Written by Tomas Meskauskas on (updated)
What is JSMiner-C?
First detected by Avast, JSMiner-C is malware that helps developers to mine cryptocurrency. JSMiner-C is essentially designed to cause redirects to malicious sites that mine Monero cryptocurrency.
These sites are not limited to mining cryptocurrency - they also proliferate potentially unwanted adware-type programs (PUPs), deliver intrusive advertisements, and collect various sensitive data.
In fact, the computer essentially becomes unusable, since mining cryptocurrency typically takes up to 100% of CPU power. This results in little or no remaining resources for operation of other applications, and continual crashes. Users are unable to properly use the computer, and also receive no revenue - all mined cryptocurrency goes to cyber criminals.
Recently, such scam models have became very popular due to the success of cryptocurrencies, the prices of which have increased tens or even hundreds of times during the last year. For instance, Monero's price jumped from ~$22 (May 1st, 2017) to ~$355 (January 1st, 2018).
JSMiner-C is not the only malware related to cryptocurrency mining - you can find more information on this topic here.
In any case, if you continually encounter pop-ups stating that anti-virus software has detected a JSMiner-C infection, there is a high probability that you will be continually redirected to cryptocurrency-mining websites and your system is infected with various adware.
Malicious sites are likely to proliferate adware-type PUPs. These applications also have identical behavior - they deliver intrusive advertisements and record various data. The websites and PUPs deliver coupon, banner, pop-up, and other deceptive ads. The ads often lead to other malicious sites and run scripts that download and install malware.
Therefore, clicking them can result in high-risk computer infections. In addition, ads delivered by PUPs often conceal underlying website content, thereby significantly diminishing the Internet browsing experience.
Furthermore, malicious websites and rogue programs gather Internet Protocol (IP) addresses, Internet service providers (ISPs), geographic locations, website URLs visited, queries entered into search engines, keystrokes, and other information that typically includes personal information.
The collected data is later sold to third parties (potentially, cyber criminals) who generate revenue by misusing confidential details.
Therefore, information tracking can lead to serious privacy issues or even identity theft. If you continually encounter redirects to suspicious websites, observe intrusive advertisements, and experience a reduction in system performance, immediately eliminate all dubious applications/browser plug-ins and scan the system with a legitimate anti-virus/anti-spyware suite.
|Threat Type||Trojan, Password stealing virus, Banking malware, Spyware|
|Symptoms||Trojans are designed to stealthily infiltrate victim's computer and remain silent thus no particular symptoms are clearly visible on an infected machine.|
|Distribution methods||Infected email attachments, malicious online advertisements, social engineering, software cracks.|
|Damage||Stolen banking information, passwords, identity theft, victim's computer added to a botnet.|
|Malware Removal (Windows)||
To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
There are dozens of adware-type applications, all of which are virtually identical (e.g., Best Results, BrowseSuggest, Internet Quick Access, and many others).
By offering various useful features, these potentially unwanted programs attempt to give the impression of legitimacy, however, they deliver no real value for regular users. Adware is designed only to generate revenue for the developers. Rather than enabling the functionality promised, it poses a threat to your privacy and Internet browsing safety.
How did JSMiner-C infect my computer?
PUPs are proliferated using intrusive advertisements and a deceptive marketing method called "bundling". Therefore, due to the lack of knowledge and careless behavior of many users, they often infiltrate systems without permission. "Bundling" is stealth installation of third party software together with regular apps.
Developers hide "bundled" programs within "Custom/Advanced" options (or other sections) of the download/installation processes. Many users rush these procedures and skip steps. In addition, they click dubious links/advertisements, since they are not aware of the possible consequences. This careless behavior often leads to various computer infections.
How to avoid installation of malware?
The key to computer safety is caution. Therefore, pay close attention when browsing the Internet and downloading/installing software. Bear in mind that intrusive advertisements look legitimate, however, they are easy to distinguish, since most lead to gambling, adult dating, pornography, and other dubious sites.
If you encounter such advertisements, immediately remove all suspicious applications and browser plug-ins. Furthermore, never rush when downloading and installing software. Select "Custom/Advanced" settings, closely analyze each window of the dialogs, and cancel all additionally-included programs.
You are advised to download your programs from official sources only, using direct download links. Unofficial downloaders/installers are used to proliferate malware (the "bundling" method) and, therefore, these tools should not be used. Having a legitimate anti-virus/anti-spyware suite installed on your computer is also paramount.
If you believe that your computer is infected with JSMiner-C, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated malware.
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced computer skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
- What is JSMiner-C?
- STEP 1. Manual removal of JSMiner-C malware.
- STEP 2. Check if your computer is clean.
How to remove malware manually?
Manual malware removal is a complicated task, usually it's better to let antivirus or anti-malware programs do it automatically. To remove this malware we recommend using Combo Cleaner Antivirus for Windows.
If you wish to remove malware manually, the first step is to identify the name of the malware that you are trying to remove. Here's an example of a suspicious program running on user's computer:
If you checked the list of programs running on your computer, for example using task manager and identified a program that looks suspicious you should continue with these steps:
Download a program called Autoruns. This program shows auto-start applications, Registry and file system locations:
Restart your computer into Safe Mode:
Windows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click Restart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you see the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.
Video showing how to start Windows 7 in "Safe Mode with Networking":
Windows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type Advanced, in the search results select Settings. Click Advanced startup options, in the opened "General PC Settings" window, select Advanced startup. Click the "Restart now" button.
Your computer will now restart into the "Advanced Startup options menu". Click the "Troubleshoot" button, and then click the "Advanced options" button. In the advanced option screen, click "Startup settings". Click the "Restart" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode with Networking.
Video showing how to start Windows 8 in "Safe Mode with Networking":
Windows 10 users: Click the Windows logo and select the Power icon. In the opened menu click "Restart" while holding "Shift" button on your keyboard. In the "choose an option" window click on the "Troubleshoot", next select "Advanced options". In the advanced options menu select "Startup Settings" and click on the "Restart" button.
In the following window you should click the "F5" button on your keyboard. This will restart your operating system in safe mode with networking.
Video showing how to start Windows 10 in "Safe Mode with Networking":
Extract the downloaded archive and run Autoruns.exe file.
In the Autoruns application click "Options" at the top and uncheck "Hide Empty Locations" and "Hide Windows Entries" options. After this procedure click the "Refresh" icon.
Check the list provided by Autoruns application and locate the malware file that you want to eliminate.
You should write down it full path and name. Note that some malware hides their process names under legitimate Windows process names. At this stage it's very important to avoid removing system files. After you locate he suspicious program you want to remove right click your mouse over it's name and choose "Delete"
After removing the malware through Autoruns application (this ensures that the malware won't run automatically on the next system startup) you should search for the malware name on your computer. Be sure to enable hidden files and folders before proceeding. If you find the file of the malware be sure to remove it.
Reboot your computer in normal mode. Following these steps should help remove any malware from your computer. Note that manual threat removal requires advanced computer skills, it's recommended to leave malware removal to antivirus and anti-malware programs.
These steps might not work with advanced malware infections. As always it's better to avoid getting infected that try to remove malware afterwards. To keep your computer safe be sure to install latest operating system updates and use antivirus software.
To be sure your computer is free of malware infections we recommend scanning it with Combo Cleaner Antivirus for Windows.
▼ Show Discussion