Jump to content

Recommended Posts

Posted

Yesterday my desktop was logged on to TVF, nothing else was running - I use TOT fibre.

 

Bitdefender Internet Security flashes a message to say it's blocked a malicious website which it shows as https://api.aalbbh84.info/lib/main.js (which looks very much like an api).

 

Over the next ten minutes I get the same message several times so I come out of TVF and the messages stop. I scan for virus and malware, clean temporary files and reboot, after an hour nothing unusual has happened. I start up TVF again and after 45 minutes the attacks start again, they appear to be a bitcoin data miner!

 

Anyone, TVF is this your api that shows a false positive or something else entirely?

Posted

Twenty-one minutes after posting it seems that TVF has started doing it again, here's the message from Bitdefender: "This webpage https://api.aalbbh84.info/lib/main.js is identified as infected with malware. Virus name: Trojan.CoinMiner.I. The webpage has been successfully blocked by Antimalware filter and your PC is now safe".

 

Whatever are you doing?

Posted

I just checked, my wife's laptop is delivering the same message andI'm now getting them from the only site that is running, TVF, about every six minutes or so.

Posted (edited)

Its a virus/redirect trying to get to, download from that website, Try connecting to other sites and see if the same message, use a different browser etc. If its coming from Thaivisa site the reports would say thaivisa.com etc.  Who is on the domain shows it as being in russia, registered 2 weeks ago.

Task manager to see if anything using resources in the background, look for weird additions to startups in msconfig etc.

Is the other computer also running bitdefender ?

 

Edited by Peterw42
  • Like 1
Posted
1 minute ago, Peterw42 said:

Its a virus trying to get to, download from that website, Try connecting to other sites and see if the same message, use a different browser etc. If its coming from Thaivisa site the reports would say thaivisa.com etc.  Who is on the domain shows it as being in russia, registered 2 weeks ago.

Task manager to see if anything using resources in the background, look for weird additions to startups in msconfig etc.

Is the other computer also running bitdefender ?

No problem with any other sites both in country and internationally.

 

Same results using Chrome or Firefox.

 

Laptop is also using same version of (paid for) Bitdefender.

 

Task Manager/resource utilisation looks normal.

 

Am looking at startups etc currently.

 

 

Posted

Maybe malwarebytes, hitman pro etc. My way of thinking, bitdefender is letting a process run so it thinks its ok, but blocking what the process is trying to do.

  • Like 1
Posted
7 minutes ago, Peterw42 said:

Maybe malwarebytes, hitman pro etc. My way of thinking, bitdefender is letting a process run so it thinks its ok, but blocking what the process is trying to do.

MSCONFIG and startup look fine, Zonealarm logs are clean, not running Admin. account.....perhaps it's gods way of telling me I'm spending too much time on TVF. :shock1:

 

Thanks for your input, appreciated.

  • Haha 1
Posted

Go to the root of that site and it says its a javascript miner, so need to get to the bottom of who is dishing it up. Possibly only pops up on sites with Java etc, not somuch the Thaivisa site, rather than something TV sends is triggering it.

 

api.aalbbh84.info

Posted
6 minutes ago, Peterw42 said:

Go to the root of that site and it says its a javascript miner, so need to get to the bottom of who is dishing it up. Possibly only pops up on sites with Java etc, not somuch the Thaivisa site, rather than something TV sends is triggering it.

 

api.aalbbh84.info

Now that's interesting, it seems CoinHave is the name to look for, I wonder who. I think I'll try disabling Java and see what that does.

Posted
6 minutes ago, simoh1490 said:

Now that's interesting, it seems CoinHave is the name to look for, I wonder who. I think I'll try disabling Java and see what that does.

It even gives a sample of the code to add to a website, <script src="SITE_LINK"></script>, if you can find whats adding that code. So thaivisa site loads then something puts that script in and it trys to load etc but bitdefendr blocks etc.

 

The thing that throws me is 2 computers doing it, anything thats recent and common across both, a browser extension etc.

Posted (edited)

No, nothing, the laptop hasn't been used in over a month!

 

I just switched to Explorer to see what happens plus I turned off Java.

Edited by simoh1490
Posted
2 minutes ago, simoh1490 said:

No, nothing, the laptop hasn't been used in over a month!

 

I just switched to Explorer to see what happens plus I turned off Java.

And ?????, dont leave me hanging, lol

 

Posted
13 minutes ago, Peterw42 said:

And ?????, dont leave me hanging, lol

 

Nature called :)

 

No more Bitdefender messages so I'm now switching back to see what happens next.

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...