Avast WEBforum

Other => Viruses and worms => Topic started by: Xanex Caligula on July 01, 2020, 10:43:12 PM

Title: Aborted connection to prefound.org
Post by: Xanex Caligula on July 01, 2020, 10:43:12 PM
Hello. As of the last couple of days (possibly after a Chrome update), I'm getting a Threat Secured notification (see attached) when sometimes opening a new blank or google tab in Chrome. The only thing I've been able to find is one site that says the domain name is about a month old. I haven't noticed any other ill effects, but I can't figure out what this is for the life of me.
Title: Re: Aborted connection to prefound.org
Post by: DavidR on July 01, 2020, 11:10:26 PM
What is shown if you click on the See details option ?

I take it that you aren't trying to connect to this site ?
If not, it could be something trying to connect, new add-on/extensions etc. that needs further investigation.

Whilst not blacklisted this site is considered a medium security risk https://sitecheck.sucuri.net/results/prefound.org

Title: Re: Aborted connection to prefound.org
Post by: Xanex Caligula on July 01, 2020, 11:31:12 PM
Attached is the notification with more details visible. I am not trying to connect to the site. I got this one on a google search for something unrelated.
Title: Re: Aborted connection to prefound.org
Post by: DavidR on July 02, 2020, 12:01:23 AM
It may well be something hidden, a new browser add-on or changed settings.

This needs further analysis by a malware removal specialist:
Go to this topic https://forum.avast.com/index.php?topic=194892.0 (https://forum.avast.com/index.php?topic=194892.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs here, not in the LOGS topic.
Title: Re: Aborted connection to prefound.org
Post by: polonus on July 02, 2020, 01:42:11 PM
No problems: http://ssl-checker.online-domain-tools.com/
But still no connection because of a 403 forbidden.

polonus
Title: Re: Aborted connection to prefound.org
Post by: Xanex Caligula on July 02, 2020, 09:35:53 PM
Alrighty. Here are the logs.
Title: Re: Aborted connection to prefound.org
Post by: DavidR on July 02, 2020, 10:46:11 PM
I have tried to draw attention to this topic.

There may be some delay due to differing time zones and availability of the volunteer malware removal specialists.
Title: Re: Aborted connection to prefound.org
Post by: Sass Drake on July 03, 2020, 05:31:21 PM
Open this URL in Chrome:
chrome://serviceworker-internals/

and clikc on Unregister button for all listed entries.
Title: Re: Aborted connection to prefound.org
Post by: Xanex Caligula on July 06, 2020, 09:42:35 PM
I think I've narrowed it down to a Chrome extension. Hasn't occurred since I disabled it. Don't know what changed in the extension. Thanks for helping, everyone, much appreciated.
Title: Re: Aborted connection to prefound.org
Post by: DavidR on July 06, 2020, 09:48:51 PM
I think I've narrowed it down to a Chrome extension. Hasn't occurred since I disabled it. Don't know what changed in the extension. Thanks for helping, everyone, much appreciated.

You're welcome.

But did you also do as suggested by Sass Drake  ?
Title: Re: Aborted connection to prefound.org
Post by: polonus on July 06, 2020, 10:25:29 PM
Hi Xanex Caligula,

Would be interesting to know what particular extension may have caused that.
By the way can you fill in with the name of that specific extension?

polonus