- Jan 6, 2017
- 835
Help pls. Adguard Bug or smth.
- Thread starter Rengar
- Start date
- Status
- Jan 6, 2017
- 835
This site has a russian domain. I found the ip. I blocked the site via hosts list. Adguard stopped the pop ups. But why a russian site was trying something like that? 
Is the block only popping up on a certain site? If so the site could be compromised; probably some malicious iframe redirecting to the blocked site.
If it's popping up constantly on all sites (or even when your browser's isn't open) I suggest firing up some second opinion scanners and seeing if they pick up anything.
If it's popping up constantly on all sites (or even when your browser's isn't open) I suggest firing up some second opinion scanners and seeing if they pick up anything.
- Jan 6, 2017
- 835
See the picture. Only that site.
Probably nothing to worry about then. The site's being blocked and assuming it's an infected page it can't download anything onto your system.
If you're that concerned you can run some second opinion scans for some peace of mind but I doubt they'll find anything.
- Jul 27, 2015
- 5,458
One malicious hit on VirusTotal and that's a Webassembly file.
WebAssembly is basically a new programming language (it would appear) which is closer to Assembly but also supports C and C++ which can be used on the web, you can read more about it here: WebAssembly & WebAssembly
I've never used it nor seen malware use it so I cannot provide much assistance past that. Which is a shame really. If it is used for malware somehow then that would be quite smart since it'd be unexpected and out of normal scan radars I'd imagine
If the block request was from browsing then I wouldn't worry about it, although if another running program was responsible (if you know) and you weren't browsing at the time, then I'd do a checkup of the system.
I've never used it nor seen malware use it so I cannot provide much assistance past that. Which is a shame really. If it is used for malware somehow then that would be quite smart since it'd be unexpected and out of normal scan radars I'd imagine
If the block request was from browsing then I wouldn't worry about it, although if another running program was responsible (if you know) and you weren't browsing at the time, then I'd do a checkup of the system.
- Jul 27, 2015
- 5,458
Quote : " We notice some functions that come straight from the Coinhive documentation, such as .hasWASMSupport(), which checks whether the browser supports WebAssembly, a newer format that allows users to take full advantage of the hardware’s capability directly from the browser. If it doesn’t, it would revert to the slower JavaScript version (asm.js). "
Source : Persistent drive-by cryptomining coming to a browser near you - Malwarebytes Labs
If I understand this correct it looks like Coinhiver actually use it if available.
Source : Persistent drive-by cryptomining coming to a browser near you - Malwarebytes Labs
If I understand this correct it looks like Coinhiver actually use it if available.
- Status
