JDownloader Community - Appwork GmbH
 

Reply
 
Thread Tools Display Modes
  #1  
Old 26.06.2020, 18:33
plaintext plaintext is offline
BugMeNot Account
 
Join Date: Sep 2016
Posts: 189
Default FlashX / Trojan:HTML/CoinMiner

Guten Tag,

das erste Mal dass bei mir der Windows Defender anspringt und dann ausgerechnet wg JDownloader.

Code:
Erkannte Bedrohung: Trojan:HTML/CoinMiner

file: C:\Users\XXX\AppData\Local\JDownloader 2.0\logs\1593162550263_Fri, Jun 26, 2020 11.09 +0200\flashx.net_jd.plugins.hoster.FlashxNet.log.0
Habe den Windows Defender es entfernen lassen und anschließend mit Malwarebytes eine Suche gemacht (keinen CoinMiner gefunden).

Was nun?

Panik?

FlashX habe ich nicht besucht. Eigentlich noch nie.

Um die Uhrzeit (zwischen 11 und 13 Uhr ca), die im Log-Dateinamen zu lesen ist, habe ich einen Quelltext von dailymotion.com mit JD2 eingelesen um alle Suche-Treffer in die Warteschleife zu bekommen. Danach war ich afk.

Außerdem war ich nach einer Google-Suche zu dem Zeitpunkt auf xcine.tv - allerdings ohne Interaktion mit JDownloader.

Würde mich freuen, wenn mir jemand sagen könnte, ob das an dem FlashX Plugin liegt, am JDownloader, an einem JDownloader plugin oder ob ich noch irgendwelche Maßnahmen treffen sollte.

Vielen Dank schonmal!
Reply With Quote
  #2  
Old 26.06.2020, 19:59
raztoki's Avatar
raztoki raztoki is offline
English Supporter
 
Join Date: Apr 2010
Location: Australia
Posts: 17,213
Default

the logs are source code from said provider, they are harmless. It has been covered on the forum numerous times before.

some of my responses to this query in the past
https://board.jdownloader.org/showth...=logs+harmless
https://board.jdownloader.org/showth...=logs+harmless
__________________
raztoki @ jDownloader reporter/developer
http://svn.jdownloader.org/users/170

Don't fight the system, use it to your advantage. :]
Reply With Quote
  #3  
Old 26.06.2020, 20:53
plaintext plaintext is offline
BugMeNot Account
 
Join Date: Sep 2016
Posts: 189
Default

Sorry, I searched for "Trojan:HTML/CoinMiner" and shortend but didnt find any results.

But:
Somehow as I scanned dailymotion-source there must have been a link to FlashX in the code. Because as I took a closer look at the offline-links-container, there was a file called "downloadthis" with the url of **External links are only visible to Support Staff****External links are only visible to Support Staff**.

As I tried to copy the url into this board, JDs clipboard scan scanned it again (smh) and the Windows Defender immediately reacted the same way again.

Does this mean the flashx site is infected and if I would go on this page and run it, my PC would get invected too? Because when I google CoinMiner and FlashX there was some underground-blogs that posted about malware on flashx in the past.
Reply With Quote
  #4  
Old 27.06.2020, 05:57
raztoki's Avatar
raztoki raztoki is offline
English Supporter
 
Join Date: Apr 2010
Location: Australia
Posts: 17,213
Default

I cant speak for your personal web browser software, but from JDownloaders perspective any of these websites that get triggered by defender (or other av software) is totally harmless. The way JD works is not how your traditional browser works, so even if it had bad components in source code it wont be possible to cause harm. My recommendation is to place a ignore in defender/AV software for 'JD install path/logs/*'

raztoki
__________________
raztoki @ jDownloader reporter/developer
http://svn.jdownloader.org/users/170

Don't fight the system, use it to your advantage. :]
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 06:45.
Provided By AppWork GmbH | Privacy | Imprint
Parts of the Design are used from Kirsch designed by Andrew & Austin
Powered by vBulletin® Version 3.8.10 Beta 1
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.