Archived

This topic is now archived and is closed to further replies.

Perplexer

ESET NOD32 popup

3 posts in this topic

Got this warning by my ESET NOD32 Antivirus today.

A threat (JS/CoinMiner.BK) was found when Maxthon tried to access a website (config.sync.macthon.com). http://config.sync.maxthon.com/mxconfig/v1/up_blk/32175639/8896D2C0C088BA40B98399F8F33884B4_10.138.203.153?begin=0&end=34189

What does it mean ? Can it be something on my end ?

I WAS using a public http proxy at the time I got this message. I don't think I clicked anything specific before it popped up. It may have appeared when I opened a new tab page and the tiles loaded up. I did get it once again after disconnecting from a proxy (the second popup was the same but the URL was shorter: http://config.sync.maxthon.com/mxconfig/v1/up_blk/32175639/ )

After the two popups, I got no more. But I did get an instance of a grayed out symbol appearing on the right side of the address bar (next to the proxy selector) on the new tab page. The symbol said something like "the page is trying to load a script". I did not allow it.

Could it be something to do with the proxy / traffic through the proxy or is it the sync.maxthon.com page itself ?

maxthon.png

Share this post


Link to post
Share on other sites

Got 2 more later, while again connected to the proxy. Can't tell though if this was just a coincidence or if it would have happened without the proxy as well. After that, I did not get more popups either with or without the proxy.

In all cases the popups warned of addresses under mathon.com , never on any other website.

Another interesting things is that I use Maxthon on a second, separate PC as well. So I then used Maxthon on that second PC to visit the Maxthon website / forum. On that PC I never activated a proxy, but I got the same 2 popups there! Unfortunately I didn't screenshot the URL it was accessing, but I think it was another safeurl.maxthon.com and forum.maxhton.com. Maxthon on that PC does sync with my Maxthon clould account so it did sync all favorites and also the proxy list which I entered on my main PC. But again, I did NOT activate the proxy on the second PC (option "Disable proxy" was always selected). So then why the NOD32 popup on the second PC as well ?

1.png

2.png

Share this post


Link to post
Share on other sites