ShipSpotting.com
Login: Lost Password? SIGN UP
Ship Photo Search
Advanced Search
Pages: 1 [2] 3 4 ... 6
  Print  
Author Topic: Coinhive threat warning  (Read 10498 times)
0 Members and 1 Guest are viewing this topic.
ChasB46
Top Poster
*****
Offline Offline

Posts: 817


View Profile
« Reply #15 on: October 11, 2017, 02:56:02 pm »

Robert re your f_0113ad file ..this is the file reference to one of the files sitting in your browser cache. Depending how often you clean your cache you might have a few in number or thousands. They are small but lots accumulate wasted disc space. Your Norton might just have been cleaning your cache as these files are generally useless as they are kept in a temporary storage area in memory or on disk that holds the most recently downloaded Web pages. Just speeds up you going back to a recent or much older web page ( doesn't go back to the website ) at the expense of your memory or disc space.
Doesn't mean its found virus / trojan ..that would be flagged up.
Report to moderator   Logged
Robert J Smith
Top Poster
*****
Offline Offline

Posts: 5,565


View Profile
« Reply #16 on: October 12, 2017, 12:12:42 pm »

Thanks for your comments.
I've done a complete system scan with no problems found.
Cleared the cache on all browsers.
Still get the f_xxx files being removed, very annoying.
Also get "Web Attach JSCoinminer Download 6" & "Download 8" notification of stopped & removed by my anti virus when I connect to Shipspotting, no other sites.

This has got to be a Shipspotting issue

REgards

Bob
Report to moderator   Logged
Robert J Smith
Top Poster
*****
Offline Offline

Posts: 5,565


View Profile
« Reply #17 on: October 12, 2017, 12:14:12 pm »

Also get

Database Error: Got error 28 from storage engine
File: /www/www/smf1/Sources/Subs-Post.php
Line: 1410

when posting the above although the post is successful

Report to moderator   Logged
andrecas
Quite a regular
**
Offline Offline

Posts: 57


View Profile
« Reply #18 on: October 12, 2017, 01:03:14 pm »

In spite system update and regular cleansing of cache, anti virus components still constantly blocking "coinhive". Happening only on Shipspotting and none of the other sites visited...
Report to moderator   Logged
Graham Darling

Offline Offline

Posts: 1



View Profile
« Reply #19 on: October 12, 2017, 05:57:56 pm »

Everytime I log into shipspotting I get pop up saying Norton has blocked an attack by web attack JS Coinminer Download 8..  I am using adblocker and have cleared my file history and cache but as soon as I click on shipspotting the pop up is back..
Report to moderator   Logged
Patrick Hill
Top Poster
*****
Offline Offline

Posts: 520



View Profile WWW
« Reply #20 on: October 12, 2017, 06:07:40 pm »

Virus scan (McAfee and Malwarebytes) finds nothing, Chrome cleared and reset but still get this issue from home page. Malwarebytes blocks multiple outward events while processor goes full ahead. Sad Adblock plus in use.

Only happens on photo pages.
Report to moderator   Logged
Richard Paton
Top Poster
*****
Offline Offline

Posts: 1,012



View Profile WWW
« Reply #21 on: October 12, 2017, 06:12:56 pm »

Whilst coinhive is not malicious it seems to be embedded into this website, and as such it's a pest.

To me this site is now compromised with adware, and that's a real shame.

I still get the pop up to, not all the time but occasionally, this is despite having the coinhive blocker working.  Sad

Will there be a plan to rid the site of this?, or will we just have to accept it as the norm from now on?

« Last Edit: October 12, 2017, 06:15:55 pm by Richard Paton » Report to moderator   Logged

ChasB46
Top Poster
*****
Offline Offline

Posts: 817


View Profile
« Reply #22 on: October 12, 2017, 08:21:21 pm »

Coin_hive is designed not to be found and removed; and further injects an in-browser Miner Trojan. Its now being used by cyber-criminals and "injected" with a tweaked Java script.
Once its "allowed" in its not only in your browser (the usual route in) but hides itself within your system. You can detect when its "onboard" with extremely high CPU and graphics use, thus diminishing the life of your motherboard through stress. Once the miner starts it does not stop ..why your CPU hits 100%. There is protection with some adblockers and very recently updated antivirus programmes BUT if its already in your system its designed to be hidden and guards itself against removal.
If you are tech savvy you need to delve/search  into your system looking for variations of coin-hive ( there are many derivations now) and also into your registry (dangerous if you do not know what you are doing).
Your best chance .... Q. When did you last make a backup of your system or system restore point?   If you have one prior to when you first noticed the problem, roll your system back. Then install the ad blockers you failed to use previously before browsing. Of course you do regularly make system backups?
Report to moderator   Logged
Richard Paton
Top Poster
*****
Offline Offline

Posts: 1,012



View Profile WWW
« Reply #23 on: October 12, 2017, 08:39:26 pm »

Chas yes i have backup points before the problem arose, so will try that suggestion as a solution.

Thanks for your input and advice, it's much appreciated.
Report to moderator   Logged

ChasB46
Top Poster
*****
Offline Offline

Posts: 817


View Profile
« Reply #24 on: October 12, 2017, 09:44:23 pm »

Richard,wish you all success with system restore. See previous postings re advisory software to install before hitting the browser too hard. eg Adblock Plus or similar, Coin Hive blockers specific for Firefox, Opera, Chrome etc; and Admuncher. Personally I would start by downloading and installing Admuncher. Then the others as browser use would be less intensive just downloading one file and that would protect while searching for others. Direct source https://www.admuncher.com ... saves you using browser to search etc.
Report to moderator   Logged
Pieter Inpyn
Photo Corrections
Top Poster
*****
Offline Offline

Posts: 1,870


View Profile
« Reply #25 on: October 14, 2017, 09:11:24 am »

Because I am under constant attack with this Coin-thing and Odessa.htm-warnings, I will stop using this website, posting pictures and end my work as photo-editor for some time.
I hope that I can return to the website after the admin/webmaster/ICT-master or who ever can send me a solution for this plague, suitable for a digital nitwit like me.
Regards,  Pieter Inpyn
Report to moderator   Logged

.........
Patrick Hill
Top Poster
*****
Offline Offline

Posts: 520



View Profile WWW
« Reply #26 on: October 14, 2017, 09:57:36 am »

I have reset my system to an earlier restore point, run McAfee and Malwarebytes checks (nothing found) confirmed AdBlock Plus still working. I will not however open any photo pages until it has been confirmed that this issue has been resolved. There isn't an issue with this forum page if accessed directly, the issue only seems to be on any page with images (main page, photos, and your own photo pages) so I suspect somehow embedded in image viewing code?

Hope this helps.

Patrick
Report to moderator   Logged
ChasB46
Top Poster
*****
Offline Offline

Posts: 817


View Profile
« Reply #27 on: October 14, 2017, 11:12:16 am »

Firstly I have no association with the programmes used in this remedial work. Its going to take time on your part but the programmes are free (download from reputable sources). Hitman Pro is free for 30 day trial. https://malwaretips.com/blogs/remove-coin-hive-miner/  . The longer coin hive is in your system the more it buries itself into more & more places.
Report to moderator   Logged
Henrik Soderberg
Administrator
Quite a regular
*****
Offline Offline

Posts: 61


View Profile
« Reply #28 on: October 14, 2017, 07:54:03 pm »

Hi all,

I would just like to say that the problems some of you are experiencing is caused by bad ads added by our third party ad agencies. We are working on finding the exact source, to be able to block this out.

The Error from database is now gone. It is not related to the coinhive problem.

Regards,
Henrik
Report to moderator   Logged
Pilot Frans
Top Poster
*****
Offline Offline

Posts: 15,380


View Profile WWW
« Reply #29 on: October 14, 2017, 11:43:20 pm »

Thanks Hendrik for you update and all the input you put into it.

regards
Frans
Report to moderator   Logged

Pages: 1 [2] 3 4 ... 6
  Print  
 
Jump to:  


Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.05 seconds with 20 queries.
Copyright © 2010 All rights reserved