Threat Prevention A network trojan was detected

Currently reading
Threat Prevention A network trojan was detected

wwwampy

Active member
NAS
DS418play
Router
RT2600ac
From my wife's laptop I'm getting this event every minute:

Code:
alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY Crypto Coin Miner Login"; flow:to_server,established; content:"|7b 22|method|22 3a|"; depth:10; fast_pattern; content:"|22|login|22 2c|"; distance:0; within:9; content:"|22|params|22 3a|"; distance:0; within:10; content:"|7b 22|login"; nocase; distance:0; within:8; content:"agent|22 3a|"; nocase; distance:0; metadata: former_category POLICY; reference:md5,d1082e445f932938366a449631b82946; reference:md5,33d7a82fe13c9737a103bcc4a21f9425; reference:md5,ebe1aeb5dd692b222f8cf964e7785a55; classtype:trojan-activity; sid:2022886; rev:3; metadata:affected_product Any, attack_target Client_Endpoint, deployment Perimeter, tag Bitcoin_Miner, signature_severity Audit, created_at 2016_06_09, malware_family CoinMiner, performance_impact Low, updated_at 2017_10_12;)
Should I be worried? Is this a trojan on the laptop? I started antivirus but it says it's ok.
 

wwwampy

Active member
NAS
DS418play
Router
RT2600ac
Yep, monerohash malware found on laptop... Hm.

MB is popping up notification for that trojan every 30 sec.
 

wwwampy

Active member
NAS
DS418play
Router
RT2600ac
Malwarebytes is the best! Cleaned everything. Maybe I need to reconsider my antivirus program and buy Malwarebytes Premium.

Thank you for pointing me to the right direction, Telos.
 

Telos

Active member
You're welcome. I use Malwarebytes for on-demand scans. I'm not sure I would purchase it for its background protection. But many do.
 

fredbert

Well-known member
Have been using the free Sophos AV for Mac for years, mainly cos it's free and we have friends that use Windows. It's now Sophos Home and free for 3 Macs or 3 PCs. Use a different email account to get another 3. Generally it's been ok and found mail attachments that should have been already blocked as spam.

@wwwampy Good to see your investment in the SRM router has already helped to detect this infection.
 

wwwampy

Active member
NAS
DS418play
Router
RT2600ac
Currently, I'm using F-Secure paid version. Got it from work with license for 3 years. But funny, Malwarebytes found that trojan. No, actually, my router found it first! :)

Yes, I'm cool with RT2600ac. Way better then my previous one and even the wi-fi range is great.
 
Last edited:

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.


Top