Message Image

Skip main navigation (Press Enter).

Advanced Threat Protection

View Only

Back to discussions

Expand all | Collapse all

PUA.JScoinminer regedit entry

Sym AntecJan 31, 2018 04:05 AM

Hi all, This week Symantec client detected a possible PAU.Jscoinminer attack, of course the *.htm ...

ℬrίαηJan 31, 2018 11:59 AM

You'll need to open a support case so they can review.

1. PUA.JScoinminer regedit entry

0 Recommend
Sym Antec
Posted Jan 31, 2018 04:05 AM
| view attached

Reply Reply Privately
Hi all,

This week Symantec client detected a possible PAU.Jscoinminer attack, of course the *.htm file detected was placed on quarantine. And we thougt that it did not infect the PC. And cheking regedit values we saw and strange entry on this path:

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\AV\Storages\Filesystem\RealTimeScan\4294908528

That entry has information related to PAU.JScoinminer virus. Our doubt is, why symantec client add an entry about that virus?, or is not client? .

S.O: Windows 10 64bits.

SEP: 12.1.6

We attached a JPG file of that entry.

Thanks in advanced.
2. RE: PUA.JScoinminer regedit entry

0 Recommend
ℬrίαη
Posted Jan 31, 2018 11:59 AM

Reply Reply Privately
You'll need to open a support case so they can review.

Copyright 2019. All rights reserved.

Powered by Higher Logic