shellscriptz

a screenshot

Hi - having same issue. Problem is, coinhive programmed their applet to cycle through subdomains - for some reason. I built a little nonprofit mining site based on the coinhive implementation - and malwarebytes will not let you visit the page where the miner exists. https://www.compassionatecrypto.tech/ You may reproduce both of our issues by going here, and attempting to create an exclusion for this. You'll quickly notice that you'd have to create 999 exclusions to get all the subdomains they're cycling through. You'll also notice with a few pings that each subdomain has its own IP address. This issue could be solved by allowing wildcards in exclusions, or allowing a structured data import of exclusions, or perhaps just generating an optional definition that ignores coinhive and authedmine for those who would tread this careful path of allowing this software to execute. Here, a sample of the malwarebytes detection: E7925B7B20032315BA3302B0C7FDA6BBA37A3D9AA16CD7A3BBCBB31842BEB74A { "applicationVersion" : "3.4.5.2467", "clientID" : "", "clientType" : "other", "componentsUpdatePackageVersion" : "1.0.342", "cpu" : "x64", "dbSDKUpdatePackageVersion" : "1.0.4882", "detectionDateTime" : "2018-04-26T15:57:15Z", "fileSystem" : "NTFS", "id" : "", "isUserAdmin" : true, "licenseState" : "licensed", "linkagePhaseComplete" : false, "loggedOnUserName" : "System", "machineID" : "", "os" : "Windows 10 (Build 15063.936)", "schemaVersion" : 8, "sourceDetails" : { "type" : "mwac" }, "threats" : [ { "linkedTraces" : [ ], "mainTrace" : { "cleanAction" : "block", "cleanResult" : "successful", "cleanResultErrorCode" : 0, "cleanTime" : "", "generatedByPostCleanupAction" : false, "id" : "7db6d4d7-496a-11e8-8d89-c86000a458dc", "linkType" : "none", "objectMD5" : "", "objectPath" : "", "objectSha256" : "", "objectType" : "website", "websiteData" : { "blockType" : 12, "ip" : "37.187.165.210", "isInbound" : false, "port" : 51707, "processPath" : "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe", "url" : "ws009.authedmine.com" } }, "ruleID" : -1, "rulesVersion" : "0.0.0", "threatID" : -1, "threatName" : "" } ], "threatsDetected" : 1 } Here: a similar point in the logs: 04/26/18 " 08:51:40.009" 425427687 51d00 51824 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "MWACController.cpp" 1094 "Malicious Website Protection, ipBlockList, 37.187.165.207, ws008.authedmine.com, 51609, Outbound, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" Here: my exclusion (what looks like hex) 00A7CF3BAAE095DBFBE458264E5AA649 02B0C359F6F66575B8EC10A7002A7EF1 034CCADC1C073E4216E9466B720F9849 03E0A0812CDD2AD7261EAF533F7761F6 03FCFBE2C8E71C60F1BC34EB91D07F99 046A78D20889A0B96B84646B2E59729F 04E69D16137C2EB4AC353BE3F9EAA1A6 0575F6FEEE5E04017D6D38440E144CBF 0A903F975BF30F70C36315A3D92A051B 0BF90B3A9F703F23A6AD342B5BC01B26 0CD4882A36D15DAD767E9D77297289CC 0D97759E5A6ABBA62E536D9D3585F04B 0FCF9F3D9518B90FB58CC950FA33998C 12F83B690D2D67F948186A655DC22528 14953FB0442FD7179C36DC126D1E6872 158DD7391F408FA1F38685F4EA237455 1628E2212724449B8ED5E4773919B139 1C5B6815372D0D0EBA9CE18EC2FA9D73 1CDF331C2ED30014F81A6B29ECE49A7D 1D3774C99A21F023E50F78A11AEC855D 20B61524A5A8837DEEC364D03654EA75 2162D735507A707E512F5725FFB67C3B 2252290BC44BEAD16AA1BF89948472E8 23683D629CEA2FC630C790BB18FB99C0 23B28530283FC40E2DC554A5271BD188 249C1C8BD8AC9568E5C5A0EC2FB39018 26A414A2B7FC8AA5475CADB1189F1D02 289A45C59B6481D0ADAEBEE52C7C08E8 29D9E417ABC7FF2ACADF7111928F02E4 2EBF305C037A028D23B54E901A77FC76 2FAFB224F30F7F9C718767EDD6018240 319B1108E328EDFD5002AB4544E59F43 324255A4DEAD441DA3876C055FED22B1 3613076AC79608EF1EA26C9193597DAC 37651F52CCD3E7DFCAC9747F1F5506BA 37666EB6150CF070FA5211D523EDB2DF 37945433C7B7D743B863C54A8CB18DEE 3BC2A3CCDE0CD62B8C8E05683283A25C 3EB1530ECB70951FBF12DBFCF5B6CE3B 3F39234D73C420642275B7DC0B1E981C 4246B1662DDEE1DF479B99161C46F4FC 43DFEB90B3537EA613A1EA823091AA24 4896A40C1EB3BF77D726854E4851A086 4A9770F61FF364C25E9129DE6A185C4B 4AA31094E87BDF320E9DDFE0AA6ECC76 4BD792D4A6B757C133502938C06CAF49 4E4682F1E7A6B6846E0F99612FC41D06 4EE24C7FD67B098431C951DB7686BD19 4F5BD8D491AAE778B358ECE2A1D28F09 4F9C97AD03B3CF13EB4C519CED9A12BB 50754352847B5E71E11ABF4D30407148 53560C9205CD9A362F10CDDAD91BF7BD 535C0EA5CF6FF5105F6D297FADF160E1 5396A1EF484F7102A1B708B4AC529913 55293D6D1DB05E4800F2B62407D61DD7 55ED4864C1D3F6357D9FAFCB4CA09FA8 5782294B0D5B4436EB1E2435C587FC1C 57BF209A6EE8A9512D4E1A36DFA367EB 5E1085CBCF2C80C31CC4EC059C1AC8B3 5F17AFF764132A9B74C07704E4C177A7 6013B3F1FEA8ED5FEF3194B63A486FB4 61DD816FA1B04FA5AAA5A78A287DFA8E 62700FECE4F259431CBA8250B6500C24 65133DA829359A4E4079D965D05BA5BF 65ADDEAC93565EE7C20309E591463006 681343E00D266C5F811320FCA9054370 68FCEB727572063A0336ACFB449AFBD4 695E786411F533045D9FE5A31E3EED75 6A5C2E41065737C5842F4D84FB89FC5A 6B912966E17C324FF6B37F647FFF4CF5 6FF1259AB056E29564406A4C07A47403 7316EAA172DE588080F19387813829E7 75A3E359FBBCC3F88A8775D95ACB9E26 7685248592B310F0EB9874170FC6E993 76AA78F96108AAA7BFDA1542C5550984 76CDC6433506FAA8D0D7A95A3798C6BD 77D4C7979D0D5D82FA58E669808476C4 7B298EFA16AC68E6E9BB02C8D34B9114 826E5391047A722101D48870DE03374B 839C447BAC2FD43C2DCC2E32B7904D13 8643B277423F05B8A34775E93B8B7ABC 866141918B06220D456284430B9A6B5C 87388AD2BDA1A2B37CC7396125E4965B 8839166DCDD9F264639A0946B3D4378B 884C8A04A6B075B5E794710644A703C6 8A14C7DDFC299934ACAB1F4F8BFB8E9E 938AD48B215D52565829B7A163045D5E 9496AC83CA3496984B562932A814A237 95C8BFE19202785B2AA1A73BA014911B 97776CFD9C89D06B57BD624FFF690002 97F9399DD616DF9A2B54A05B2859DBE6 9B9A3CC9D0DBC66C129960A55256DD27 9D8274B19C6F4B3E21E12DE6E378F462 9EA1947855C8A6F1AE1CF3D2E07AF238 9F4BC88598BC55A5603137E2A9602B11 9F7A1813A801D286EC3191FD53B428B8 9FEF04A50F79295C036CF000B0366EF8 A062AB670FFBE6E69C9F6F0E574CA4A5 A53761C54221EECEA9421AECD225F9D5 A7C34601340F9ED6CB2CECA7A34B4BF2 AAA404400F755D066E74A792D221500C ADB48BF471D66FC349D2893813FD998A AE0C754DDE736308D29E791760B0CB6E AFFD149999E57E41A876C47F1AC9AC87 B44C0B2AEEB3334C780A9725DC945EA6 B4688EDAB86010BD1996F0B25DFD97A9 B8C997E772BE343E1664FEE14C1FB9B7 BA87291DEA637E2F1830AFD92530DE32 BCCA302522B7E247DD128A78D9B20F94 BE8981EEB84FD419661C6A441568750C BE9F5E3DC4539B71B1858AC66C81F789 BF3F290275C21BDD3951955C9C3CF32C BFDE31D521AC2796BA2D75D1F7086F08 C0CFA6F0289AF556EF6C34E37FE61569 C2D2C87649E0315B4356B51498882B37 C5C785497A57FC48AB3D11245B90ED09 C6D7D3A24AFF72FE4621BA026B098FAB C6EB5353BCA864D949FEEB50810860DF C8E8F12B364C3A7BA45888FBBC474AAA CB3638541DCAC86EE17FA8258202E20E CE21EA5624B75F707D5AD714F39D8196 D022DF5629EBA1FDA393E19DC9125D39 D0610098E4BD2BB8BB75BCC02B9FDC6F D3AD181D94CDEBF7FD85BF8399B22E21 D4E1305A4BD1FAD809C450DEBBD4F515 D736D938B0059F61CDABE02E7676CAA2 D79108C6128A2C93E42A77F88C2F6D16 D9591620780EA176327838FD7BF3BB15 D9BF61FE2AADDE81475F13E9819124C1 DB6754154DF5E60E19BEA04DBB6774BC DBF5468C0630C890D344BBBC89DAC9D4 DC4417AF85AAA8008E2A07741F4CAA61 DCBB15DFBC08046AF8D10A1135FFA423 DD7B83919ED3F5C6CF4C343A79D6E7BC E2DAF5C1532187F67F067F0342B74B9B E511F8508F13FA0C9F99B0C527DDF89B E643900BB6FC3D452CAB0B9ADB28418C E9A9367D47B9065701E7C99E4CFCB36A EB9D5656688B51ABC5CBA1E6CA8E0CFC EE60596A12B7FB9E69FD0D55C28BC875 F07B83D22A9F2784272C27AE4F1F50BA F195807A46C284971D8395C61328AB7D F4A75777861DF84C3068513358D464A1 F5DC2AE9B6EFF70C6D1A7377ED658049 F65BC9B3BE62DACD657C8BDB1CA14224 F675F4ED4364D11C4CB967F1B4C238EB F7515F67CB096DC981AE91221A7C67E6 F78940628EB76AB6E654C19EE33F2F89 F7CB4D481C03004496EFEA76120EC85E F9388BFB46D2A30A965EED6B5A62A7A6 FAEB00C5A6CCF790652CB591303DABDE FFE48CD06F760596EC6C98460819EE34 7E3F50AFA690166BEE17904BAB1E01C0 2E02156CFEAAF70141F91B894C770AC8 CACC3702B61A1E75ECF7020343D41DBE E4A2856522E6A817E3F0EDD2677FA647 CA0C67BA7AEBA6AED5DDB852E6EEA811 088ed8bbd1a2b05eb466459aa68c3ec6 9E735F008AE8D32184AF78D39ABB67B3 c8b03a37c2320287962f81df3eb215aa 050E6DDC48FDCD458ABCAC2A60D96757 74a57b2ec648a4f655c72e93ffa58c92

obviously this is not feasible for business users, but worked just fine for me. 14 day free trial of V2 is plenty of time for mbam to fix this.

Here's a temporary workaround: 1.) uninstall 2.) reboot 3.) install 2x here's a link : https://downloads.malwarebytes.com/file/mbam_2x 4.) wait

HELLO EVERYONE NOTICE ME THIS IS AN IMPORTANT POST Sorry for caps. Here's a temporary workaround: 1.) uninstall 2.) reboot 3.) install 2x here's a link : https://downloads.malwarebytes.com/file/mbam_2x 4.) wait