Home Support

<  Back to Homepage

AVG Support Community

Share tips and solutions on AVG Products

Have a question?

Community topics

Browse by categories

AVG Gurus

These community experts are here to help

  • (AB) Alan Binch
  • (BA) Borislav Angelov
  • (VB) Vladimir Bartl
  • (SK) Subhadeep Kanungo
  • (MS) Miloslav Serba
ShowAll Questionssorted byRecent Activity
Robert McListerRobert McLister 

Removal of JS:Cryptonight[Trj]

JS:Cryptonight[Trj] detected as a threat when a virus scan is run on MacBook Pro running macOS High Sierra version 10.13.1. Even although it is deleted it reappears the next time the device is switched on and a virus scan is run. How is JS:Cryptonight[Trj] removed once and for all
AvinashAvinash (Avast) 
Hello, Robert.
I apologize for the inconvenience this may have caused. May I know which version of AVG program that you are using? To find out the version you can follow user manual, part 4.3. Menu in the task bar
http://files-download.avg.com/doc/AVG_AntiVirus_for_Mac/avg_avm_uma_en_ltst_03.pdf .

Please also provide us with the screenshot of the threat pop up. Click on this link https://support.apple.com/en-us/HT201361 for instructions on how to take a screenshot. Click on 'Answer' & then click on the 'Image' [mountain symbol] & follow the instructions.
Robert McListerRobert McLister
Hi Avinash

In response to your questions:

AVG Version details are as follows:
  • Version 17.4 (9cf9975e9ca8)
  • Virus databases: 171128-2
  • Last update: November 28, 2017

Snapshot of Threat shown below:
User-added image

It would seem that while the file JS:Cryptonight[Trj] is detected by an AVG virus scan and can be removed what is causing it to be reinstated following a power up is not being detected by an AVG virus scan.

Regards
Robert McLister
Robert McListerRobert McLister
Threat report
Balasubramanian SBalasubramanian S (Avast) 
Hello Robert,

Thank you for being patient.
The threat detected looks like a FP and we are working on a fix which should be released soon.
We appreciate your understanding and patience in this matter.
Josh SmithJosh Smith
I have had this exact same problem. I found out It appeared on my mac after downlading a couple of programs form 3D4Medical through the app store. I hope it is as you say a false positive and not a problem with the programs. 
Akash ChandaAkash Chanda (Avast)
Josh,
Thank you for reaching out to us with your concern.
I would like to confirm that it is a False Positive and will be resolved soon.
William KingWilliam King
I have a similar issue - Macbook Pro High Sierra 10.13.1 JS:Cryptonight can be deleted using Avast but reappears after I reboot. Avast v. 12.9, virus definitions version 17112902
peter trowerpeter trower
I also have a similar issue. Macbook Air MacOS Sierra 10.12.6 (not the upgrade) , this JS:Cryptonight gets deleted by AVG but also reappears after 1 reboot. I thought this was a problem with the upgrade, so why has it suddenly appears on version 10.12.6?
Peter Trower
Balasubramanian SBalasubramanian S (Avast) 
Hello William and Peter,

I understand the inconvenience.
The threat detected looks like a False Positive and we are working on a fix which should be released soon.
We appreciate your understanding and patience in this matter.
peter trowerpeter trower
Thank you for your helpful reply. Its reassuring that its probably a false positive and  you will fix it soon.
 
Josh SmithJosh Smith
Are you guys 100% certain it is a false positive or does it just "looks like" a false possitive but actually could be a real JS:Cryptonight spywere?
Akash ChandaAkash Chanda (Avast)
Josh, I would like to confirm that it is a False Positive.
Kaye SykesKaye Sykes
I'm still getting this error.
MacOS 10.13.1
AVG:
Version 17.4 (9cf9975e9ca8)
Virus databases: 171202-2
Last update: December 2, 2017
Bhuvaneswari VairavanBhuvaneswari Vairavan (Avast)
Hello Kaye,

It would be helpful if you could provide the screenshot of the complete error message to check and assist further. Click on this link https://support.apple.com/en-us/HT201361 for instructions on how to take a screenshot. Click on 'Answer' & then click on the 'Image' [mountain symbol] & follow the instructions.
A LA L
User-added image
A LA L
Hi, 
I've been getting countless quarantine notifications regarding Cryptonight on my Macbook.  
AVG quarantine
Deleting them didn't help.  The quarantined files are in my Google Chrome cache.  I've tried clearing the cache, also to no avail.  Thanks for your help!
Akash ChandaAkash Chanda (Avast)
AL,

Thank you for reaching out to us with your concern.

As the full path of detection is not fully visible from UI, please provide me with the full path. You can copy the path by right-clicking on the detection path and pasting it here or to any text file by the standard way.

Please provide me the OS version by following this article here. Also, provide me the version of the AVG Antivirus for Mac. To find out the version you can follow User Manual, part 4.3. Menu in the taskbar.
A LA L
Hi Akash,

I apologize for never responding!  I was expecting a notification via email and forgot to check back after not having the issue repeat last month.  The issue just occurred again today, and here is the full path:

/Users/Aly/Library/Application Support/Google/Chrome/Default/blob_storage/7f15a91f-ab1d-40d0-9d57-6ab23afd9e0b/0

My OS version is 10.13.2 (17C88)

My AVG Antivirus version is 17.4 (9cf9975e9ca8)

Thank you for your assistance, I greatly appreciate it!
Alok KumarAlok Kumar (Avast)
Hello A L,
I'm sorry for any inconvenience caused. May I know the issue if you're receiving the AVG detection while opening Chrome or is there because of any particular website and also share a screenshot of recent the AVG detection to assist you further. You can post the screenshot here on your topic. Click on 'Answer' & then click on the 'Image' [mountain symbol] & follow the instructions.
Best regards,
Alok.
A LA L
Hi Alok,

It occurs seemingly randomly when I have Chrome open - no pattern with websites.  However, I believe twice it occurred while using the Pinterest Chrome extension.

I don't have a screenshot of the most recent detection, but I have this earlier detection (they all look pretty much the same)

User-added image

Thank you!

 
Bhuvaneswari VairavanBhuvaneswari Vairavan (Avast)
A L,

Thank you for providing the screenshots and providing the details. 
I have forwarded the case to the senior team for getting a suggestion.
You will get a reply soon via email from them. 

Please note the Case Number 05939642 for future reference.
 
A LA L
Thank you for your assistance!
Ask a question
Struggling with non-AVG technology? We can fix that, too!