my understanding, its not really a virus; its a bit of Javascript (hence the JS). Lots of pages inject javascript as sub programming to help their design and structure, but not all of it is benign. If you look in your Safari preferences in the security section, you will find the ability to disable javascript. In Chrome, its in the context settings. Miner never goes deeper than your browser, but if its embedded, every time your browser is on, it will force your CPU to handle its calculations.
If you go to any site and look at the source code of any nice page, near the top, you will see a call for "somethingorother.js". These are calls for javascript files that your browser happily loads if allowed. JS/Miner is a Trojan not in the sense that its carrying a hidden load, but more in the sense that its pretending to be something its not.
So, if your preferences say "Enable javascript", you've given it permission.
Thank you. These comments are very helpful. JavaScript is enabled on my Mac. I was going to switch it off but I have now read elsewhere that this will adversely affect the performance of many web sites. If that is true, maybe I have to leave JavasScript enabled but trust my malware checker to identify it should it settle in my Mac. It seems I am damned if I do and damned if I don't!
Actually in order to block this kind of nefarious scripts and all the dubious tracking scripts people tend to use navigator extension to prevent unneeded scripts from running.
The simple choice is an adblocker (at least to of them have add this script to the list of thing blocked), but more powerful combos exist.
Thank you. I will ponder the various adblockers available. I hope they do not conflict with Intego. There seem to be many adblockers that work with Mac but no consensus as to the best.
I read that using Safari Preference Website Reader is a help in reducing the javascript risk so I am using it for now.
I also note that Safari 'Develop' provides an option to clear caches. I am not sure if it clears all Safari caches but I clicked the button and Safari seems to work just the same. 'Develop' also gives various options to monitor javascript but, as an active Mac novice, it is over my head.
Appears to be a Windows thing. So, are you running Windows? If so, check their website for removal instructions.
If you deleted the file and it is actually Windows malware, your computer should be okay.
BTW, there IS a Mac version of JS/Miner according to what I read.
JS/Miner