Avast WEBforum
Other => Viruses and worms => Topic started by: Mwyarm on January 08, 2020, 01:02:12 AM
-
2-3 days ago I started getting an Avast pop-up warning of an aborted connection to:
clients2.googleusercontent.com because it was infected with Other:Malware-gen [Trj]
It states it was found in chrome.exe process. Snapshot of message attached.
I uninstalled Chrome and reinstalled and pop-ups continued.
I download malwarebytes yesterday before finding this forum and ran 2 scans which found some items but did not appear to be related - 29 items were sent to quarantine. Afterwards, the pop-up occurred shortly after.
Today, before finding this forum, I searched the registry and found 2 values under Chrome Extensions pointing to the url noted. I backed up the registry and deleted the 2 extension values, performed a reset of chrome and searched for harmful files. Confirmed the extensions were also deleted in the WIN 10 folder for Chrome. Rebooted and the pop-up occurred again.
I also searched all files\folders under WIN C and I cannot find any reference to URL>
Found this forum and attaching the suggested documents:
MBAM Search Results 3.tx
First.txt
Addition.txt
I cannot seem to find where such redirects are occurring.
-
Any suggestions or ideas beyond a full wipe of the partition and reinstalling windows and all required applications?
-
- Open Notepad (click Start button -> type notepad.exe -> press Enter)
- Copy text from code block below and paste it into Notepad
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
- Go to File -> Save As
- Make sure that UTF-8 is selected as Encoding (left side of Save button)
- Save it as fixlist.txt on Desktop
- Open again FRST and click on button Fix
- Wait until FRST finishes
- fixlog.txt should be genereted and opened. Attach it your post and wait further instructions.
-
Fixlog.txt is attached
-
Hi Mwyarn,
Before a qualified remover is to dive into your log txt, just read this in the mean time:
https://webcookies.org/ssl/report/clients2.googleusercontent.com/191677
We were there before: https://forum.avast.com/index.php?topic=210556.0
Success,
polonus
-
What is system status now?
-
Status is the same. I tried uninstalling Chrome, restarting PC, reinstalled Chrome and I have the same results. It does not happen on Firefox, just Chrome as it referenced in the picture I posted where Avast was able to circumvent the redirect and points to the path of Chrome.exe.
I have tried previously disabling all extensions, include a second pass at removing them completely. That did not work.
I am at a loss of what to try next.
-
It might be Avast false positive. Can you contact their support nad asj them to analyze it?
-
I am sorry but what is nad and asj?
-
I think they are just simple typo's
nad = and
asj = ask
So maybe should read as this:
Can you contact their support and ask them to analyze it?
-
rocksteady is right, it was typo. :/
-
I could not find a help number with Avast so I downloaded and installed ZoneAlarm. Although I was planning to use their tool for access monitoring, they also have a virus shield. I ran it and it found 2 extensions where it detected malware. It automatically went into an advanced repair including rebooting the PC. I then did a second scan to complete a full scan and it found 2 other viruses which it also quarantined. After using my pc yesterday evening and off and on today I have not had any additional occurrences. I don't believe one day is a true test so I will post again in 3-4 days.
That said, each time Avast aborted the connection it would prompt for an upgrade but it never attempted to do a repair - it always asked to click for a paid upgrade. I cannot fault them for wanting a paid subscription as they are not in the business to give everything away for free. I suppose ZoneAlarm will do the same over time. However, since ZoneAlarm found the additional viruses I have decided to trust them more, at least for now. I know everyone speaks highly of Avast Free but it has not served me well. After almost a week of installing and uninstalling many different things, researching the web for how others have solved, I have lost confidence in Avast.
Will post back in 2 days with another update.