Hello, I've contracted JS:Miner-C on my MacBook Air, and can't seem to remove it. Can anyone help with the removal of this from my Mac?
I've Avast installed, but this only seems to detect it and doesn't remove the trojan.
If anyone can help me, I'd be eternally grateful.
Thanks.
Macs do not get infected with viruses. Malware, potentially, but not viruses. Avast may be giving you a "false positive."
However, if you are using Boot Camp with a version of Windows installed, it may be possible that that partition may be infected. Is this the case? If so, you would have to use a Windows-based solution to remove it.
No, I'm not using Windows on my mac. Im worried about it as the macbook is barely a month old.
If I take the macbook into my local apple atore, will they be able to help me out? For peace of mind I want this removing from my mac.
It's your call, but I think you will be wasting your time. Instead, I would remove Avast and not use any AV programs with your Mac ... but if it will help for "peace of mind," by all means bring it in and have them take a look. I would be interested in their findings.
I installed Avast after the JS:miner showed up, so Its not a false detection. My girlfriend used a streaming website, then a new window popped up with a security alert. I thought avast could detect, and remove the problem. Plus anything else that mightve appeared after using the streaming site.
Avast isnt able to remove It, so ill try my local apple store and see if they can help. If they cant help, would resetting the mac to factory settings solve this issue?
Thanks in advance for the replies.
My girlfriend used a streaming website, then a new window popped up with a security alert.
Then it's not just likely, but a 100% certainty you have no such malware on your Mac.
All, repeat, ALL such messages on a web site, or popup from one telling you your computer is infected is pure BS.
There is no software in the world that can detect what is on the remote computer through a web browser. Any and all such messages are scams.
Hello 86T,
That "JS" means it is just a Javascript file. It keeps coming back because you get going back and getting it. Check your Top Sites. Anything listed there is really an active web page. If one of them has a bitcoin miner, then it will be running.
I think theres some misunderstanding here.
To clarify, a pop up appearred from a streaming site with a security error mentioning the js:miner. I closed safari and thought nothing of it. The next day, I installed avast and it detected the js:miner. So its on my macbook somewhere, but avast cant remove it.
Safari also works really slowly in switching between tabs since this ended up on my macbook. Which also leads me to think that I cant simply ignore this issue.
If anyone has a solution for this problem, Id be extremely grateful. Like I said, this is a brand new macbook (less than a month old). So i want to get my macbook back to the state it was in before this happened.
I tried what you suggested, but it still appears.
The thing I find odd is that avast only shows the alert when I launch the instagram app.
Ill go into the store and see if they can shed any light on this.
See if you can figure out from Avast where the offending file is located. Many apps these days are just WebKit apps (a stripped-down Safari). If the file turns out to be in the Instagram web cache, then you might be onto something. It could be a script on an Instagram site.
But regardless, such a script is only going to run while your web browser is active and on that site. Safari's Top Sites feature complicates this issue somewhat. I don't know anything about the Instagram app, but I highly doubt it would run Javascript while the app wasn't running and you weren't on that offending page.
But a really key issue here is that this is just a script. It may not be running on your machine at all - ever. Avast is just reporting the presence of the file. AV companies like to scan your whole disk and report only anything they find, anywhere, that could be a threat to someone, somewhere. That SPAM email you got 3 years ago and forgot to delete has a Windows virus attached. The only safe move is therefore to corrupt your mail database to keep you from accidentally forwarding that e-mail to your Windows friends and infecting them.
What they are doing is taking advantage of end-users' lack of knowledge about how different operating systems work. In most cases, just having files sitting on your disk is harmless - even if they are really malware! There has to be some specific way to trigger them so they can run. There are only a handful of Mac security apps that only look for those triggers instead of scanning your entire disk.
Thanks for taking the time to reply, its really appreciated.
I’m confused about the situation, as it made itself known after using the streaming site. But avast alerts me of its presence when i launch instagram. Unless, like you say, its attached itself to the instagram app somehow.
I understand its technically a dormant script unless i use the specific website thats its linked to. But id like to remove it as i dont want to see a contant treat notification when i use instagram on my macbook.
Ill take it to my local apple store and see if they can help me, or suggest something to remove it. Im curious, would resetting my macbook air to factory settings solve this problem for me? Ive not got very much on it at present, and have everything i do backed up already on external storage. So resetting it wouldnt be a huge deal for me to set in motion.
What I'm saying is that the Instagram app is essentially it's own web browser. The only way to prevent this from happening would be to stop using the Instagram app. However, the file is harmless. I suggest you just ignore it.
JS:Miner-C is Windows only malware. You probably have it as an attachment in an email. Ignore, or find out which email it's in an delete it.
Thanks for the reply. Ill give this a shot and see if it helps.
How to remove JS:Miner-C Trojan from MacBook Air
