Avast WEBforum

Other => Viruses and worms => Topic started by: hrishikesh.chogle on January 06, 2019, 08:00:28 PM

Title: Unwanted pop up coming https://cgg.peakexc.com
Post by: hrishikesh.chogle on January 06, 2019, 08:00:28 PM
Dear Friends,

My System got Infected with some kind adware/worm which is so irritating whenever i click on link or button on chrome it opens below link
if someone has a solution on it then please let me know

hxtps://cgg.peakexc.com/fep.php?rd=suyyap.peak-serving.com&id=15467992465907150309532881&tid=4143&t=imp&end=1
Title: Re: Unwanted pop up coming https://cgg.peakexc.com
Post by: DavidR on January 06, 2019, 08:20:42 PM
First, please break the active link to a suspect site, change the https:// to hxxps://.

- This needs further analysis by a malware removal specialist:
Go to this topic https://forum.avast.com/index.php?topic=194892.0 for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and  attach the logs here, not in the LOGS topic.
Title: Re: Unwanted pop up coming https://cgg.peakexc.com
Post by: polonus on January 06, 2019, 09:38:29 PM
Launcher Infection probably - Malware.HighConfidence, malware posing as being legit.

See: https://www.virustotal.com/#/domain/cgg.peakexc.com

As DavidR says, provide a qualified remover here with demanded for logs,
so he can guide you through the malware removal step by step.

polonus
Title: Re: Unwanted pop up coming https://cgg.peakexc.com
Post by: Be Secure on January 07, 2019, 05:36:22 PM
No alerts detected but this site has a bad reputation on AOS.(suspicious) good work avast ;)
https://urlquery.net/report/3add8f91-f1e4-428d-b8af-36bc67367151 (https://urlquery.net/report/3add8f91-f1e4-428d-b8af-36bc67367151)
Title: Re: Unwanted pop up coming https://cgg.peakexc.com
Post by: polonus on January 07, 2019, 06:02:10 PM
Hi Be Secure,

Tested this bootstrap javascript file as HTML file inside beaker browser and it created an endless loop starting any YouTube file (starting over and over again). Then scanned it at VT and it was not detected: https://www.virustotal.com/#/file/1b33e1f12cd0f22d2d913365be2a2518cc8d77ffac384b606251e810615699c1/details
Is it unicode going under the detection radar...

polonus